initial commit

2021-01-28 14:10:11 +02:00 · 2021-01-28 14:10:11 +02:00 · 5b1b201b48
commit 5b1b201b48
11 changed files with 236 additions and 0 deletions
--- a/29
+++ b/29
@ -0,0 +1,29 @@
+FROM alpine:3
+
+ENV S6_OVERLAY_VERSION 2.2.0.1
+ENV S6_OVERLAY_MD5HASH a114568c94d06dc69fdb9d91ed3f7535
+
+RUN apk add --no-cache wget ca-certificates && \
+apk --no-cache --update upgrade && \
+cd /tmp && \
+wget https://github.com/just-containers/s6-overlay/releases/download/v$S6_OVERLAY_VERSION/s6-overlay-amd64.tar.gz && \
+echo "$S6_OVERLAY_MD5HASH *s6-overlay-amd64.tar.gz" | md5sum -c - && \
+tar xzf s6-overlay-amd64.tar.gz -C / && \
+rm s6-overlay-amd64.tar.gz
+
+RUN apk add --no-cache \
+		libdbi-drivers \
+		syslog-ng \
+		syslog-ng-http \
+		syslog-ng-json \
+		syslog-ng-scl \
+		syslog-ng-sql \
+		syslog-ng-tags-parser
+
+COPY /etc/ /etc/
+
+EXPOSE 514/udp
+EXPOSE 601/tcp
+EXPOSE 6514/tcp
+
+ENTRYPOINT ["/init"]
--- a/README.md
+++ b/README.md
@ -0,0 +1,34 @@
+# Logmonitor based on syslog-ng on Alpine Linux
+
+A small Alpine container running syslog-ng configured to log to `/var/log/messages` and optionally to an SQL database.
+
+
+## Usage
+
+Basic usage with the default local destination:
+
+```
+docker run -d --name syslog-ng -p 514:514/udp -p 601:601/tcp -p 6514:6514/tcp logmonitor
+```
+
+Destinations can be enabled or disabled with environment variables specified with `-e`.
+
+
+### Environment variables
+
+* `ENABLE_LOCAL` - set `True` to log to `/var/log/messages` in container (default: `False`)
+* `SQL_HOST` - the IP or domain of the destination SQL server
+* `SQL_PORT` - the port the destination SQL server runs on (defaults to `3306` if not specified)
+* `SQL_USER` - the user name used to access the destination SQL server
+* `SQL_PASSWORD` - the password for the destination SQL server
+
+The SQL destination is enabled automatically when any `SQL_*` environment variable is set, otherwise it is disabled by default.
+
+
+### Persisting data
+
+If you're using the local destination you could mount `/var/log/messages` as a volume (e.g. add `-v syslog-ng_messages:/var/log/messages` to the run command).
+
+The configuration files for destinations are in `/etc/syslog-ng/conf.d/`, however the `d_sql.conf` and `d_local.conf` files are created and deleted as the container starts up, depending on how environment variables are set. If you want to make persistent changes to destinations you'll need to modify the templates these configuration files are created from and these are in `/etc/syslog-ng/templates/`. You can safely add new configuration files for other destinations directly to `/etc/syslog-ng/conf.d/`
+
+The configuration for sources are in `/etc/syslog-ng/syslog-ng.conf`. This file is not modified at container statup so you can make persistent changes there if it's mounted as part of a volume.
--- a/etc/cont-init.d/00_bootstrap.sh
+++ b/etc/cont-init.d/00_bootstrap.sh
@ -0,0 +1,30 @@
+#!/usr/bin/with-contenv /bin/sh
+
+set -e
+
+#User params
+
+#Internal params
+if [ -z "$BOOTSTRAP_COMMAND" ]; then
+	RUN_CMD="/bin/true"
+else
+	RUN_CMD=${BOOTSTRAP_COMMAND}
+fi
+
+# Test for Interactiveness
+if test -t 0; then
+  $RUN_CMD
+
+  if [ "$@" ]; then
+    eval "$@"
+  else
+    export PS1='[\u@\h : \w]\$ '
+    /bin/sh
+  fi
+
+else
+  if [ "$@" ]; then
+    eval "$@"
+  fi
+  $RUN_CMD
+fi
--- a/etc/cont-init.d/00_settimezone.sh
+++ b/etc/cont-init.d/00_settimezone.sh
@ -0,0 +1,9 @@
+#!/usr/bin/with-contenv sh
+
+set -e
+
+#User params
+TIMEZONE=${TZ:="UTC"}
+
+# Set Timezone
+echo "${TIMEZONE}" > /etc/TZ
--- a/etc/cont-init.d/10_syslog_ng
+++ b/etc/cont-init.d/10_syslog_ng
@ -0,0 +1,43 @@
+#!/usr/bin/with-contenv /bin/sh
+
+CONFD=/etc/syslog-ng/conf.d
+TEMPLATES=/etc/syslog-ng/templates
+
+# enable and configure the SQL destination if SQL_* environment variables are set
+if $(env | grep -q SQL); then
+
