fix(rpm): example config in /etc/logcorrelator + socket permissions 0666

- Install logcorrelator.yml.example to /etc/logcorrelator/ instead of /usr/share/logcorrelator/
- Change default socket permissions from 0660 to 0666 (world read/write)
- Bump version to 1.1.2
- Remove CHANGELOG.md

Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>

CHANGELOG.md

@@ -1,176 +0,0 @@
-# Changelog
-
-All notable changes to logcorrelator are documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-## [1.1.0] - 2026-03-02
-
-### Added
-
-- **Keep-Alive support**: One-to-many correlation mode allows a single network event (B) to correlate with multiple HTTP events (A)
-- **Dynamic TTL**: Network events (source B) now have configurable TTL that resets on each successful correlation
-- **Separate buffer sizes**: Configurable `max_http_items` and `max_network_items` for independent buffer control
-- **SIGHUP handling**: Service now handles SIGHUP signal for log rotation without restart
-- **logrotate configuration**: RPM includes `/etc/logrotate.d/logcorrelator` for automatic log rotation
-- **ExecReload**: Systemd service now supports `systemctl reload logcorrelator`
-
-### Changed
-
-- **Configuration structure**: New YAML structure with nested sections:
-  - `time_window` (object with `value` and `unit`)
-  - `orphan_policy` (object with `apache_always_emit` and `network_emit`)
-  - `matching.mode` (string: `one_to_one` or `one_to_many`)
-  - `buffers` (object with `max_http_items` and `max_network_items`)
-  - `ttl` (object with `network_ttl_s`)
-- Backward compatibility maintained for old config fields (`time_window_s`, `emit_orphans`)
-
-### Technical Details
-
-- `CorrelationService` now supports `MatchingMode` configuration
-- Network events tracked with individual TTL expiration times
-- `FileSink.Reopen()` method for log file rotation
-- All sinks implement `Reopen()` interface method
-
----
-
-## [1.0.7] - 2026-03-01
-
-### Added
-
-- Log levels: DEBUG, INFO, WARN, ERROR configurable via `log.level`
-- `Warn` and `Warnf` methods for warning messages
-- Debug logs for events received from sockets and correlations
-- Warning logs for orphan events and buffer overflow
-
-### Changed
-
-- Configuration: `debug.enabled` replaced by `log.level` (DEBUG/INFO/WARN/ERROR)
-- Orphan events and buffer overflow now logged as WARN instead of DEBUG
-- Parse errors logged as WARN
-
----
-
-## [1.0.6] - 2026-03-01
-
-### Changed
-
-- Configuration YAML simplified: removed `service.name`, `service.language`, `enabled` flags
-- Correlation config simplified: `time_window_s` (integer) instead of nested `time_window` object
-- Orphan policy simplified: `emit_orphans` boolean instead of `orphan_policy` object
-- Apache socket renamed to `http.socket`
-
-### Added
-
-- `socket_permissions` option on unix sockets to configure file permissions (default: `0660`)
-
----
-
-## [1.0.4] - 2026-03-01
-
-### Added
-
-- Systemd service auto-start after RPM installation
-- Systemd service hardening (TimeoutStartSec, TimeoutStopSec, ReadWritePaths)
-
-### Fixed
-
-- Systemd service unit: correct config path (.yml instead of .conf)
-- CI workflow: branch name main → master
-- Go module dependencies cleanup (go mod tidy)
-
-### Changed
-
-- RPM packaging: generic el8/el9/el10 directory naming (instead of rocky/almalinux)
-- Code cleanup: removed unused CorrelationKeyFull() alias
-- Code cleanup: removed duplicate TimeProvider interface from ports package
-
----
-
-## [1.0.3] - 2026-02-28
-
-### Changed
-
-- **Breaking**: Flattened JSON output structure - removed `apache` and `network` subdivisions
-- All log fields are now merged into a single-level JSON structure for easier parsing
-- ClickHouse schema updated: replaced `apache JSON` and `network JSON` columns with single `fields JSON` column
-
-### Technical Details
-
-- Custom `MarshalJSON()` implementation flattens all fields at the root level
-- Backward compatibility: existing ClickHouse tables need schema migration to use `fields JSON` column
-
----
-
-## [1.0.2] - 2026-02-28
-
-### Fixed
-
-- **Critical**: Added missing ClickHouse driver dependency (`github.com/ClickHouse/clickhouse-go/v2`)
-- **Critical**: Fixed race condition in orchestrator - reduced from two goroutines to one per source
-- **Security**: Added explicit `source_type` configuration for Unix socket sources to prevent source detection spoofing
-
-### Changed
-
-- Unix socket sources now support explicit `source_type` field in configuration:
-  - `"A"` or `"apache"` or `"http"` for Apache/HTTP logs
-  - `"B"` or `"network"` or `"net"` for network logs
-  - Empty string `""` for automatic detection (backward compatible)
-- Updated example configuration (`config.example.yml`) with `source_type` documentation
-
-### Added
-
-- Comprehensive test suite improvements:
-  - Added tests for source type detection (explicit + auto-detect fallback)
-  - Added tests for config validation (duplicate names/paths, empty fields, ClickHouse settings)
-  - Added tests for helper functions (`getString`, `getInt`, `getInt64`)
-  - Added tests for port validation in JSON parsing
-  - Added tests for MultiSink Flush/Close operations
-  - Added tests for FileSink path validation and file operations
-  - Added tests for CorrelationService buffer management and flush behavior
-- Test coverage improved from 50.6% to 62.0%
-- All tests now pass with race detector enabled
-
-### Technical Debt
-
-- Fixed unused variable in `TestCorrelationService_FlushWithEvents`
-- Added proper error handling for buffer overflow scenarios
-- Improved code documentation in configuration examples
-
----
-
-## [1.0.1] - 2026-02-28
-
-### Added
-
-- Initial RPM packaging support for Rocky Linux 8/9 and AlmaLinux 10
-- Docker multi-stage build pipeline
-- Hexagonal architecture implementation
-- Unix socket input sources (JSON line protocol)
-- File output sink (JSON lines)
-- ClickHouse output sink with batching and retry logic
-- MultiSink for fan-out to multiple destinations
-- Time-window based correlation on `src_ip + src_port`
-- Graceful shutdown with signal handling (SIGINT, SIGTERM)
-- Configuration validation with sensible defaults
-- Basic observability (structured logging to stderr)
-
-### Configuration
-
-- YAML-based configuration file
-- Support for multiple Unix socket inputs
-- Configurable time window for correlation
-- Orphan event policy (Apache always emit, Network drop)
-- ClickHouse batch size, flush interval, and buffer configuration
-
----
-
-## [1.0.0] - 2026-02-27
-
-### Added
-
-- Initial release
-- Core correlation engine
-- Basic HTTP and network log parsing
-- File-based output

