|
Theo Chatzimichos |
f46ac3 |
## Managed by Salt
|
|
Theo Chatzimichos |
f46ac3 |
##
|
|
Theo Chatzimichos |
f46ac3 |
## === When you're using remote logging, enable on-disk queues ===
|
|
Theo Chatzimichos |
f46ac3 |
## === in rsyslog.d/remote.conf. When neccesary also set the ===
|
|
Theo Chatzimichos |
f46ac3 |
## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, ===
|
|
Theo Chatzimichos |
f46ac3 |
## === e.g. when rsyslog has to receive on a specific IP only. ===
|
|
Theo Chatzimichos |
f46ac3 |
##
|
|
Theo Chatzimichos |
f46ac3 |
## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules
|
|
Theo Chatzimichos |
f46ac3 |
## (provided in separate rsyslog-module-* packages) are enabled, the
|
|
Theo Chatzimichos |
f46ac3 |
## configuration can't be used on a system with /usr on a remote
|
|
Theo Chatzimichos |
f46ac3 |
## filesystem, except on newer systems where initrd mounts /usr.
|
|
Theo Chatzimichos |
f46ac3 |
## [The modules are linked against libraries installed bellow of
|
|
Theo Chatzimichos |
f46ac3 |
## /usr thus also installed in /usr/lib*/rsyslog because of this.]
|
|
Theo Chatzimichos |
f46ac3 |
##
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
# ######### Enable On-Disk queues for remote logging ##########
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
# An on-disk queue is created for this action. If the remote host is
|
|
Theo Chatzimichos |
f46ac3 |
# down, messages are spooled to disk and sent when it is up again.
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
$WorkDirectory /var/spool/rsyslog # where to place spool files
|
|
Theo Chatzimichos |
f46ac3 |
$ActionQueueFileName uniqName # unique name prefix for spool files
|
|
Theo Chatzimichos |
f46ac3 |
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
|
Theo Chatzimichos |
f46ac3 |
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
|
Theo Chatzimichos |
f46ac3 |
$ActionQueueType LinkedList # run asynchronously
|
|
Theo Chatzimichos |
f46ac3 |
$ActionResumeRetryCount -1 # infinite retries if host is down
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
# ######### Sending Messages to Remote Hosts ##########
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
# Remote Logging using TCP for reliable delivery
|
|
Theo Chatzimichos |
f46ac3 |
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
|
Theo Chatzimichos |
f46ac3 |
{%- set roles = salt['grains.get']('roles', []) %}
|
|
Theo Chatzimichos |
f46ac3 |
{%- if 'syslog' not in roles %}
|
|
Theo Chatzimichos |
f46ac3 |
*.* @@syslog.infra.opensuse.org
|
|
Theo Chatzimichos |
f46ac3 |
{%- endif %}
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
# Remote Logging using UDP
|
|
Theo Chatzimichos |
f46ac3 |
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
|
Theo Chatzimichos |
f46ac3 |
#*.* @remote-host
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
# ######### Receiving Messages from Remote Hosts ##########
|
|
Theo Chatzimichos |
f46ac3 |
# TCP Syslog Server:
|
|
Theo Chatzimichos |
f46ac3 |
# provides TCP syslog reception and GSS-API (if compiled to support it)
|
|
Theo Chatzimichos |
f46ac3 |
#$ModLoad imtcp.so # load module
|
|
Theo Chatzimichos |
f46ac3 |
##$UDPServerAddress 10.10.0.1 # force to listen on this IP only,
|
|
Theo Chatzimichos |
f46ac3 |
## # needs SYSLOG_REQUIRES_NETWORK=yes.
|
|
Theo Chatzimichos |
f46ac3 |
#$InputTCPServerRun <port> # Starts a TCP server on selected port
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
# UDP Syslog Server:
|
|
Theo Chatzimichos |
f46ac3 |
#$ModLoad imudp.so # provides UDP syslog reception
|
|
Theo Chatzimichos |
f46ac3 |
##$UDPServerAddress 10.10.0.1 # force to listen on this IP only,
|
|
Theo Chatzimichos |
f46ac3 |
## # needs SYSLOG_REQUIRES_NETWORK=yes.
|
|
Theo Chatzimichos |
f46ac3 |
#$UDPServerRun 514 # start a UDP syslog server at standard port 514
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
|
|
Theo Chatzimichos |
f46ac3 |
########### Encrypting Syslog Traffic with TLS ##########
|
|
Theo Chatzimichos |
f46ac3 |
# -- TLS Syslog Server:
|
|
Theo Chatzimichos |
f46ac3 |
## make gtls driver the default
|
|
Theo Chatzimichos |
f46ac3 |
#$DefaultNetstreamDriver gtls
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
## certificate files
|
|
Theo Chatzimichos |
f46ac3 |
#$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.pem
|
|
Theo Chatzimichos |
f46ac3 |
#$DefaultNetstreamDriverCertFile /etc/rsyslog.d/server_cert.pem
|
|
Theo Chatzimichos |
f46ac3 |
#$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/server_key.pem
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
#$ModLoad imtcp # load TCP listener
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
|
|
Theo Chatzimichos |
f46ac3 |
#$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated
|
|
Theo Chatzimichos |
f46ac3 |
#$InputTCPServerRun 10514 # start up listener at port 10514
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
# -- TLS Syslog Client:
|
|
Theo Chatzimichos |
f46ac3 |
## certificate files - just CA for a client
|
|
Theo Chatzimichos |
f46ac3 |
#$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.pem
|
|
Theo Chatzimichos |
f46ac3 |
#
|
|
Theo Chatzimichos |
f46ac3 |
## set up the action
|
|
Theo Chatzimichos |
f46ac3 |
#$DefaultNetstreamDriver gtls # use gtls netstream driver
|
|
Theo Chatzimichos |
f46ac3 |
#$ActionSendStreamDriverMode 1 # require TLS for the connection
|
|
Theo Chatzimichos |
f46ac3 |
#$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
|
|
Theo Chatzimichos |
f46ac3 |
#*.* @@(o)server.example.net:10514 # send (all) messages
|
|
Theo Chatzimichos |
f46ac3 |
|