feat(logs): Phase 4 — zentrales Logsystem /api/v1/logs + /system/logs

Aggregierter Reader für alle EdgeGuard-Service-Journale + audit_log.

internal/services/syslogs/
  - 9 Quellen: edgeguard-api, edgeguard-scheduler, haproxy, squid,
    unbound, chrony, wg-quick@*, ulogd2, audit
  - journalctl --output=json + parser für __REALTIME_TIMESTAMP,
    PRIORITY (0-7 → debug/info/warn/error), MESSAGE, _HOSTNAME
  - audit-Reader nutzt bestehende audit.Repo.ListRecent
  - Concurrent fan-out über alle gewählten Quellen, dann merge-sort
    by Timestamp DESC + cap auf Limit (max 1000)
  - Client-Filter: Level, Grep (case-insensitive über message +
    actor + action + subject)

internal/handlers/logs.go:
  GET /api/v1/logs            — Filter via Query-Params
  GET /api/v1/logs/sources    — statische Quellen-Liste fürs UI

postinst: edgeguard → systemd-journal + adm Gruppen, damit
journalctl ohne sudo lesen kann. Verifiziert auf der Box: id zeigt
`groups=adm,systemd-journal,haproxy,edgeguard`.

UI: management-ui/src/pages/Logs — Multi-Source-Select, Level-Color-
Tags, Time-Range-Picker, Volltext-Suche, Auto-Refresh 5s (Toggle),
CSV-Export. Sidebar-Eintrag "Logs" unter System (FileSearchOutlined).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

cmd/edgeguard-api/main.go

@@ -37,6 +37,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/domains"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/firewall"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/firewalllog"
+	"git.netcell-it.de/projekte/edgeguard-native/internal/services/syslogs"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/forwardproxy"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/ipaddresses"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/networkifs"
@@ -49,7 +50,7 @@ import (
 	wgsvc "git.netcell-it.de/projekte/edgeguard-native/internal/services/wireguard"
 )
 
-var version = "1.0.61"
+var version = "1.0.62"
 
 func main() {
 	addr := os.Getenv("EDGEGUARD_API_ADDR")
@@ -190,6 +191,9 @@ func main() {
 		fwLogTailer := firewalllog.NewTailer(firewalllog.DefaultLogPath, 1000)
 		handlers.StartFirewallLogTailer(context.Background(), fwLogTailer)
 		handlers.NewFirewallLogHandler(fwLogTailer, firewalllog.DefaultLogPath).Register(authed)
+
+		// /logs (Phase 4): aggregierter Reader für journalctl + audit_log
+		handlers.NewLogsHandler(syslogs.New(auditRepo)).Register(authed)
 		handlers.NewTLSCertsHandler(tlsRepo, auditRepo, nodeID, acmeService).Register(authed)
 		// Firewall reload: nach jeder Mutation den Renderer neu fahren
 		// (writes ruleset.nft + sudo nft -f). Errors loggen, nicht failen.

cmd/edgeguard-ctl/main.go

@@ -9,7 +9,7 @@ import (
 	"os"
 )
 
-var version = "1.0.61"
+var version = "1.0.62"
 
 const usage = `edgeguard-ctl — EdgeGuard CLI
 

cmd/edgeguard-scheduler/main.go

@@ -24,7 +24,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts"
 )
 
-var version = "1.0.61"
+var version = "1.0.62"
 
 const (
 	// renewTickInterval — how often we re-evaluate expiring certs.