From 2b141466e2564302d853beb10b3f399986c1886a Mon Sep 17 00:00:00 2001
From: John Regan <john@jrjrtech.com>
Date: Tue, 19 Feb 2019 16:45:36 -0500
Subject: [PATCH] rework how socklog service works

---
 README.md                                     | 49 ++++++++++++-
 overlay-rootfs/etc/services.d/socklog/log/run | 73 +++----------------
 overlay-rootfs/etc/socklog.rules/~-cron       |  4 +
 overlay-rootfs/etc/socklog.rules/~-daemon     |  4 +
 overlay-rootfs/etc/socklog.rules/~-debug      |  3 +
 overlay-rootfs/etc/socklog.rules/~-errors     |  8 ++
 overlay-rootfs/etc/socklog.rules/~-everything |  5 ++
 overlay-rootfs/etc/socklog.rules/~-kernel     |  4 +
 overlay-rootfs/etc/socklog.rules/~-mail       |  4 +
 overlay-rootfs/etc/socklog.rules/~-messages   | 11 +++
 overlay-rootfs/etc/socklog.rules/~-secure     |  5 ++
 overlay-rootfs/etc/socklog.rules/~-user       |  4 +
 12 files changed, 110 insertions(+), 64 deletions(-)
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-cron
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-daemon
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-debug
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-errors
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-everything
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-kernel
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-mail
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-messages
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-secure
 create mode 100644 overlay-rootfs/etc/socklog.rules/~-user

diff --git a/README.md b/README.md
index 09ded06..f0a62f6 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ ADD https://github.com/just-containers/s6-overlay/releases/download/v1.21.8.0/s6
 RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C /
 
 # Install socklog-overlay
-ADD https://github.com/just-containers/socklog-overlay/releases/download/v2.2.1-4/socklog-overlay-amd64.tar.gz /tmp/
+ADD https://github.com/just-containers/socklog-overlay/releases/download/v3.0.0-1/socklog-overlay-amd64.tar.gz /tmp/
 RUN tar xzf /tmp/socklog-overlay-amd64.tar.gz -C /
 
 ENTRYPOINT ["/init"]
@@ -38,7 +38,46 @@ with built-in log rotation.
 
 ## Customization
 
-None yet, if you have any ideas we'll gladly accept pull requests!
+### Custom logging rules
+
+`socklog-overlay` works by reading in a series of `s6-log` logging scripts from
+`/etc/socklog.rules`. You can create your own rules by placing a file in
+`/etc/socklog.rules`.
+
+For example, if you wanted to save all errors for messages tagged with the
+"local0" facility, you could create the file `/etc/socklog.rules/local0-error`
+
+```
+-
++^local0\.err
+T
+/var/log/socklog/local0-errors
+```
+
+This will match lines that begin with `local0.err`, prepend them with an ISO8601 timestamp, and save them to the `/var/log/socklog/local0-errors` folder.
+
+Another example, if you wanted to have all syslog messages copied to stdout,
+create a file at `/etc/socklog.rules/forward-stdout`:
+
+```
++
+1
+```
+
+This will match all lines (as indicated by the `+` symbol with an empty regex),
+and forward them to stdout (indicated by the `1` symbol).
+
+More details on how to write `s6-log` logging scripts are available in the
+[s6-log manual](http://skarnet.org/software/s6/s6-log.html).
+
+### Creating logging folders
+
+The `/etc/cont-init.d/~-socklog` script should run last, and its final step
+is to recursively chown `/var/log/socklog`.
+
+Create a script in `/etc/cont-init.d` to make your needed logging folder,
+if it's a subfolder of `/var/log/socklog`, you should be covered. If not,
+you'll likely need to chown it as well, to the `nobody` user.
 
 Ideas I'd like to flesh out:
 
