From 5b1b201b48909f4728d2f669c33462e329d0a588 Mon Sep 17 00:00:00 2001 From: Daniel afx Date: Thu, 28 Jan 2021 14:10:11 +0200 Subject: [PATCH] initial commit --- Dockerfile | 29 ++++++++++++++++ README.md | 34 +++++++++++++++++++ etc/cont-init.d/00_bootstrap.sh | 30 +++++++++++++++++ etc/cont-init.d/00_settimezone.sh | 9 +++++ etc/cont-init.d/10_syslog_ng | 43 ++++++++++++++++++++++++ etc/services.d/logmonitor/run | 8 +++++ etc/services.d/syslog-ng/run | 2 ++ etc/syslog-ng/conf.d/options.conf | 9 +++++ etc/syslog-ng/syslog-ng.conf | 40 ++++++++++++++++++++++ etc/syslog-ng/templates/d_local.template | 11 ++++++ etc/syslog-ng/templates/d_sql.template | 21 ++++++++++++ 11 files changed, 236 insertions(+) create mode 100644 Dockerfile create mode 100644 README.md create mode 100755 etc/cont-init.d/00_bootstrap.sh create mode 100644 etc/cont-init.d/00_settimezone.sh create mode 100644 etc/cont-init.d/10_syslog_ng create mode 100644 etc/services.d/logmonitor/run create mode 100644 etc/services.d/syslog-ng/run create mode 100755 etc/syslog-ng/conf.d/options.conf create mode 100755 etc/syslog-ng/syslog-ng.conf create mode 100644 etc/syslog-ng/templates/d_local.template create mode 100644 etc/syslog-ng/templates/d_sql.template diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..97d3298 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +FROM alpine:3 + +ENV S6_OVERLAY_VERSION 2.2.0.1 +ENV S6_OVERLAY_MD5HASH a114568c94d06dc69fdb9d91ed3f7535 + +RUN apk add --no-cache wget ca-certificates && \ +apk --no-cache --update upgrade && \ +cd /tmp && \ +wget https://github.com/just-containers/s6-overlay/releases/download/v$S6_OVERLAY_VERSION/s6-overlay-amd64.tar.gz && \ +echo "$S6_OVERLAY_MD5HASH *s6-overlay-amd64.tar.gz" | md5sum -c - && \ +tar xzf s6-overlay-amd64.tar.gz -C / && \ +rm s6-overlay-amd64.tar.gz + +RUN apk add --no-cache \ + libdbi-drivers \ + syslog-ng \ + syslog-ng-http \ + syslog-ng-json \ + syslog-ng-scl \ + syslog-ng-sql \ + syslog-ng-tags-parser + +COPY /etc/ /etc/ + +EXPOSE 514/udp +EXPOSE 601/tcp +EXPOSE 6514/tcp + +ENTRYPOINT ["/init"] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..4dc72ff --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +# Logmonitor based on syslog-ng on Alpine Linux + +A small Alpine container running syslog-ng configured to log to `/var/log/messages` and optionally to an SQL database. + + +## Usage + +Basic usage with the default local destination: + +``` +docker run -d --name syslog-ng -p 514:514/udp -p 601:601/tcp -p 6514:6514/tcp logmonitor +``` + +Destinations can be enabled or disabled with environment variables specified with `-e`. + + +### Environment variables + +* `ENABLE_LOCAL` - set `True` to log to `/var/log/messages` in container (default: `False`) +* `SQL_HOST` - the IP or domain of the destination SQL server +* `SQL_PORT` - the port the destination SQL server runs on (defaults to `3306` if not specified) +* `SQL_USER` - the user name used to access the destination SQL server +* `SQL_PASSWORD` - the password for the destination SQL server + +The SQL destination is enabled automatically when any `SQL_*` environment variable is set, otherwise it is disabled by default. + + +### Persisting data + +If you're using the local destination you could