From c6f2d26420a102dd601680e2236fd890709bcadd Mon Sep 17 00:00:00 2001
From: Marwolf <cleako@gmail.com>
Date: Fri, 20 Jul 2018 01:16:29 -0400
Subject: [PATCH] Added Splunk Docker capability, log access

---
 .gitignore                                    |  9 +++++
 Splunk/Makefile                               | 12 +++++++
 Splunk/Start_Splunk_Linux_Mac.sh              |  3 ++
 Splunk/Start_Splunk_Windows.cmd               |  5 +++
 Splunk/Stop_Splunk_Linux_Mac.sh               |  3 ++
 Splunk/Stop_Splunk_Windows.cmd                |  5 +++
 .../View_Docker_Container_Logs_Linux_Mac.sh   |  3 ++
 Splunk/View_Docker_Container_Logs_Windows.cmd |  5 +++
 Splunk/docker-compose.yml                     | 25 ++++++++++++++
 Splunk/opt-splunk-etc/empty                   |  0
 Splunk/opt-splunk-var/empty                   |  0
 docker-compose.yml                            | 33 +++++++++++++++++++
 etc/nginx/logs/empty                          |  0
 13 files changed, 103 insertions(+)
 create mode 100644 Splunk/Makefile
 create mode 100755 Splunk/Start_Splunk_Linux_Mac.sh
 create mode 100644 Splunk/Start_Splunk_Windows.cmd
 create mode 100755 Splunk/Stop_Splunk_Linux_Mac.sh
 create mode 100644 Splunk/Stop_Splunk_Windows.cmd
 create mode 100755 Splunk/View_Docker_Container_Logs_Linux_Mac.sh
 create mode 100644 Splunk/View_Docker_Container_Logs_Windows.cmd
 create mode 100644 Splunk/docker-compose.yml
 create mode 100644 Splunk/opt-splunk-etc/empty
 create mode 100644 Splunk/opt-splunk-var/empty
 create mode 100644 etc/nginx/logs/empty

diff --git a/.gitignore b/.gitignore
index bde9737..56fed15 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,12 @@ data
 etc/ssl/
 
