├── .gitignore ├── .github ├── keys.tar.xz.enc ├── release ├── workflows │ └── all.yml └── build ├── overlay-rootfs └── etc │ ├── socklog.rules │ ├── ~-cron │ ├── ~-mail │ ├── ~-user │ ├── ~-daemon │ ├── ~-debug │ ├── ~-kernel │ ├── ~-secure │ ├── ~-everything │ ├── ~-errors │ └── ~-messages │ ├── services.d │ └── socklog │ │ ├── run │ │ └── log │ │ └── run │ └── cont-init.d │ └── ~-socklog ├── LICENSE.md └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | /builds 2 | /dist 3 | /pkg 4 | -------------------------------------------------------------------------------- /.github/keys.tar.xz.enc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/just-containers/socklog-overlay/HEAD/.github/keys.tar.xz.enc -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-cron: -------------------------------------------------------------------------------- 1 | - 2 | +^cron\. 3 | ${SOCKLOG_TIMESTAMP_FORMAT} 4 | /var/log/socklog/cron 5 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-mail: -------------------------------------------------------------------------------- 1 | - 2 | +^mail\. 3 | ${SOCKLOG_TIMESTAMP_FORMAT} 4 | /var/log/socklog/mail 5 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-user: -------------------------------------------------------------------------------- 1 | - 2 | +^user\. 3 | ${SOCKLOG_TIMESTAMP_FORMAT} 4 | /var/log/socklog/user 5 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-daemon: -------------------------------------------------------------------------------- 1 | - 2 | +^daemon\. 3 | ${SOCKLOG_TIMESTAMP_FORMAT} 4 | /var/log/socklog/daemon 5 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-debug: -------------------------------------------------------------------------------- 1 | - 2 | +^\.debug: 3 | ${SOCKLOG_TIMESTAMP_FORMAT} 4 | /var/log/socklog/debug 5 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-kernel: -------------------------------------------------------------------------------- 1 | - 2 | +^kern\. 3 | ${SOCKLOG_TIMESTAMP_FORMAT} 4 | /var/log/socklog/kernel 5 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-secure: -------------------------------------------------------------------------------- 1 | - 2 | +^auth\. 3 | +^authpriv\. 4 | ${SOCKLOG_TIMESTAMP_FORMAT} 5 | /var/log/socklog/secure 6 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-everything: -------------------------------------------------------------------------------- 1 | + 2 | -auth\. 3 | -authpriv\. 4 | ${SOCKLOG_TIMESTAMP_FORMAT} 5 | /var/log/socklog/everything 6 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/services.d/socklog/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/execlineb -P 2 | 3 | fdmove -c 2 1 4 | s6-envuidgid -D 32768:32768 nobody 5 | socklog unix /dev/log 6 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-errors: -------------------------------------------------------------------------------- 1 | - 2 | +\..err: 3 | +\.error: 4 | +\.emerg: 5 | +\.alert: 6 | +\.crit: 7 | ${SOCKLOG_TIMESTAMP_FORMAT} 8 | /var/log/socklog/errors 9 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/socklog.rules/~-messages: -------------------------------------------------------------------------------- 1 | - 2 | +\.info: 3 | +\.notice: 4 | +\.warn: 5 | -^auth\. 6 | -^authpriv\. 7 | -^mail\. 8 | -^news\. 9 | -^cron\. 10 | ${SOCKLOG_TIMESTAMP_FORMAT} 11 | /var/log/socklog/messages 12 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/services.d/socklog/log/run: -------------------------------------------------------------------------------- 1 | #!/usr/bin/execlineb -P 2 | 3 | backtick -D "T" -n SOCKLOG_TIMESTAMP_FORMAT { printcontenv SOCKLOG_TIMESTAMP_FORMAT } 4 | 5 | backtick -i -n LOGGING_SCRIPT 6 | { 7 | pipeline { pipeline { s6-ls -0 -- /etc/socklog.rules } s6-sort -0 } 8 | forstdin -0 -- i 9 | if { 10 | importas -u i i 11 | redirfd -rb 0 /etc/socklog.rules/${i} 12 | s6-cat 13 | } s6-echo 14 | } 15 | 16 | importas -C -u -s -d"\r\n" LOGGING_SCRIPT LOGGING_SCRIPT 17 | importas -C -u -s -d"\r\n" SOCKLOG_TIMESTAMP_FORMAT SOCKLOG_TIMESTAMP_FORMAT 18 | 19 | s6-setuidgid nobody 20 | s6-log -bp $LOGGING_SCRIPT 21 | 22 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Internet Systems Consortium license 2 | =================================== 3 | 4 | Copyright (c) `2017` ``John Regan ` 5 | 6 | Permission to use, copy, modify, and/or distribute this software for any purpose 7 | with or without fee is hereby granted, provided that the above copyright notice 8 | and this permission notice appear in all copies. 