mount `/var/log/messages` as a volume (e.g. add `-v syslog-ng_messages:/var/log/messages` to the run command). + +The configuration files for destinations are in `/etc/syslog-ng/conf.d/`, however the `d_sql.conf` and `d_local.conf` files are created and deleted as the container starts up, depending on how environment variables are set. If you want to make persistent changes to destinations you'll need to modify the templates these configuration files are created from and these are in `/etc/syslog-ng/templates/`. You can safely add new configuration files for other destinations directly to `/etc/syslog-ng/conf.d/` + +The configuration for sources are in `/etc/syslog-ng/syslog-ng.conf`. This file is not modified at container statup so you can make persistent changes there if it's mounted as part of a volume. diff --git a/etc/cont-init.d/00_bootstrap.sh b/etc/cont-init.d/00_bootstrap.sh new file mode 100755 index 0000000..0fe8196 --- /dev/null +++ b/etc/cont-init.d/00_bootstrap.sh @@ -0,0 +1,30 @@ +#!/usr/bin/with-contenv /bin/sh + +set -e + +#User params + +#Internal params +if [ -z "$BOOTSTRAP_COMMAND" ]; then + RUN_CMD="/bin/true" +else + RUN_CMD=${BOOTSTRAP_COMMAND} +fi + +# Test for Interactiveness +if test -t 0; then + $RUN_CMD + + if [ "$@" ]; then + eval "$@" + else + export PS1='[\u@\h : \w]\$ ' + /bin/sh + fi + +else + if [ "$@" ]; then + eval "$@" + fi + $RUN_CMD +fi diff --git a/etc/cont-init.d/00_settimezone.sh b/etc/cont-init.d/00_settimezone.sh new file mode 100644 index 0000000..754db00 --- /dev/null +++ b/etc/cont-init.d/00_settimezone.sh @@ -0,0 +1,9 @@ +#!/usr/bin/with-contenv sh + +set -e + +#User params +TIMEZONE=${TZ:="UTC"} + +# Set Timezone +echo "${TIMEZONE}" > /etc/TZ diff --git a/etc/cont-init.d/10_syslog_ng b/etc/cont-init.d/10_syslog_ng new file mode 100644 index 0000000..5423e66 --- /dev/null +++ b/etc/cont-init.d/10_syslog_ng @@ -0,0 +1,43 @@ +#!/usr/bin/with-contenv /bin/sh + +CONFD=/etc/syslog-ng/conf.d +TEMPLATES=/etc/syslog-ng/templates + +# enable and configure the SQL destination if SQL_* environment variables are set +if $(env | grep -q SQL); then + + if [ -z ${SQL_PORT+set} ]; then + SQL_PORT=3306 + fi + + cp -f ${TEMPLATES}/d_sql.template ${CONFD}/d_sql.conf + + sed -i "s/SQL_HOST/${SQL_HOST}/" ${CONFD}/d_sql.conf + sed -i "s/SQL_PORT/${SQL_PORT}/" ${CONFD}/d_sql.conf + sed -i "s/SQL_USER/${SQL_USER}/" ${CONFD}/d_sql.conf + sed -i "s/SQL_PASSWORD/${SQL_PASSWORD}/" ${CONFD}/d_sql.conf + sed -i "s/SQL_DATABASE/${SQL_DATABASE}/" ${CONFD}/d_sql.conf + +# otherwise make sure the SQL destination is disabled +elif [ -f ${CONFD}/d_sql.conf ]; then + rm -f ${CONFD}/d_sql.conf +fi + +DO_ENABLE_LOCAL=true + +if [ ! -z ${ENABLE_LOCAL+set} ]; then + case $ENABLE_LOCAL in + true|True|TRUE|yes|Yes|YES|1|on|On|ON) + DO_ENABLE_LOCAL=true + ;; + esac +fi + +# enable the local destination if the appropriate environment variable is set +if ${DO_ENABLE_LOCAL}; then + echo "Logging to /var/log/messages ENABLED." + cp --remove-destination ${TEMPLATES}/d_local.template ${CONFD}/d_local.conf +else # otherwise make sure it's disabled + echo "Logging to /var/log/messages DISABLED." + rm -f ${CONFD}/d_local.conf +fi diff --git a/etc/services.d/logmonitor/run b/etc/services.d/logmonitor/run new file mode 100644 index 0000000..7b23ce9 --- /dev/null +++ b/etc/services.d/logmonitor/run @@ -0,0 +1,8 @@ +#!