From 682bde64bb3128b267981c04b62afef67f30ec6c Mon Sep 17 00:00:00 2001
From: Kameron Kenny <1267885+kkenny@users.noreply.github.com>
Date: Fri, 7 Jun 2024 17:36:32 -0400
Subject: [PATCH] config

---
 Dockerfile            |   2 +-
 config/syslog-ng.conf | 167 +++++++++++++++++++++++++++++++++++++++---
 docker-compose.yml    |   8 +-
 3 files changed, 161 insertions(+), 16 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ac4b6dc..aec2fdc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM lscr.io/linuxserver/syslog-ng:latest
 
-LABEL version="20240607.1.1"
+LABEL version="20240607.1.2"
 LABEL description="syslog-ng"
 
 RUN mkdir -p /config
diff --git a/config/syslog-ng.conf b/config/syslog-ng.conf
index a6d1817..a0fc6b7 100644
--- a/config/syslog-ng.conf
+++ b/config/syslog-ng.conf
@@ -2,29 +2,174 @@
 # Default syslog-ng.conf file which collects all local logs into a
 # single file called /var/log/messages tailored to container usage.
 
-@version: 4.7
+@version: 4.2
 @include "scl.conf"
 
-source s_local {
-  internal();
-};
+source s_local { internal(); };
+source s_network_tcp { syslog(transport(tcp) port(6601)); };
+source s_network_udp { syslog(transport(udp) port(5514)); };
 
-source s_network_tcp {
-  syslog(transport(tcp) port(6601));
-};
-
-source s_network_udp {
-  syslog(transport(udp) port(5514));
-};
+filter f_unifi_fw_lan { match("LAN" value("PID")); };
+filter f_unifi_fw_wan { match("WAN" value("PID")); };
+filter f_unifi_fw_dnat { match("DNAT" value("PID")); };
+filter f_unifi_dnsmasq { match("dnsmasq" value("PID")); };
+filter f_unifi_systemd { match("systemd" value("PID")); };
+filter f_unifi_stahtd { match("stahtd" value("PID")); };
+filter f_unifi_mcad { match("mcad" value("PID")); };
+filter f_unifi_hostapd { match("hostapd" value("PID")); };
+filter f_unifi_wlan { message("wlan:"); };
 
 destination d_local {
   file("/var/log/messages");
   file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
 };
 
+destination d_unifi_fw { file("/var/log/unifi_fw.log"); };
+
+destination d_unifi_firewall {
+  elasticsearch-http(
+    index("unifi-firewall")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+destination d_unifi_dnsmasq {
+  elasticsearch-http(
+    index("unifi-dnsmasq")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+destination d_unifi_systemd {
+  elasticsearch-http(
+    index("unifi-systemd")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+destination d_unifi_stahtd {
+  elasticsearch-http(
+    index("unifi-stahtd")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+destination d_unifi_mcad {
+  elasticsearch-http(
+    index("unifi-mcad")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+destination d_unifi_hostapd {
+  elasticsearch-http(
+    index("unifi-hostapd")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+destination d_unifi_wlan {
+  elasticsearch-http(
+    index("unifi-wlan")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    persist-name("persist")
+  );
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_fw_lan);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_fw_wan);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_fw_dnat);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_dnsmasq);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_systemd);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_stahtd);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_mcad);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_hostapd);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
+log {
+  source(s_network_udp);
+  filter(f_unifi_wlan);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
 log {
   source(s_local);
   source(s_network_tcp);
   source(s_network_udp);
   destination(d_local);
 };
+
diff --git a/docker-compose.yml b/docker-compose.yml
index 6a69bef..39fe2b9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,10 +8,10 @@ volumes:
 
 services:
   syslog-ng:
-    #build:
-    #dockerfile: Dockerfile
-    #image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240607.1.1
-    image: lscr.io/linuxserver/syslog-ng:latest
+    build:
+      dockerfile: Dockerfile
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240607.1.2
+    #    image: lscr.io/linuxserver/syslog-ng:latest
     container_name: syslog-ng
     environment:
       - PUID=0