+	if [ -z ${SQL_PORT+set} ]; then
+		SQL_PORT=3306
+	fi
+
+	cp -f ${TEMPLATES}/d_sql.template ${CONFD}/d_sql.conf
+
+	sed -i "s/SQL_HOST/${SQL_HOST}/" ${CONFD}/d_sql.conf
+	sed -i "s/SQL_PORT/${SQL_PORT}/" ${CONFD}/d_sql.conf
+	sed -i "s/SQL_USER/${SQL_USER}/" ${CONFD}/d_sql.conf
+	sed -i "s/SQL_PASSWORD/${SQL_PASSWORD}/" ${CONFD}/d_sql.conf
+	sed -i "s/SQL_DATABASE/${SQL_DATABASE}/" ${CONFD}/d_sql.conf
+
+# otherwise make sure the SQL destination is disabled
+elif [ -f ${CONFD}/d_sql.conf ]; then
+	rm -f ${CONFD}/d_sql.conf
+fi
+
+DO_ENABLE_LOCAL=true
+
+if [ ! -z ${ENABLE_LOCAL+set} ]; then
+	case $ENABLE_LOCAL in
+		true|True|TRUE|yes|Yes|YES|1|on|On|ON)
+			DO_ENABLE_LOCAL=true
+			;;
+	esac
+fi
+
+# enable the local destination if the appropriate environment variable is set
+if ${DO_ENABLE_LOCAL}; then
+	echo "Logging to /var/log/messages ENABLED."
+	cp --remove-destination ${TEMPLATES}/d_local.template ${CONFD}/d_local.conf
+else # otherwise make sure it's disabled
+	echo "Logging to /var/log/messages DISABLED."
+	rm -f ${CONFD}/d_local.conf
+fi
--- a/etc/services.d/logmonitor/run
+++ b/etc/services.d/logmonitor/run
@ -0,0 +1,8 @@
+#!/bin/sh
+
+while true
+do
+    echo "] ping from logmonitor..."
+    sleep 10
+done
+
--- a/etc/services.d/syslog-ng/run
+++ b/etc/services.d/syslog-ng/run
@ -0,0 +1,2 @@
+#!/usr/bin/execlineb -P
+/usr/sbin/syslog-ng -F
--- a/etc/syslog-ng/conf.d/options.conf
+++ b/etc/syslog-ng/conf.d/options.conf
@ -0,0 +1,9 @@
+options {
+    #use_dns(yes);
+    #use_fqdn(yes);
+    keep_hostname(yes);
+    create_dirs(yes);
+    ts_format(iso);
+    time_reopen (10);
+    chain_hostnames (no);
+};
--- a/etc/syslog-ng/syslog-ng.conf
+++ b/etc/syslog-ng/syslog-ng.conf
@ -0,0 +1,40 @@
+#############################################################################
+# Default syslog-ng.conf file which collects all local logs into a
+# single file called /var/log/messages tailored to container usage.
+#
+# The changes from the stock, default syslog-ng.conf file is that we've
+# dropped the system() source that is not needed and that we enabled network
+# connections using default-network-drivers(). Customize as needed and
+# override using the -v option to docker, such as:
+#
+#  docker run ...  -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf
+#
+
+@version: 3.30
+@include "scl.conf"
+
+source s_local {
+	internal();
+};
+
+source s_network {
+	default-network-drivers(
+		# NOTE: TLS support
+		#
+		# the default-network-drivers() source driver opens the TLS
+		# enabled ports as well, however without an actual key/cert
+		# pair they will not operate and syslog-ng would display a
+		# warning at startup.
+		#
+#		tls(
+#			key-file("/etc/syslog-ng/certs/serverkey.pem")
+#			cert-file("/etc/syslog-ng/certs/servercert.pem")
+#		)
+	);
+};
+
+###
+# Include all config files in /etc/syslog-ng/conf.d/
+###
+@include "/etc/syslog-ng/conf.d/*.conf"
+
--- a/etc/syslog-ng/templates/d_local.template
+++ b/etc/syslog-ng/templates/d_local.template
@ -0,0 +1,11 @@
+destination d_local {
+        file("/var/log/messages");
+        file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
+};
+
+log {
+        source(s_local);
+        source(s_network);
+        destination(d_local);
+};
+
--- a/etc/syslog-ng/templates/d_sql.template
+++ b/etc/syslog-ng/templates/d_sql.template
@ -0,0 +1,21 @@
+destination d_sql {
+	sql(
+		type(mysql)
+		host("SQL_HOST")
+		port("SQL_PORT")
+		username("SQL_USER")
+		password("SQL_PASSWORD")
+		database("SQL_DATABASE")
+		table("logs") 
+		columns("host", "facility", "priority", "level", "tag", "fo", "program", "msg") 
+		values("$HOST", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG","$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG")
+		indexes("fo", "host")
+	);
+};
+
+log { 
+	source(s_local);
+	source(s_network);
+	destination(d_sql);
+};
+