syslog-deploy-dropinslisted

# Syslog Deploy Drop-ins Install or update `/etc/rsyslog.d/99-syslog-mcp.conf` on each configured fleet host. ## Preconditions Verify before changing hosts: - SSH aliases from `fleet_hosts` work without prompting. - Sudo can write rsyslog config and restart rsyslog. - Each fleet host can route to the syslog-mcp server on the externally reachable syslog port. Skip devices that cannot be configured through SSH and rsyslog, such as UniFi, Mikrotik, ISP routers, or hosts running syslog-ng or other non-rsyslog forwarders. Point the user to `docs/SETUP.md` for those. ## Resolve Target Parse the host portion from `$CLAUDE_PLUGIN_OPTION_SERVER_URL`. If it is `localhost` or `127.0.0.1`, stop and ask for a routable hostname or IP because fleet hosts cannot forward to localhost. Call the resolved value `FORWARD_TARGET`. Resolve the externally reachable port as: ```bash FORWARD_PORT="${CLAUDE_PLUGIN_OPTION_SYSLOG_HOST_PORT:-${CLAUDE_PLUGIN_OPTION_SYSLOG_PORT:-1514}}" ``` Use `CLAUDE_PLUGIN_OPTION_SYSLOG_HOST_PORT` when Docker publishes a host port that differs from the container's internal syslog port. The endpoint is `FORWARD_TARGET:FORWARD_PORT`. ## Drop-in Write this file on each host, using the resolved target and port: ```text # Avoid feeding syslog-mcp/rsyslog internal logs back into syslog-mcp. if ($programname == "syslog" or $programname == "rsyslogd") then stop *.* @@<FORWARD_TARGET>:<FORWARD_PORT> ``` Use `@@` for TCP. Use single `@` only when a host cannot send T