Update container to send logs to stdout

Dockerfile

@@ -20,6 +20,10 @@ RUN apt-get update && apt-get install -y gettext-base curl
 COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb "${WORKDIR}/crowdstrike.deb"
 RUN dpkg -i "${WORKDIR}/crowdstrike.deb"
 
+# Create output + enroll file
+RUN touch /var/log/crowdstrike/falconhoseclient/output
+RUN touch /var/log/crowdstrike/falconhoseclient/enroll
+
 # Prepare a simple user instead of root
 RUN groupadd -g 1000 user && useradd -r -u 1000 -g user user
 RUN chown -R user:user /var/log/crowdstrike/falconhoseclient

cfg/cs.falconhoseclient.cfg.template

@@ -47,7 +47,7 @@ max_size = 500
 # Number of backups of the output file to be stored
 max_backups = 10
 # Maximum age of backup output files before it is deleted in DAYS
-max_age = 30
+max_age = 7
 
 [Logging]
 verbose_log = true
@@ -56,7 +56,7 @@ max_size = 500
 # Number of backups to be stored
 max_backups = 10
 # Maximum age of backup files before it is deleted in DAYS
-max_age = 30
+max_age = 7
 
 [Syslog]
 send_to_syslog_server = false

entrypoint.sh

@@ -3,6 +3,7 @@
 WORKDIR="/home/user"
 CONFIGDIR="/opt/crowdstrike/etc"
 CONFIG="cs.falconhoseclient.cfg"
+LOGDIR="/var/log/crowdstrike/falconhoseclient"
 
 # Read the .env file properties
 F_CLIENT_ID="$(grep CLIENT_ID .env | awk -F'=' '{print $2}')"
@@ -27,10 +28,11 @@ if [ -z "$CLIENT_ID" ] || [ -z "$CLIENT_SECRET" ] || [ -z "$API_BASE_URL" ]; the
   exit 1
 fi
 
-# Sanity echo
-echo "API Base URL: $API_BASE_URL"
-
 # Substitute things properly
 export $(echo "CLIENT_ID=$CLIENT_ID CLIENT_SECRET=$CLIENT_SECRET API_BASE_URL=$API_BASE_URL") && envsubst < "${WORKDIR}/${CONFIG}.template" > "${CONFIGDIR}/${CONFIG}"
 
-cs.falconhoseclient -nodaemon -config="${CONFIGDIR}/${CONFIG}" 2>&1
+# Run this in the background and output the enrollment into a file
+cs.falconhoseclient -nodaemon -config="${CONFIGDIR}/${CONFIG}" >> ${LOGDIR}/enroll 2>&1 &
+
+# Poll the output to stdout
+tail -f ${LOGDIR}/output > /dev/stdout