/bin/sh + +while true +do + echo "] ping from logmonitor..." + sleep 10 +done + diff --git a/etc/services.d/syslog-ng/run b/etc/services.d/syslog-ng/run new file mode 100644 index 0000000..77bd8c4 --- /dev/null +++ b/etc/services.d/syslog-ng/run @@ -0,0 +1,2 @@ +#!/usr/bin/execlineb -P +/usr/sbin/syslog-ng -F diff --git a/etc/syslog-ng/conf.d/options.conf b/etc/syslog-ng/conf.d/options.conf new file mode 100755 index 0000000..fdb24da --- /dev/null +++ b/etc/syslog-ng/conf.d/options.conf @@ -0,0 +1,9 @@ +options { + #use_dns(yes); + #use_fqdn(yes); + keep_hostname(yes); + create_dirs(yes); + ts_format(iso); + time_reopen (10); + chain_hostnames (no); +}; diff --git a/etc/syslog-ng/syslog-ng.conf b/etc/syslog-ng/syslog-ng.conf new file mode 100755 index 0000000..41eb880 --- /dev/null +++ b/etc/syslog-ng/syslog-ng.conf @@ -0,0 +1,40 @@ +############################################################################# +# Default syslog-ng.conf file which collects all local logs into a +# single file called /var/log/messages tailored to container usage. +# +# The changes from the stock, default syslog-ng.conf file is that we've +# dropped the system() source that is not needed and that we enabled network +# connections using default-network-drivers(). Customize as needed and +# override using the -v option to docker, such as: +# +# docker run ... -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf +# + +@version: 3.30 +@include "scl.conf" + +source s_local { + internal(); +}; + +source s_network { + default-network-drivers( + # NOTE: TLS support + # + # the default-network-drivers() source driver opens the TLS + # enabled ports as well, however without an actual key/cert + # pair they will not operate and syslog-ng would display a + # warning at startup. + # +# tls( +# key-file("/etc/syslog-ng/certs/serverkey.pem") +# cert-file("/etc/syslog-ng/certs/servercert.pem") +# ) + ); +}; + +### +# Include all config files in /etc/syslog-ng/conf.d/ +### +@include "/etc/syslog-ng/conf.d/*.conf" + diff --git a/etc/syslog-ng/templates/d_local.template b/etc/syslog-ng/templates/d_local.template new file mode 100644 index 0000000..b0daa38 --- /dev/null +++ b/etc/syslog-ng/templates/d_local.template @@ -0,0 +1,11 @@ +destination d_local { + file("/var/log/messages"); + file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3)); +}; + +log { + source(s_local); + source(s_network); + destination(d_local); +}; + diff --git a/etc/syslog-ng/templates/d_sql.template b/etc/syslog-ng/templates/d_sql.template new file mode 100644 index 0000000..7305760 --- /dev/null +++ b/etc/syslog-ng/templates/d_sql.template @@ -0,0 +1,21 @@ +destination d_sql { + sql( + type(mysql) + host("SQL_HOST") + port("SQL_PORT") + username("SQL_USER") + password("SQL_PASSWORD") + database("SQL_DATABASE") + table("logs") + columns("host", "facility", "priority", "level", "tag", "fo", "program", "msg") + values("$HOST", "$FACILITY", "$PRIORITY", "$LEVEL", "$TAG","$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC", "$PROGRAM", "$MSG") + indexes("fo", "host") + ); +}; + +log { + source(s_local); + source(s_network); + destination(d_sql); +}; +