logging for misp

roles/build/files/misp_rh-php72-php-fpm

+/var/opt/rh/rh-php72/log/php-fpm/error.log {
+    missingok
+    notifempty
+    sharedscripts
+    delaycompress
+    postrotate
+        /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+    endscript
+}
+
+/var/opt/rh/rh-php72/log/php-fpm/www-*log {
+    su apache apache
+    create 600 apache apache
+    missingok
+    notifempty
+    sharedscripts
+    delaycompress
+    postrotate
+        /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+    endscript
+}

roles/build/templates/misp/Dockerfile.j2

@@ -76,9 +76,11 @@ RUN chown -R apache:apache /var/www/MISP ; \
     chmod -R g+ws /var/www/MISP/app/files ; \
     chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
 
+COPY misp_rh-php72-php-fpm /etc/logrotate.d/rh-php72-php-fpm
+
 # 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
 EXPOSE 80 443 6443 6379 6666 50000
 
 COPY mispsupervisord.conf /etc/supervisord.conf
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
 

roles/build/templates/misp/supervisord.conf.j2

+[unix_http_server]
+file=/tmp/supervisor.sock
+
 [supervisord]
-nodaemon=false
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
 user=root
 
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:cron]
+autostart=true
+autorestart=true
+command=crond -n
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cron_stderr.log
+stdout_logfile = /var/log/supervisor/cron_stdout.log
+
 [program:php-fpm]
 # EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
 command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+autostart=false
+autorestart=true
 
 [program:redis-server]
 process_name = redis-server
 directory = /var/opt/rh/rh-redis32/lib/redis/
 command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
 user=redis
+autostart=false
+autorestart=true
 
 [program:apache2]
 command=/usr/sbin/httpd -DFOREGROUND
+autostart=false
+autorestart=true
 
 [program:misp-modules]
 command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
 user = apache
+autostart=false
+autorestart=unexpected
 startsecs = 0
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/misp-modules_stderr.log
+stdout_logfile = /var/log/supervisor/misp-modules_stdout.log
 
 [program:workers]
 command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
 user=apache
+autostart=false
+autorestart=unexpected
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/workers_stderr.log
+stdout_logfile = /var/log/supervisor/workers_stdout.log

roles/docker/tasks/misp.yml

@@ -8,8 +8,6 @@
     networks:
       - name: "{{ soctools_netname}}"
     networks_cli_compatible: yes
-    entrypoint: "/bin/bash"
-    interactive: "yes"
     published_ports:
       - "6443:6443"
   tags:

roles/misp/tasks/main.yml

@@ -52,8 +52,8 @@
   tags:
     - start
 
-- name: Start MISP
-  command: "/usr/bin/supervisord -c /etc/supervisord.conf"
+- name: Start MISP Services
+  command: "supervisorctl start all"
   tags:
     - start
 

soctools-inventory

@@ -43,6 +43,6 @@ dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsea
 dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='["/usr/share/kibana/kblog"]' FILEBEAT_LOG_TYPE="kibana" FILEBEAT_LOG_FORMAT="text"
 #dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='[""]'
 dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
-#dsoclab-misp ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-misp ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-php72/log/php-fpm/*.log","/var/opt/rh/rh-redis32/log/redis/redis.log","/var/log/httpd/*log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="misp" FILEBEAT_LOG_FORMAT="text"
 dsoclab-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
 #dsoclab-zookeeper ansible_connection=docker FILEBEAT_FILES='[""]'