Dockerfile.package

@@ -46,7 +46,7 @@ RUN dnf install -y epel-release && \
 # Copy binary from builder
 COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator
 COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml
-COPY --from=builder /build/config.example.yml /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example
+COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example
 COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service
 COPY --from=builder /build/CHANGELOG.md /tmp/pkgroot/usr/share/doc/logcorrelator/CHANGELOG.md
 COPY packaging/rpm/post /tmp/scripts/post
@@ -61,7 +61,7 @@ RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \
     mkdir -p /tmp/pkgroot/usr/share/doc/logcorrelator && \
     chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \
     chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \
-    chmod 640 /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example && \
+    chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \
     chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \
     chmod 755 /tmp/scripts/* && \
     chmod 755 /tmp/pkgroot/var/log/logcorrelator && \
@@ -88,7 +88,7 @@ RUN mkdir -p /packages/rpm/el8 && \
     -p /packages/rpm/el8/logcorrelator-${VERSION}-1.el8.x86_64.rpm \
     usr/bin/logcorrelator \
     etc/logcorrelator/logcorrelator.yml \
-    usr/share/logcorrelator/logcorrelator.yml.example \
+    etc/logcorrelator/logcorrelator.yml.example \
     usr/share/doc/logcorrelator/CHANGELOG.md \
     var/log/logcorrelator \
     var/run/logcorrelator \
@@ -111,7 +111,7 @@ RUN dnf install -y epel-release && \
 # Copy binary from builder
 COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator
 COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml
-COPY --from=builder /build/config.example.yml /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example
+COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example
 COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service
 COPY --from=builder /build/CHANGELOG.md /tmp/pkgroot/usr/share/doc/logcorrelator/CHANGELOG.md
 COPY packaging/rpm/post /tmp/scripts/post
@@ -126,7 +126,7 @@ RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \
     mkdir -p /tmp/pkgroot/usr/share/doc/logcorrelator && \
     chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \
     chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \
-    chmod 640 /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example && \
+    chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \
     chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \
     chmod 755 /tmp/scripts/* && \
     chmod 755 /tmp/pkgroot/var/log/logcorrelator && \
@@ -153,7 +153,7 @@ RUN mkdir -p /packages/rpm/el9 && \
     -p /packages/rpm/el9/logcorrelator-${VERSION}-1.el9.x86_64.rpm \
     usr/bin/logcorrelator \
     etc/logcorrelator/logcorrelator.yml \
-    usr/share/logcorrelator/logcorrelator.yml.example \
+    etc/logcorrelator/logcorrelator.yml.example \
     usr/share/doc/logcorrelator/CHANGELOG.md \
     var/log/logcorrelator \
     var/run/logcorrelator \
@@ -176,7 +176,7 @@ RUN dnf install -y epel-release && \
 # Copy binary from builder
 COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator
 COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml
-COPY --from=builder /build/config.example.yml /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example
+COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example
 COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service
 COPY --from=builder /build/CHANGELOG.md /tmp/pkgroot/usr/share/doc/logcorrelator/CHANGELOG.md
 COPY packaging/rpm/post /tmp/scripts/post
@@ -191,7 +191,7 @@ RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \
     mkdir -p /tmp/pkgroot/usr/share/doc/logcorrelator && \
     chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \
     chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \
-    chmod 640 /tmp/pkgroot/usr/share/logcorrelator/logcorrelator.yml.example && \
+    chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \
     chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \
     chmod 755 /tmp/scripts/* && \
     chmod 755 /tmp/pkgroot/var/log/logcorrelator && \
@@ -218,7 +218,7 @@ RUN mkdir -p /packages/rpm/el10 && \
     -p /packages/rpm/el10/logcorrelator-${VERSION}-1.el10.x86_64.rpm \
     usr/bin/logcorrelator \
     etc/logcorrelator/logcorrelator.yml \
-    usr/share/logcorrelator/logcorrelator.yml.example \
+    etc/logcorrelator/logcorrelator.yml.example \
     usr/share/doc/logcorrelator/CHANGELOG.md \
     var/log/logcorrelator \
     var/run/logcorrelator \

