feat(monitoring): resolve Loki-stack syslog ingestion with rsyslog filter fix

Fixed critical issue preventing UniFi router logs from reaching Loki/Promtail/Grafana.

Root Cause:
- rsyslog filter in /etc/rsyslog.d/unifi-router.conf filtered for 192.168.1.1
- VM 101 on VLAN 2, actual source IP is 192.168.2.1 (VLAN 2 gateway)
- Filter silently rejected all incoming syslog traffic

Solution:
- Updated rsyslog filter from 192.168.1.1 to 192.168.2.1
- Logs now flow: UniFi → rsyslog → Promtail → Loki → Grafana

Changes:
- Add services/loki-stack/* - Complete Loki/Promtail/Grafana stack configs
- Add services/logward/* - Logward service configuration
- Update troubleshooting/loki-stack-bugfix.md - Complete 5-phase resolution
- Update CLAUDE_STATUS.md - Document 2025-12-11 resolution
- Update sub-agents/scribe.md - Agent improvements
- Remove services/promtail-config.yml - Duplicate file cleanup

Status: ✅ Monitoring stack fully operational, syslog ingestion active

Technical Details: See troubleshooting/loki-stack-bugfix.md for complete analysis

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

services/loki-stack/docker-compose.yml

@@ -0,0 +1,33 @@
+
+version: '3.8'
+
+services:
+  loki:
+    image: grafana/loki:latest
+    container_name: loki
+    ports:
+      - "3100:3100"
+    volumes:
+      - /home/server-admin/loki-stack/loki-config.yaml:/etc/loki/local-config.yaml
+    command: -config.file=/etc/loki/local-config.yaml
+    networks:
+      - monitoring-net
+    restart: unless-stopped
+
+  promtail:
+    image: grafana/promtail:latest
+    container_name: promtail
+    volumes:
+      - /home/server-admin/loki-stack/promtail-config.yaml:/etc/promtail/config.yaml
+    ports:
+      - "1514:1514"     # Syslog port exposed to the host
+      - "9080:9080"
+    command: -config.file=/etc/promtail/config.yaml
+    networks:
+      - monitoring-net
+    restart: unless-stopped
+
+networks:
+  monitoring-net:
+    external: true
+