Stats
Actions
Tags
From cortex
Deploy rsyslog forwarding drop-ins to configured fleet hosts over SSH. Use when configuring fleet forwarding, repairing missing rsyslog forwarding, or updating forwarding after server_url or syslog port changes.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cortex:cortex-deploy-dropinsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Install or update `/etc/rsyslog.d/99-cortex.conf` on each configured fleet host.
Install or update /etc/rsyslog.d/99-cortex.conf on each configured fleet host.
Verify before changing hosts:
fleet_hosts work without prompting.Skip devices that cannot be configured through SSH and rsyslog, such as UniFi, Mikrotik, ISP routers, or hosts running syslog-ng or other non-rsyslog forwarders. Point the user to docs/SETUP.md for those.
Parse the host portion from $CLAUDE_PLUGIN_OPTION_SERVER_URL. If it is localhost or 127.0.0.1, stop and ask for a routable hostname or IP because fleet hosts cannot forward to localhost.
Call the resolved value FORWARD_TARGET.
Resolve the externally reachable port as:
FORWARD_PORT="${CLAUDE_PLUGIN_OPTION_SYSLOG_HOST_PORT:-${CLAUDE_PLUGIN_OPTION_SYSLOG_PORT:-1514}}"
Use CLAUDE_PLUGIN_OPTION_SYSLOG_HOST_PORT when Docker publishes a host port that differs from the container's internal syslog port. The endpoint is FORWARD_TARGET:FORWARD_PORT.
Write this file on each host, using the resolved target and port:
# Avoid feeding cortex/rsyslog internal logs back into cortex.
if ($programname == "syslog" or $programname == "rsyslogd") then stop
*.* @@<FORWARD_TARGET>:<FORWARD_PORT>
Use @@ for TCP. Use single @ only when a host cannot send TCP.
For each host in $CLAUDE_PLUGIN_OPTION_FLEET_HOSTS (split comma-separated or newline-rendered values and ignore blanks):
Test SSH:
ssh -o BatchMode=yes -o ConnectTimeout=5 <host> true
On SSH failure: skip this host, mark it as FAILED (SSH unreachable) in the report, and continue to the next host.
Build and write the drop-in. Do not run an example that contains literal FORWARD_TARGET or CORTEX_RECEIVER_PORT placeholders:
target_line="*.* @@${FORWARD_TARGET}:${FORWARD_PORT}"
dropin_content="$(printf '%s\n' \
'# Avoid feeding cortex/rsyslog internal logs back into cortex.' \
'if ($programname == "syslog" or $programname == "rsyslogd") then stop' \
"$target_line")"
printf '%s\n' "$dropin_content" | ssh <host> "sudo tee /etc/rsyslog.d/99-cortex.conf >/dev/null"
Restart rsyslog:
ssh <host> "sudo systemctl restart rsyslog"
Verify rsyslog:
ssh <host> "systemctl is-active rsyslog"
Print a table:
| Host | Drop-in Deployed | rsyslog Restarted | Status |
|---|---|---|---|
| host | yes/no | yes/no | active/failed |
Tell the user to run cortex-dr after a few seconds to confirm log flow, or bash scripts/smoke-test.sh for full validation.
npx claudepluginhub jmagar/dendrite --plugin cortexCreates, edits, and optimizes skills for Claude Code, including drafting, evaluating with test prompts, iterating on performance, and improving skill descriptions for better triggering accuracy.