From b4ea70c53427fdbe309cd6b8a42bbc29b0bdd5bd Mon Sep 17 00:00:00 2001
From: Kameron Kenny <1267885+kkenny@users.noreply.github.com>
Date: Wed, 19 Jun 2024 10:59:29 -0400
Subject: [PATCH] create a default catch-all config

---
 Dockerfile                                 |  2 +-
 config/syslog-ng.conf                      | 21 ---------------------
 config/syslog-ng.conf.d/zzz-catch-all.conf | 20 ++++++++++++++++++++
 docker-compose.yml                         |  2 +-
 4 files changed, 22 insertions(+), 23 deletions(-)
 create mode 100644 config/syslog-ng.conf.d/zzz-catch-all.conf

diff --git a/Dockerfile b/Dockerfile
index 2992298..3356f63 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,7 @@
 FROM debian:latest
 MAINTAINER Kameron Kenny <kkenny379@gmail.com>
 
-LABEL version="20240619.1.2"
+LABEL version="20240619.1.3"
 LABEL description="Debian Based syslog-ng"
 
 RUN apt-get update
diff --git a/config/syslog-ng.conf b/config/syslog-ng.conf
index 6c98c06..a6000d9 100644
--- a/config/syslog-ng.conf
+++ b/config/syslog-ng.conf
@@ -15,25 +15,4 @@ destination d_local {
   file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
 };
 
-destination d_syslog_ng_es {
-  elasticsearch-http(
-    index("syslog-ng")
-    type("")
-    user("elastic")
-    password("forty6and2")
-    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
-    template("$(format-json --scope rfc5424 --scope dot-nv-pairs
-    --rekey .* --shift 1 --scope nv-pairs
-    --exclude DATE @timestamp=${ISODATE})")
-    persist-name("d_syslog_ng_es")
-  );
-};
-
-log {
-  source(s_local);
-  source(s_network_tcp);
-  source(s_network_udp);
-  destination(d_syslog_ng_es);
-};
-
 @include "/config/syslog-ng.conf.d/*.conf"
diff --git a/config/syslog-ng.conf.d/zzz-catch-all.conf b/config/syslog-ng.conf.d/zzz-catch-all.conf
new file mode 100644
index 0000000..d5efb18
--- /dev/null
+++ b/config/syslog-ng.conf.d/zzz-catch-all.conf
@@ -0,0 +1,20 @@
+destination d_syslog_ng_es {
+  elasticsearch-http(
+    index("syslog-ng")
+    type("")
+    user("elastic")
+    password("forty6and2")
+    url("http://pi501.in.thelinuxpro.net:9200/_bulk")
+    template("$(format-json --scope rfc5424 --scope dot-nv-pairs
+    --rekey .* --shift 1 --scope nv-pairs
+    --exclude DATE @timestamp=${ISODATE})")
+    persist-name("d_syslog_ng_es")
+  );
+};
+
+log {
+  source(s_local);
+  source(s_network_tcp);
+  source(s_network_udp);
+  destination(d_syslog_ng_es);
+};
diff --git a/docker-compose.yml b/docker-compose.yml
index c5f27b5..8ab29d4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,7 +10,7 @@ services:
   syslog-ng:
     build:
       dockerfile: Dockerfile
-    image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240619.1.2
+    image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:240619.1.3
     container_name: syslog-ng
       #environment:
         #- TZ:America/Indianapolis