Updated logserver template to enable specifying elasticsearch IP duri…

…ng template creation

README.md

@@ -95,3 +95,4 @@ Packages downloaded will be cached in the cache directory at the root of the rep
 | nginx_rproxy    | Ubuntu Xenial | nginx Reverse Proxy (for use as a DMZ host) |
 | xenial_minimal  | Ubuntu Xenial | TBA                                         |
 | xenial_standard | Ubuntu Xenial | TBA                                         |
+| zoneminder      | Ubuntu Xenial | IP Camera Manager used for security         |

logserver/70-ship-logstash.conf

@@ -1,4 +1,4 @@
-*.*;syslog;auth,authpriv.none action(
+*.* action(
   type="omfwd"
   Target="127.0.0.1"
   Port="5014"

logserver/80-ship-es.conf

@@ -0,0 +1,2 @@
+module(load="omelasticsearch")
+*.*     action(type="omelasticsearch",server="localhost",serverport="9200")

logserver/Makefile

@@ -59,6 +59,12 @@ ifneq ($(strip $(LSIP)),)
 	dab exec sed -i s/localhost/$(LSIP)/g /etc/logstash/conf.d/30-output-es.conf
 endif
 
+	# if specified, enable native elasticsearch output
+ifneq ($(strip $(RSIP)),)
+	install -m 0644 80-ship-es.conf ${BASEDIR}/etc/rsyslog.d/80-ship-es.conf
+	dab exec sed -i s/localhost/$(RSIP)/g /etc/rsyslog.d/80-ship-es.conf
+endif
+
 	# Prepare firstrun scripts
 	install -m 0700 runonce.sh ${BASEDIR}/etc/init.d/firstboot
 	dab exec update-rc.d firstboot defaults

logserver/README.md

@@ -16,8 +16,8 @@
    - See the elk template included in this repository for a template providing elasticsearch and kibana to be used alongside this template for full ELK functionality.
 
 - Adds any customizations such as root login enabled or SSH keys from ../Makefile.global
-- Total uncompressed image size is *1412 MB*
-- Total compressed image size is *657 MB*
+- Total uncompressed image size is *1410 MB*
+- Total compressed image size is *656 MB*
 
 ### Usage
 
@@ -31,6 +31,7 @@ By default, the template will build as a standalone Log Server with listeners fo
 
 - SHIP: Specify SHIP=1 to automatically configure the sending of rsyslog messages to logstash.
 - LSIP: Configures a Logstash connection to elasticsearch server IP specified
+   - Note: If you set this option and find your container unaccessible via SSH (connection refused), it may be because the logstash service is unable to reach the elasticsearch server. In this case, log on to the Proxmox server and execute the ```lxc-attach --name [Container ID]``` command, and stop logstash with the ```systemctl stop logstash``` command.
 - RSIP: Configures a native rsyslog connection to elasticsearch *not yet implemented*
 
 #### Examples
@@ -39,6 +40,10 @@ By default, the template will build as a standalone Log Server with listeners fo
 
 ```make SHIP=1 LSIP=192.168.28.11```
 
+- The following command will build the template, enable log shipping natively from rsyslog to elasticsearch, and send logs to elasticsearch server 192.168.28.11
+
+```make RSIP=192.168.28.11```
+
 To copy the template to the Proxmox VE Templates Directory:
 
 ```make template```
@@ -57,6 +62,14 @@ Stadnard Systlog
 rsyslog
 ```test```
 
+rsyslog (RELP):
+```
+cat << EOF > /etc/rsyslog.d/00-relp.conf
+  module(load="omrelp")
+  action(type="omrelp" target="[Server IP]" port="20514")
+EOF
+```
+
 You can view your logs by using the loganalyzer GUI at http://[container IP]/loganalyzer/
 
 ## Customization and Integration

logserver/runonce.sh

@@ -19,6 +19,7 @@ case "$1" in
 
     # Remove the RELP client configuration, if it exists
     rm -f /etc/rsyslog.d/00-relp.conf
+    chown syslog:adm /var/log/syslog
     service rsyslogd restart
 
     # Enable and start logstash