From a1d78eb990d192325dd87b7428d5fbeb4250c325 Mon Sep 17 00:00:00 2001
From: Temur Maisuradze <temur@grena.ge>
Date: Fri, 27 Nov 2020 16:26:27 +0400
Subject: [PATCH] logging for misp
---
roles/build/files/misp_rh-php72-php-fpm | 21 +++++++++
roles/build/templates/misp/Dockerfile.j2 | 4 +-
.../build/templates/misp/supervisord.conf.j2 | 47 ++++++++++++++++++-
roles/docker/tasks/misp.yml | 2 -
roles/misp/tasks/main.yml | 4 +-
soctools-inventory | 2 +-
6 files changed, 73 insertions(+), 7 deletions(-)
create mode 100644 roles/build/files/misp_rh-php72-php-fpm
diff --git a/roles/build/files/misp_rh-php72-php-fpm b/roles/build/files/misp_rh-php72-php-fpm
new file mode 100644
index 0000000..2d67a51
--- /dev/null
+++ b/roles/build/files/misp_rh-php72-php-fpm
@@ -0,0 +1,21 @@
+/var/opt/rh/rh-php72/log/php-fpm/error.log {
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
+
+/var/opt/rh/rh-php72/log/php-fpm/www-*log {
+ su apache apache
+ create 600 apache apache
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /bin/kill -SIGUSR1 `cat /var/opt/rh/rh-php72/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+ endscript
+}
diff --git a/roles/build/templates/misp/Dockerfile.j2 b/roles/build/templates/misp/Dockerfile.j2
index b99d2a8..3b2ce45 100644
--- a/roles/build/templates/misp/Dockerfile.j2
+++ b/roles/build/templates/misp/Dockerfile.j2
@@ -76,9 +76,11 @@ RUN chown -R apache:apache /var/www/MISP ; \
chmod -R g+ws /var/www/MISP/app/files ; \
chmod -R g+ws /var/www/MISP/app/files/scripts/tmp
+COPY misp_rh-php72-php-fpm /etc/logrotate.d/rh-php72-php-fpm
+
# 80/443 - MISP web server, 3306 - mysql, 6379 - redis, 6666 - MISP modules, 50000 - MISP ZeroMQ
EXPOSE 80 443 6443 6379 6666 50000
COPY mispsupervisord.conf /etc/supervisord.conf
-#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/roles/build/templates/misp/supervisord.conf.j2 b/roles/build/templates/misp/supervisord.conf.j2
index fbd4dea..ee1e0c4 100644
--- a/roles/build/templates/misp/supervisord.conf.j2
+++ b/roles/build/templates/misp/supervisord.conf.j2
@@ -1,25 +1,70 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
[supervisord]
-nodaemon=false
+pidfile=/tmp/supervisord.pid
+nodaemon=true
+logfile=/var/log/supervisor/supervisord.log
+logfile_maxbytes=10MB
+logfile_backups=10
+loglevel=info
+childlogdir=/var/log/supervisor/
user=root
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:cron]
+autostart=true
+autorestart=true
+command=crond -n
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/cron_stderr.log
+stdout_logfile = /var/log/supervisor/cron_stdout.log
+
[program:php-fpm]
# EnvironmentFile=/etc/opt/rh/rh-php72/sysconfig/php-fpm
command=/opt/rh/rh-php72/root/usr/sbin/php-fpm --nodaemonize
+autostart=false
+autorestart=true
[program:redis-server]
process_name = redis-server
directory = /var/opt/rh/rh-redis32/lib/redis/
command=/opt/rh/rh-redis32/root/usr/bin/redis-server /etc/opt/rh/rh-redis32/redis.conf
user=redis
+autostart=false
+autorestart=true
[program:apache2]
command=/usr/sbin/httpd -DFOREGROUND
+autostart=false
+autorestart=true
[program:misp-modules]
command=/bin/bash -c "/usr/local/bin/misp-modules -l '0.0.0.0' -s"
user = apache
+autostart=false
+autorestart=unexpected
startsecs = 0
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/misp-modules_stderr.log
+stdout_logfile = /var/log/supervisor/misp-modules_stdout.log
[program:workers]
command=/bin/bash /var/www/MISP/app/Console/worker/start.sh
user=apache
+autostart=false
+autorestart=unexpected
+logfile_maxbytes=10MB
+stdout_logfile_backups = 0
+stderr_logfile_backups = 0
+stderr_logfile = /var/log/supervisor/workers_stderr.log
+stdout_logfile = /var/log/supervisor/workers_stdout.log
diff --git a/roles/docker/tasks/misp.yml b/roles/docker/tasks/misp.yml
index 34a42ad..18520a1 100644
--- a/roles/docker/tasks/misp.yml
+++ b/roles/docker/tasks/misp.yml
@@ -8,8 +8,6 @@
networks:
- name: "{{ soctools_netname}}"
networks_cli_compatible: yes
- entrypoint: "/bin/bash"
- interactive: "yes"
published_ports:
- "6443:6443"
tags:
diff --git a/roles/misp/tasks/main.yml b/roles/misp/tasks/main.yml
index 826e9dc..773273d 100644
--- a/roles/misp/tasks/main.yml
+++ b/roles/misp/tasks/main.yml
@@ -52,8 +52,8 @@
tags:
- start
-- name: Start MISP
- command: "/usr/bin/supervisord -c /etc/supervisord.conf"
+- name: Start MISP Services
+ command: "supervisorctl start all"
tags:
- start
diff --git a/soctools-inventory b/soctools-inventory
index 616f34a..d80ce10 100644
--- a/soctools-inventory
+++ b/soctools-inventory
@@ -43,6 +43,6 @@ dsoclab-odfe-2 ansible_connection=docker FILEBEAT_FILES='["/usr/share/elasticsea
dsoclab-kibana ansible_connection=docker FILEBEAT_FILES='["/usr/share/kibana/kblog"]' FILEBEAT_LOG_TYPE="kibana" FILEBEAT_LOG_FORMAT="text"
#dsoclab-keycloak ansible_connection=docker FILEBEAT_FILES='[""]'
dsoclab-mysql ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-mariadb103/log/mariadb/mariadb.log"]' FILEBEAT_LOG_TYPE="mysql" FILEBEAT_LOG_FORMAT="text"
-#dsoclab-misp ansible_connection=docker FILEBEAT_FILES='[""]'
+dsoclab-misp ansible_connection=docker FILEBEAT_FILES='["/var/opt/rh/rh-php72/log/php-fpm/*.log","/var/opt/rh/rh-redis32/log/redis/redis.log","/var/log/httpd/*log","/var/log/supervisor/*.log"]' FILEBEAT_LOG_TYPE="misp" FILEBEAT_LOG_FORMAT="text"
dsoclab-haproxy ansible_connection=docker FILEBEAT_SYSLOG_PORT=9000 FILEBEAT_LOG_TYPE="haproxy" FILEBEAT_LOG_FORMAT="text"
#dsoclab-zookeeper ansible_connection=docker FILEBEAT_FILES='[""]'
--
GitLab