fix: Auto-configure syslog file logging for CrowdSec

OpenWrt uses logd by default which doesn't write to files.
CrowdSec file-based acquisition needs /var/log/messages to exist.

Changes:
- Init script: setup_syslog() configures log_file before each start
- Defaults script: setup_syslog_file() configures at install time
- openwrt-syslog.yaml: Remove non-existent /var/log/syslog reference

The init script sets:
  uci set system.@system[0].log_file='/var/log/messages'
  uci set system.@system[0].log_size='512'

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/secubox-app-crowdsec/files/acquis.d/openwrt-syslog.yaml

@@ -10,10 +10,10 @@
 #   cscli collections install crowdsecurity/linux
 #   cscli parsers install crowdsecurity/syslog-logs
 
-# File-based acquisition for syslog (if log_file is configured)
+# File-based acquisition for syslog
+# The init script configures OpenWrt to write logs to /var/log/messages
 filenames:
   - /var/log/messages
-  - /var/log/syslog
 labels:
   type: syslog
 ---

package/secubox/secubox-app-crowdsec/files/crowdsec.defaults

@@ -232,6 +232,32 @@ EOF
 	fi
 }
 
+# Configure OpenWrt to write logs to file
+setup_syslog_file() {
+	echo "Configuring syslog file logging..."
+
+	local log_file
+	log_file=$(uci -q get system.@system[0].log_file)
+
+	if [ -z "$log_file" ]; then
+		echo "Enabling syslog file logging for CrowdSec acquisition"
+		uci set system.@system[0].log_file='/var/log/messages'
+		uci set system.@system[0].log_size='512'
+		uci commit system
+		/etc/init.d/log restart
+		# Wait for log file to be created
+		sleep 2
+	else
+		echo "Syslog file already configured: $log_file"
+	fi
+
+	# Ensure log file exists
+	if [ ! -f /var/log/messages ]; then
+		touch /var/log/messages
+		chmod 644 /var/log/messages
+	fi
+}
+
 # Detect and configure OpenWrt-specific log sources
 detect_openwrt_logs() {
 	echo "Detecting OpenWrt log sources..."
@@ -291,6 +317,9 @@ main() {
 	# Install Hub collections and parsers
 	install_hub_items
 
+	# Setup syslog file logging (required for file-based acquisition)
+	setup_syslog_file
+
 	# Detect OpenWrt log sources
 	detect_openwrt_logs
 

package/secubox/secubox-app-crowdsec/files/crowdsec.initd

@@ -14,6 +14,31 @@ service_triggers() {
 	procd_add_reload_trigger crowdsec
 }
 
+setup_syslog() {
+	# CrowdSec needs log files to exist for acquisition
+	# OpenWrt uses logd by default which doesn't write to files
+	# Enable file logging so CrowdSec can read from /var/log/messages
+
+	local log_file
+	log_file=$(uci -q get system.@system[0].log_file)
+
+	if [ -z "$log_file" ]; then
+		logger -t crowdsec "Enabling syslog file logging for CrowdSec acquisition"
+		uci set system.@system[0].log_file='/var/log/messages'
+		uci set system.@system[0].log_size='512'
+		uci commit system
+		/etc/init.d/log restart
+		# Wait for log file to be created
+		sleep 2
+	fi
+
+	# Ensure log file exists
+	if [ ! -f /var/log/messages ]; then
+		touch /var/log/messages
+		chmod 644 /var/log/messages
+	fi
+}
+
 init_config() {
 	config_load crowdsec
 	config_get data_dir crowdsec data_dir "${RUNCONFDIR}"
@@ -36,6 +61,7 @@ init_config() {
 }
 
 start_service() {
+	setup_syslog
 	init_config
 
 	procd_open_instance