# Use the rsyslog base image
FROM rsyslog/syslog_appliance_alpine

# Install Python and dateutil
RUN apk add --update --no-cache python3 py3-dateutil

# Configure rsyslog to listen for incoming logs
COPY ./app/rsyslog.conf /etc/rsyslog.conf

#Configure observables extractors
RUN mkdir /var/log/observables

# Copy the collector script into the container
COPY ./app/collector.py /usr/local/bin/collector.py

# Create a crontab file and add a job that runs the collector every minute
RUN (crontab -l 2>/dev/null; echo "*/1 * * * * /usr/bin/python3 /usr/local/bin/collector.py >> /var/log/observable.log 2>&1") | crontab -

# Setup crontab
RUN echo -e "#!/bin/ash\n\
crond" > /tmp/starter.tmp && \
sed "1d" /home/appliance/starter.sh >> /tmp/starter.tmp && \
mv /tmp/starter.tmp /home/appliance/starter.sh && \
chmod +x /home/appliance/starter.sh

# Expose the syslog and log files
EXPOSE 514/udp
EXPOSE 514/tcp