elasticsearch/Dockerfile.template: Log to syslog instead of a local file

Use Log4j's SyslogAppender [1] to log to a local Syslog.  The Syslog
appender doesn't use /dev/log [2], so we also need to Syslog to listen
on the UDP socket.  Relevant threads from the Elasticsearch mailing
list [3,4].

[1]: http://logging.apache.org/log4j/2.x/manual/appenders.html#SyslogAppender
[2]: https://issues.apache.org/bugzilla/show_bug.cgi?id=44839
[3]: https://groups.google.com/forum/#!topic/elasticsearch/zeGWxzSQ4N4/discussion
     Subject: Using the syslog appender in elasticsearch
     From: Darron Froese
     Date: 2011-12-28
[4]: https://groups.google.com/forum/#!topic/elasticsearch/-ydujtOC5Fw/discussion
     Subject: use elasticsearch with syslog
     From: Olivier Morel
     Date: 2013-04-30

diff --git a/elasticsearch/Dockerfile.template b/elasticsearch/Dockerfile.template
index baeec80ea19815a70168d765eff49b1deb42d837..c828ce830324ff5b0aebc1217290af9c19cf6fe2 100644 (file)
--- a/elasticsearch/Dockerfile.template
+++ b/elasticsearch/Dockerfile.template
@@ -31,6 +31,11 @@ RUN eselect news read new
 RUN rc-update add elasticsearch default
 RUN for x in /etc/elasticsearch/*; do cp "${x}" "${x%.sample}"; done
 
+# Log via Syslog
+RUN sed -i 's/^\(source src { system(); internal();\) };$/\1 udp(ip(127.0.0.1) port(514)); };/' /etc/syslog-ng/syslog-ng.conf
+RUN sed -i 's/^\(rootLogger: .*\), file$/\1, syslog/' /etc/elasticsearch/logging.yml
+RUN sed -i 's/^\(appender:\)$/\1\n  syslog:\n    type: syslog\n    syslogHost: localhost:514\n    facility: daemon\n    laout:\n      type: pattern\n      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"\n/' /etc/elasticsearch/logging.yml
+
 # Container networking happens automatically
 RUN sed -i 's/need net$/use net/' /etc/init.d/*