 get-docker\.sh
+
+etc/nginx/logs/*
+!etc/nginx/logs/empty
+
+Splunk/opt-splunk-etc/*
+!Splunk/opt-splunk-etc/empty
+
+Splunk/opt-splunk-var/*
+!Splunk/opt-splunk-var/empty
diff --git a/Splunk/Makefile b/Splunk/Makefile
new file mode 100644
index 0000000..c2c33da
--- /dev/null
+++ b/Splunk/Makefile
@@ -0,0 +1,12 @@
+start:
+	docker-compose up -d
+
+stop:
+	@docker-compose down -v
+
+restart:
+	@docker-compose down -v
+	docker-compose up -d
+
+logs:
+	@docker-compose logs -f
\ No newline at end of file
diff --git a/Splunk/Start_Splunk_Linux_Mac.sh b/Splunk/Start_Splunk_Linux_Mac.sh
new file mode 100755
index 0000000..bcbd675
--- /dev/null
+++ b/Splunk/Start_Splunk_Linux_Mac.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo make start
diff --git a/Splunk/Start_Splunk_Windows.cmd b/Splunk/Start_Splunk_Windows.cmd
new file mode 100644
index 0000000..b38dbc5
--- /dev/null
+++ b/Splunk/Start_Splunk_Windows.cmd
@@ -0,0 +1,5 @@
+
@echo off
+echo:
+make start
+echo:
+pause
diff --git a/Splunk/Stop_Splunk_Linux_Mac.sh b/Splunk/Stop_Splunk_Linux_Mac.sh
new file mode 100755
index 0000000..040599f
--- /dev/null
+++ b/Splunk/Stop_Splunk_Linux_Mac.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo make stop
diff --git a/Splunk/Stop_Splunk_Windows.cmd b/Splunk/Stop_Splunk_Windows.cmd
new file mode 100644
index 0000000..515b730
--- /dev/null
+++ b/Splunk/Stop_Splunk_Windows.cmd
@@ -0,0 +1,5 @@
+
@echo off
+echo:
+make stop
+echo:
+pause
diff --git a/Splunk/View_Docker_Container_Logs_Linux_Mac.sh b/Splunk/View_Docker_Container_Logs_Linux_Mac.sh
new file mode 100755
index 0000000..07709aa
--- /dev/null
+++ b/Splunk/View_Docker_Container_Logs_Linux_Mac.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+sudo make logs
diff --git a/Splunk/View_Docker_Container_Logs_Windows.cmd b/Splunk/View_Docker_Container_Logs_Windows.cmd
new file mode 100644
index 0000000..19a5d67
--- /dev/null
+++ b/Splunk/View_Docker_Container_Logs_Windows.cmd
@@ -0,0 +1,5 @@
+
@echo off
+echo:
+make logs
+echo:
+pause
diff --git a/Splunk/docker-compose.yml b/Splunk/docker-compose.yml
new file mode 100644
index 0000000..999181e
--- /dev/null
+++ b/Splunk/docker-compose.yml
@@ -0,0 +1,25 @@
+version: '3'
+
+volumes:
+    opt-splunk-etc:
+    opt-splunk-var:
+
+services:
+    splunk:
+        hostname: splunk
+        image: splunk/splunk:latest
+        environment:
+            SPLUNK_START_ARGS: --accept-license --answer-yes --seed-passwd defaultpassword
+            OPTIMISTIC_ABOUT_FILE_LOCKING: '1'
+            SPLUNK_ENABLE_LISTEN: 9997
+            SPLUNK_ADD: tcp 1514
+        ports:
+            - "8000:8000" #Splunk Web interface
+            - "9997:9997" #Splunk receiving Port (not used by default) typically used by the Splunk Universal Forwarder
+            - "8088:8088" #HTTP Event Collector
+            - "1514:1514" #Network Input (not used by default) typically used to collect syslog TCP data
+        volumes:
+            - "../:/home/Docker-Home"
+            - "../etc/nginx/logs:/home/nginx-logs"
+            - "./opt-splunk-etc:/opt/splunk/etc"
+            - "./opt-splunk-var:/opt/splunk/var"
diff --git a/Splunk/opt-splunk-etc/empty b/Splunk/opt-splunk-etc/empty
new file mode 100644
index 0000000..e69de29
diff --git a/Splunk/opt-splunk-var/empty b/Splunk/opt-splunk-var/empty
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose.yml b/docker-compose.yml
index f808e1f..45472eb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,6 +7,7 @@ services:
             - "./etc/ssl:/etc/ssl"
             - "./Website:/var/www/html/public"
             - "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
+            - "./etc/nginx/logs:/var/log/nginx"
         ports:
             - "80:80"
             - "443:443"
@@ -14,6 +15,14 @@ services:
             - NGINX_HOST=${NGINX_HOST}
         command: /bin/sh -c "envsubst '$$NGINX_HOST' < /etc/nginx/conf.d/default.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
         restart: always
+#        logging:
+#            driver: splunk
+#            options:
+#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
+#                splunk-url: "https://127.0.0.1:8088"
+#                splunk-insecureskipverify: "true"
+#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
+#                labels: "Nginx"
         depends_on:
             - php
             - mysqldb
@@ -23,6 +32,14 @@ services:
         volumes:
             - "./etc/php/php.ini:/usr/local/etc/php/conf.d/php.ini"
             - "./Website:/var/www/html/public"
+#        logging:
+#            driver: splunk
+#            options:
+#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
+#                splunk-url: "https://127.0.0.1:8088"
+#                splunk-insecureskipverify: "true"
+#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
+#                labels: "PHP"
     myadmin:
         image: phpmyadmin/phpmyadmin
         container_name: phpmyadmin
@@ -34,6 +51,14 @@ services:
         restart: always
         depends_on:
             - mysqldb
+#        logging:
+#            driver: splunk
+#            options:
+#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
+#                splunk-url: "https://127.0.0.1:8088"
+#                splunk-insecureskipverify: "true"
+#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
+#                labels: "PHPMyAdmin"
     mysqldb:
         image: mariadb:${MARIADB_VERSION}
         container_name: ${MYSQL_HOST}
@@ -50,3 +75,11 @@ services:
         volumes:
             - "./data/db/mysql:/var/lib/mysql"
             - "./etc/mariadb/innodb-fix.cnf:/etc/mysql/conf.d/innodb-fix.cnf"
+#        logging:
+#            driver: splunk
+#            options:
+#                splunk-token: "e1c56fa1-9f7c-4d2c-ba8f-989b15d85008"
+#                splunk-url: "https://127.0.0.1:8088"
+#                splunk-insecureskipverify: "true"
+#                tag: "{{.ImageName}}/{{.Name}}/{{.ID}}"
+#                labels: "MySQL"
diff --git a/etc/nginx/logs/empty b/etc/nginx/logs/empty
new file mode 100644
index 0000000..e69de29