From a33631d84b26b361ef18e584eff1f2a2db2ec6ee Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Wed, 19 Feb 2014 13:04:51 -0800
Subject: [PATCH] elasticsearch/Dockerfile.template: Log to syslog instead of a
 local file

Use Log4j's SyslogAppender [1] to log to a local Syslog.  The Syslog
appender doesn't use /dev/log [2], so we also need to Syslog to listen
on the UDP socket.  Relevant threads from the Elasticsearch mailing
list [3,4].

[1]: http://logging.apache.org/log4j/2.x/manual/appenders.html#SyslogAppender
[2]: https://issues.apache.org/bugzilla/show_bug.cgi?id=44839
[3]: https://groups.google.com/forum/#!topic/elasticsearch/zeGWxzSQ4N4/discussion
     Subject: Using the syslog appender in elasticsearch
     From: Darron Froese
     Date: 2011-12-28
[4]: https://groups.google.com/forum/#!topic/elasticsearch/-ydujtOC5Fw/discussion
     Subject: use elasticsearch with syslog
     From: Olivier Morel
     Date: 2013-04-30
---
 elasticsearch/Dockerfile.template | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/elasticsearch/Dockerfile.template b/elasticsearch/Dockerfile.template
index baeec80..c828ce8 100644
--- a/elasticsearch/Dockerfile.template
+++ b/elasticsearch/Dockerfile.template
@@ -31,6 +31,11 @@ RUN eselect news read new
 RUN rc-update add elasticsearch default
 RUN for x in /etc/elasticsearch/*; do cp "${x}" "${x%.sample}"; done
 
+# Log via Syslog
+RUN sed -i 's/^\(source src { system(); internal();\) };$/\1 udp(ip(127.0.0.1) port(514)); };/' /etc/syslog-ng/syslog-ng.conf
+RUN sed -i 's/^\(rootLogger: .*\), file$/\1, syslog/' /etc/elasticsearch/logging.yml
+RUN sed -i 's/^\(appender:\)$/\1\n  syslog:\n    type: syslog\n    syslogHost: localhost:514\n    facility: daemon\n    laout:\n      type: pattern\n      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"\n/' /etc/elasticsearch/logging.yml
+
 # Container networking happens automatically
 RUN sed -i 's/need net$/use net/' /etc/init.d/*
 
-- 
2.26.2