Makefile

@@ -15,7 +15,7 @@ BINARY_NAME=logcorrelator
 DIST_DIR=dist
 
 # Package version
-PKG_VERSION ?= 1.1.1
+PKG_VERSION ?= 1.1.2
 
 ## build: Build the logcorrelator binary locally
 build:

config.example.yml

@@ -11,12 +11,12 @@ inputs:
       source_type: A
       path: /var/run/logcorrelator/http.socket
       format: json
-      socket_permissions: "0660"  # owner + group read/write
+      socket_permissions: "0666"  # world read/write
     - name: network
       source_type: B
       path: /var/run/logcorrelator/network.socket
       format: json
-      socket_permissions: "0660"
+      socket_permissions: "0666"
 
 outputs:
   file:

internal/adapters/inbound/unixsocket/source.go

@@ -93,7 +93,7 @@ func (s *UnixSocketSource) Start(ctx context.Context, eventChan chan<- *domain.N
 	// Set permissions - fail if we can't
 	permissions := s.config.SocketPermissions
 	if permissions == 0 {
-		permissions = 0660 // default
+		permissions = 0666 // default
 	}
 	if err := os.Chmod(s.config.Path, permissions); err != nil {
 		_ = listener.Close()

internal/config/config.go

@@ -316,17 +316,17 @@ func (c *CorrelationConfig) GetNetworkTTLS() int {
 }
 
 // GetSocketPermissions returns the socket permissions as os.FileMode.
-// Default is 0660 (owner + group read/write).
+// Default is 0666 (world read/write).
 func (c *UnixSocketConfig) GetSocketPermissions() os.FileMode {
 	trimmed := strings.TrimSpace(c.SocketPermissions)
 	if trimmed == "" {
-		return 0660
+		return 0666
 	}
 
 	// Parse octal string (e.g., "0660", "660", "0666")
 	perms, err := strconv.ParseUint(trimmed, 8, 32)
 	if err != nil {
-		return 0660
+		return 0666
 	}
 
 	return os.FileMode(perms)

internal/config/config_test.go

@@ -433,7 +433,7 @@ func TestGetSocketPermissions(t *testing.T) {
 			config: UnixSocketConfig{
 				SocketPermissions: "",
 			},
-			expected: 0660,
+			expected: 0666,
 		},
 		{
 			name: "explicit 0660",
@@ -461,7 +461,7 @@ func TestGetSocketPermissions(t *testing.T) {
 			config: UnixSocketConfig{
 				SocketPermissions: "invalid",
 			},
-			expected: 0660,
+			expected: 0666,
 		},
 	}
 

packaging/rpm/logcorrelator.spec

@@ -2,7 +2,7 @@
 # Compatible with CentOS 7, Rocky Linux 8, 9, 10
 
 # Define version before Version: field for RPM macro support
-%global spec_version 1.1.1
+%global spec_version 1.1.2
 
 Name:           logcorrelator
 Version:        %{spec_version}
@@ -120,6 +120,10 @@ fi
 /etc/logrotate.d/logcorrelator
 
 %changelog
+* Mon Mar 02 2026 logcorrelator <dev@example.com> - 1.1.2-1
+- Fix: Example config file installed to /etc/logcorrelator/logcorrelator.yml.example
+- Change: Default socket permissions from 0660 to 0666 (world read/write)
+
 * Mon Mar 02 2026 logcorrelator <dev@example.com> - 1.1.1-1
 - Fix: Move logcorrelator.yml.example from /usr/share/logcorrelator/ to /etc/logcorrelator/