9 | 10 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH 11 | REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND 12 | FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, 13 | INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS 14 | OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 | TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF 16 | THIS SOFTWARE. 17 | -------------------------------------------------------------------------------- /overlay-rootfs/etc/cont-init.d/~-socklog: -------------------------------------------------------------------------------- 1 | #!/usr/bin/execlineb 2 | 3 | backtick -D "T" -n SOCKLOG_TIMESTAMP_FORMAT { printcontenv SOCKLOG_TIMESTAMP_FORMAT } 4 | importas -u SOCKLOG_TIMESTAMP_FORMAT SOCKLOG_TIMESTAMP_FORMAT 5 | 6 | # make sure SOCKLOG_TIMESTAMP_FORMAT is acceptable 7 | if 8 | { 9 | ifelse { s6-test -n "${SOCKLOG_TIMESTAMP_FORMAT}" } 10 | { 11 | ifelse { s6-test "${SOCKLOG_TIMESTAMP_FORMAT}" != "T" } 12 | { 13 | ifelse { s6-test "${SOCKLOG_TIMESTAMP_FORMAT}" != "t" } 14 | { 15 | redirfd -wb 1 /var/run/s6/container_environment/SOCKLOG_TIMESTAMP_FORMAT 16 | s6-echo -n -- T 17 | } 18 | exit 0 19 | } 20 | exit 0 21 | } 22 | exit 0 23 | } 24 | 25 | if { s6-mkdir -p -m 0750 /var/log/socklog/cron } 26 | if { s6-mkdir -p -m 0750 /var/log/socklog/daemon } 27 | if { s6-mkdir -p -m 0750 /var/log/socklog/debug } 28 | if { s6-mkdir -p -m 0750 /var/log/socklog/errors } 29 | if { s6-mkdir -p -m 0750 /var/log/socklog/everything } 30 | if { s6-mkdir -p -m 0750 /var/log/socklog/kernel } 31 | if { s6-mkdir -p -m 0750 /var/log/socklog/mail } 32 | if { s6-mkdir -p -m 0750 /var/log/socklog/messages } 33 | if { s6-mkdir -p -m 0750 /var/log/socklog/secure } 34 | if { s6-mkdir -p -m 0750 /var/log/socklog/user } 35 | 36 | pipeline { s6-echo "/var/log/socklog true nobody:nogroup,32768:32768 0640 0750" } fix-attrs 37 | -------------------------------------------------------------------------------- /.github/release: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | 4 | # don't loop if files don't exist 5 | shopt -s nullglob 6 | 7 | # exit if TRAVIS_TAG is empty, no need to release anything 8 | if [ -z "${TRAVIS_TAG}" ]; then 9 | exit 0 10 | fi 11 | 12 | mkdir -p tools/downloads 13 | mkdir -p tools/cross/bin 14 | 15 | if [[ ! -f "tools/downloads/linux-amd64-github-release.bz2" ]] ; then 16 | printf "Downloading tools/downloads/linux-amd64-github-release.bz2\n" 17 | curl -s -R -L -o "tools/downloads/linux-amd64-github-release.bz2" \ 18 | "https://github.com/github-release/github-release/releases/download/v0.8.1/linux-amd64-github-release.bz2" 19 | fi 20 | 21 | bunzip2 "tools/downloads/linux-amd64-github-release.bz2" 22 | mv "tools/downloads/linux-amd64-github-release" "tools/cross/bin/github-release" 23 | chmod +x "tools/cross/bin/github-release" 24 | 25 | export "PATH=$(pwd)/tools/cross/bin:$PATH" 26 | 27 | # get user and repo names 28 | USERNAME=$(echo ${TRAVIS_REPO_SLUG} | cut -d"/" -f1) 29 | REPONAME=$(echo ${TRAVIS_REPO_SLUG} | cut -d"/" -f2) 30 | 31 | # release 32 | github-release release \ 33 | --user "${USERNAME}" \ 34 | --repo "${REPONAME}" \ 35 | --tag "${TRAVIS_TAG##*/}" \ 36 | --name "${TRAVIS_TAG##*/}" 37 | 38 | # binaries 39 | for i in dist/*.tar.gz; do 40 | name=$(basename ${i}) 41 | gpg -u 0x3B2FD161 --output "${i}.sig" --detach-sig "${i}" 42 | github-release upload \ 43 | --user "${USERNAME}" \ 44 | --repo "${REPONAME}" \ 45 | --tag "${TRAVIS_TAG##*/}" \ 46 | --name "${name}" \ 47 | --file "${i}" 48 | github-release upload \ 49 | --user "${USERNAME}" \ 50 | --repo "${REPONAME}" \ 51 | --tag "${TRAVIS_TAG##*/}" \ 52 | --name "${name}.sig" \ 53 | --file "${i}.sig" 54 | done 55 | -------------------------------------------------------------------------------- /.github/workflows/all.yml: -------------------------------------------------------------------------------- 1 | on: [push, pull_request] 2 | 3 | jobs: 4 | build: 5 | name: Build 6 | runs-on: ubuntu-latest 7 | steps: 8 | - name: checkout code 9 | uses: actions/checkout@v2 10 | 11 | - name: build 12 | run: .github/build 13 | 14 | - name: upload artifacts 15 | uses: actions/upload-artifact@v2 16 | with: 17 | name: dist 18 | path: | 19 | dist/*.tar.gz 20 | dist/*.md 21 | 22 | release: 23 | name: Release 24 | runs-on: ubuntu-latest 25 | needs: build 26 | if: startsWith(github.ref, 'refs/tags/v') 27 | steps: 28 | - name: checkout code 29 | uses: actions/checkout@v2 30 | 31 | - name: download artifacts 32 | uses: actions/download-artifact@v2 33 | with: 34 | name: dist 35 | path: dist 36 | 37 | - name: decrypt signing keys 38 | env: 39 | OPENSSL_KEY: ${{ secrets.OPENSSL_KEY }} 40 | OPENSSL_IV: ${{ secrets.OPENSSL_IV }} 41 | run: openssl aes-256-cbc -K $OPENSSL_KEY -iv $OPENSSL_IV -in .github/keys.tar.xz.enc -out .github/keys.tar.xz -d 42 | 43 | - name: extract signing keys 44 | run: tar xf .github/keys.tar.xz -C .github 45 | 46 | - name: import public key 47 | run: gpg --import .github/keys/public.key 48 | 49 | - name: import private key 50 | run: gpg --allow-secret-key-import --import .github/keys/private.key 51 | 52 | - name: create and upload release 53 | run: .github/release 54 | env: 55 | TRAVIS_REPO_SLUG: just-containers/socklog-overlay 56 | TRAVIS_TAG: ${{ github.ref }} 57 | GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} 58 | -------------------------------------------------------------------------------- /.github/build: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | SOCKLOG_VERSION="2.2.3" 4 | SOCKLOG_RELEASE="${SOCKLOG_VERSION}" 5 | SOCKLOG_SRC="https://github.com/just-containers/socklog/releases/download/v$SOCKLOG_RELEASE" 6 | 7 | PKGDIR=$(pwd)/pkg 8 | BUILDDIR=$(pwd)/builds 9 | DISTDIR=$(pwd)/dist 10 | 11 | mkdir -p "$PKGDIR" 12 | mkdir -p "$BUILDDIR" 13 | mkdir -p "$DISTDIR" 14 | 15 | declare -A targets 16 | targets[arm-linux-musleabi]=arm 17 | targets[arm-linux-musleabihf]=armhf 18 | targets[aarch64-linux-musl]=aarch64 19 | targets[x86_64-linux-musl]=amd64 20 | targets[i486-linux-musl]=x86 21 | targets[powerpc64le-linux-musl]=ppc64le 22 | 23 | for target in "${!targets[@]}" ; do 24 | mkdir -p "$BUILDDIR"/"$target" 25 | printf "Downloading socklog-${target}\n" 26 | curl -s -R -L -o "$PKGDIR/socklog-${target}.tar.gz" \ 27 | "$SOCKLOG_SRC/socklog-${SOCKLOG_VERSION}-linux-${targets[$target]}.tar.gz" 28 | tar -xzf "$PKGDIR/socklog-$target.tar.gz" \ 29 | -C "$BUILDDIR/$target" 30 | rsync -a overlay-rootfs/ "$BUILDDIR/$target" 31 | 32 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/cron 33 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/daemon 34 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/debug 35 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/errors 36 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/everything 37 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/kernel 38 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/mail 39 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/messages 40 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/secure 41 | mkdir -p "$BUILDDIR"/$target/var/log/socklog/user 42 | 43 | tar -cvzf "$DISTDIR/socklog-overlay-${targets[$target]}.tar.gz" \ 44 | --owner 0 \ 45 | --group 0 \ 46 | -C "$BUILDDIR/${target}/" . 47 | done 48 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # socklog-overlay 2 | 3 | The socklog-overlay is an add-on for the 4 | [s6-overlay](https://github.com/just-containers/s6-overlay) - it provides 5 | a small syslog replacement based on Gerrit Pape's [socklog](http://smarden.org/socklog/). 6 | 7 | ## Usage 8 | 9 | Installation is similar to installing the `s6-overlay`: 10 | 11 | ```Dockerfile 12 | FROM ubuntu 13 | 14 | # Install s6-overlay 15 | ADD https://github.com/just-containers/s6-overlay/releases/download/v1.21.8.0/s6-overlay-amd64.tar.gz /tmp/ 16 | RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / 17 | 18 | # Install socklog-overlay 19 | ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.1.2-0/socklog-overlay-amd64.tar.gz /tmp/ 20 | RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C / 21 | 22 | ENTRYPOINT ["/init"] 23 | ``` 24 | 25 | This will run a logging service with all messages in directories under `/var/log/socklog/`, 26 | with built-in log rotation. 