@@ -59,6 +98,12 @@ Then verify the downloaded files:
 $ gpg --verify socklog-overlay-amd64.tar.gz.sig socklog-overlay-amd64.tar.gz
 ```
 
+## Upgrade Notes
+
+`socklog-overlay` version 3.0.0 switched from having the hard-coded
+`log/run` script with log pattern rules, to using the `/etc/socklog.rules`
+folder. If you have a custom `log/run` script, it should continue to work.
+
 ## LICENSE
 
 ISC license, see `LICENSE.md`
diff --git a/overlay-rootfs/etc/services.d/socklog/log/run b/overlay-rootfs/etc/services.d/socklog/log/run
index 740a598..4d95375 100755
--- a/overlay-rootfs/etc/services.d/socklog/log/run
+++ b/overlay-rootfs/etc/services.d/socklog/log/run
@@ -1,66 +1,15 @@
 #!/usr/bin/execlineb -P
 
-s6-setuidgid nobody
-s6-log -b
-
--
-+^cron\.
-T
-/var/log/socklog/cron
-
--
-+^daemon\.
-T
-/var/log/socklog/daemon
-
--
-+^\.debug:
-/var/log/socklog/debug
-
--
-+\..err:
-+\.error:
-+\.emerg:
-+\.alert:
-+\.crit:
-T
-/var/log/socklog/errors
+backtick -i -n LOGGING_SCRIPT
+{
+  pipeline { pipeline { s6-ls -0 -- /etc/socklog.rules } s6-sort -0 }
+  forstdin -0 -- i
+  importas -u i i
+  redirfd -rb 0 /etc/socklog.rules/${i}
+  s6-cat
+}
 
--
--auth\.
--authpriv\.
-T
-/var/log/socklog/everything
+importas -u -s LOGGING_SCRIPT LOGGING_SCRIPT
 
--
-+^kern\.
-T
-/var/log/socklog/kernel
-
--
-+^mail\.
-T
-/var/log/socklog/mail
-
--
-+\.info:
-+\.notice:
-+\.warn:
--^auth\.
--^authpriv\.
--^mail\.
--^news\.
--^cron\.
-T
-/var/log/socklog/messages
-
--
-+^auth\.
-+^authpriv\.
-T
-/var/log/socklog/secure
-
--
-+^user\.
-T
-/var/log/socklog/user
+s6-setuidgid nobody
+s6-log -bp $LOGGING_SCRIPT
diff --git a/overlay-rootfs/etc/socklog.rules/~-cron b/overlay-rootfs/etc/socklog.rules/~-cron
new file mode 100644
index 0000000..cce07de
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-cron
@@ -0,0 +1,4 @@
+-
++^cron\.
+T
+/var/log/socklog/cron
diff --git a/overlay-rootfs/etc/socklog.rules/~-daemon b/overlay-rootfs/etc/socklog.rules/~-daemon
new file mode 100644
index 0000000..9a6660f
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-daemon
@@ -0,0 +1,4 @@
+-
++^daemon\.
+T
+/var/log/socklog/daemon
diff --git a/overlay-rootfs/etc/socklog.rules/~-debug b/overlay-rootfs/etc/socklog.rules/~-debug
new file mode 100644
index 0000000..9ee6170
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-debug
@@ -0,0 +1,3 @@
+-
++^\.debug:
+/var/log/socklog/debug
diff --git a/overlay-rootfs/etc/socklog.rules/~-errors b/overlay-rootfs/etc/socklog.rules/~-errors
new file mode 100644
index 0000000..02e458e
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-errors
@@ -0,0 +1,8 @@
+-
++\..err:
++\.error:
++\.emerg:
++\.alert:
++\.crit:
+T
+/var/log/socklog/errors
diff --git a/overlay-rootfs/etc/socklog.rules/~-everything b/overlay-rootfs/etc/socklog.rules/~-everything
new file mode 100644
index 0000000..74e2721
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-everything
@@ -0,0 +1,5 @@
++
+-auth\.
+-authpriv\.
+T
+/var/log/socklog/everything
diff --git a/overlay-rootfs/etc/socklog.rules/~-kernel b/overlay-rootfs/etc/socklog.rules/~-kernel
new file mode 100644
index 0000000..d8ecc89
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-kernel
@@ -0,0 +1,4 @@
+-
++^kern\.
+T
+/var/log/socklog/kernel
diff --git a/overlay-rootfs/etc/socklog.rules/~-mail b/overlay-rootfs/etc/socklog.rules/~-mail
new file mode 100644
index 0000000..be5efdc
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-mail
@@ -0,0 +1,4 @@
+-
++^mail\.
+T
+/var/log/socklog/mail
diff --git a/overlay-rootfs/etc/socklog.rules/~-messages b/overlay-rootfs/etc/socklog.rules/~-messages
new file mode 100644
index 0000000..d604205
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-messages
@@ -0,0 +1,11 @@
+-
++\.info:
++\.notice:
++\.warn:
+-^auth\.
+-^authpriv\.
+-^mail\.
+-^news\.
+-^cron\.
+T
+/var/log/socklog/messages
diff --git a/overlay-rootfs/etc/socklog.rules/~-secure b/overlay-rootfs/etc/socklog.rules/~-secure
new file mode 100644
index 0000000..8832faf
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-secure
@@ -0,0 +1,5 @@
+-
++^auth\.
++^authpriv\.
+T
+/var/log/socklog/secure
diff --git a/overlay-rootfs/etc/socklog.rules/~-user b/overlay-rootfs/etc/socklog.rules/~-user
new file mode 100644
index 0000000..b54f8af
--- /dev/null
+++ b/overlay-rootfs/etc/socklog.rules/~-user
@@ -0,0 +1,4 @@
+-
++^user\.
+T
+/var/log/socklog/user