adm01 i can haz rsyslog and an ssd!

2021-02-17 21:30:34 +01:00
parent f60cbb6117
commit a10b2ccd91
10 changed files with 167 additions and 8 deletions
--- a/base/rsyslog/files/logrotate-server.conf
+++ b/base/rsyslog/files/logrotate-server.conf
@@ -0,0 +1,39 @@
+/data/logs/*/syslog
+{
+        rotate 10 
+        daily
+        minsize 50M
+        missingok
+        notifempty
+        delaycompress
+        compress
+        postrotate
+                invoke-rc.d rsyslog rotate > /dev/null
+        endscript
+}
+
+/data/logs/*/mail.info
+/data/logs/*/mail.warn
+/data/logs/*/mail.err
+/data/logs/*/mail.log
+/data/logs/*/daemon.log
+/data/logs/*/kern.log
+/data/logs/*/auth.log
+/data/logs/*/user.log
+/data/logs/*/lpr.log
+/data/logs/*/cron.log
+/data/logs/*/debug
+/data/logs/*/messages
+{
+        rotate 5 
+        daily   
+        minsize 100M
+        missingok
+        notifempty
+        compress
+        delaycompress
+        sharedscripts
+        postrotate
+                invoke-rc.d rsyslog rotate > /dev/null
+        endscript
+}
--- a/base/rsyslog/files/server.conf
+++ b/base/rsyslog/files/server.conf
@@ -0,0 +1,82 @@
+#
+# SALT managed.
+#
+
+# Load UDP module
+$ModLoad imudp
+
+# Load TCP module
+$ModLoad imtcp
+
+# Load RELP module
+$ModLoad imrelp
+
+
+#
+# Use traditional timestamp format.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+
+# Switch to remote ruleset
+$RuleSet remote
+
+
+# Log files are stored in directories matching the short hostname, excluding numbers
+# i.e. web01 web02 and web03 will all log to a the web directory
+
+# Templates
+$Template dynAuditLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/audit.log"
+$Template dynAuthLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/auth.log"
+$Template dynSyslog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/syslog"
+$Template dynCronLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/cron.log"
+$Template dynDaemonLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.log"
+$Template dynKernLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/kern.log"
+$Template dynUserLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/user.log"
+$Template dynMailLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/mail.log"
+$Template dynDebug,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/debug"
+$Template dynMessages,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/messages"
+$Template dynLocal0daemon,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.local0.log"
+
+# Rules
+auth,authpriv.*         ?dynAuthLog
+*.*;auth.none,authpriv.none,mail.none,cron.none,kern.none,user.none,daemon.none     -?dynSyslog
+cron.*              ?dynCronLog
+kern.*              -?dynKernLog
+mail.*              -?dynMailLog
+user.*              -?dynUserLog
+#*.=info;*.=notice;*.=warn;\
+#
+#    auth.none,authpriv.none;\
+#    cron.none,daemon.none;\
+#    mail.none,news.none     -?dynMessages
+#hier gibts drachen / here are dragons
+#if $syslogfacility-text == 'local0' then /var/log/somelog
+
+daemon.*            -?dynDaemonLog
+
+# drachen sind put / dragons borked
+#
+# Special format to keep audit logs as sent.
+$Template auditFormat,"%msg%\n"
+
+# Catch messages from audispd and send to audit log.
+:programname,   isequal,        "audispd"       -?dynAuditLog;auditFormat
+:programname,   isequal,        "audispd"       stop
+
+
+
+# Switch back to default ruleset
+$RuleSet RSYSLOG_DefaultRuleset
+
+$InputUDPServerBindRuleset remote
+$UDPServerRun 514
+$UDPServerAddress *
+
+$InputTCPServerBindRuleset remote
+$InputTCPServerRun 514
+
+$InputRELPServerBindRuleset remote
+$InputRELPServerRun 20514
+
+