27 | 28 | * `/var/log/socklog/cron` 29 | * `/var/log/socklog/daemon` 30 | * `/var/log/socklog/debug` 31 | * `/var/log/socklog/errors` 32 | * `/var/log/socklog/everything` 33 | * `/var/log/socklog/kernel` 34 | * `/var/log/socklog/mail` 35 | * `/var/log/socklog/messages` 36 | * `/var/log/socklog/secure` 37 | * `/var/log/socklog/user` 38 | 39 | ## Customization 40 | 41 | ### Custom logging rules 42 | 43 | `socklog-overlay` works by reading in a series of `s6-log` logging scripts from 44 | `/etc/socklog.rules`. You can create your own rules by placing a file in 45 | `/etc/socklog.rules`. Each directive (selection directive, control directive, 46 | or action directive) for the logging script should be on its own line. 47 | 48 | For example, if you wanted to save all errors for messages tagged with the 49 | "local0" facility, you could create the file `/etc/socklog.rules/local0-error` 50 | 51 | ``` 52 | - 53 | +^local0\.err 54 | T 55 | /var/log/socklog/local0-errors 56 | ``` 57 | 58 | This will match lines that begin with `local0.err`, prepend them with an ISO8601 timestamp, and save them to the `/var/log/socklog/local0-errors` folder. 59 | 60 | Another example, if you wanted to have all syslog messages copied to stdout, 61 | create a file at `/etc/socklog.rules/forward-stdout`: 62 | 63 | ``` 64 | + 65 | 1 66 | ``` 67 | 68 | This will match all lines (as indicated by the `+` symbol with an empty regex), 69 | and forward them to stdout (indicated by the `1` symbol). 70 | 71 | More details on how to write `s6-log` logging scripts are available in the 72 | [s6-log manual](http://skarnet.org/software/s6/s6-log.html). 73 | 74 | ### Creating logging folders 75 | 76 | The `/etc/cont-init.d/~-socklog` script should run last, and its final step 77 | is to recursively chown `/var/log/socklog`. 78 | 79 | Create a script in `/etc/cont-init.d` to make your needed logging folder, 80 | if it's a subfolder of `/var/log/socklog`, you should be covered. If not, 81 | you'll likely need to chown it as well, to the `nobody` user. 82 | 83 | ### Environment variables 84 | 85 | * `SOCKLOG_TIMESTAMP_FORMAT` - controls how (or if) a timestamp should be placed 86 | before every line, defaults to `T` 87 | * (empty) - do not insert timestamps into logs 88 | * `T` - prepend every line with an ISO 8601 timestamp 89 | * `t` - prepend every line with a TAI64N timestamp 90 | 91 | ## Ideas I'd like to flesh out: 92 | 93 | * Setting an environment variable to specify number of files, size, etc 94 | * Right now this is just using the `s6-log` defaults - 10 files, ~100k per file 95 | 96 | ## Verifying Downloads 97 | 98 | The `socklog-overlay` releases are signed using `gpg`, you can import our public key: 99 | 100 | ```bash 101 | $ curl https://keybase.io/justcontainers/key.asc | gpg --import 102 | ``` 103 | 104 | Then verify the downloaded files: 105 | 106 | ```bash 107 | $ gpg --verify socklog-overlay-amd64.tar.gz.sig socklog-overlay-amd64.tar.gz 108 | ``` 109 | 110 | ## Upgrade Notes 111 | 112 | ### 3.0.0 113 | 114 | `socklog-overlay` version 3.0.0 switched from having the hard-coded 115 | `log/run` script with log pattern rules, to using the `/etc/socklog.rules` 116 | folder. If you have a custom `log/run` script, it should continue to work. 117 | 118 | ### 3.1.0 119 | 120 | Added the `SOCKLOG_TIMESTAMP_FORMAT` environment variable. 121 | 122 | ### 3.1.1 123 | 124 | Compatibility update with skalibs v2.10+ 125 | 126 | ### 3.1.2 127 | 128 | Fixes https://github.com/just-containers/socklog-overlay/issues/8 129 | 130 | ## LICENSE 131 | 132 | ISC license, see `LICENSE.md` 133 | 134 | Binary downloads include a copy of `socklog`, which is released under 135 | a 3-clause BSD license. Please see [COPYING](https://github.com/just-containers/socklog/blob/master/COPYING) 136 | for details. 137 | --------------------------------------------------------------------------------