From 0844a05bf0a44c497c74174fac562d3e3e0211a2 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 25 Jan 2014 17:45:38 +0000 Subject: [PATCH] Rework rsyslog stuff. Use default dist /etc/rsyslog.conf, add our stuff to /etc/rsyslog.d --- inventory/group_vars/kernel-qa | 1 - roles/base/files/rsyslog/rsyslog-audit.conf | 13 +++ .../files/rsyslog/rsyslog-disablerate.conf | 3 + roles/base/files/rsyslog/rsyslog-log02.conf | 4 + roles/base/files/rsyslog/rsyslog.conf | 55 ++++------- .../{rsyslog.conf.releng => rsyslog.conf.el6} | 41 ++++---- ...slog.conf.kojibuilder => rsyslog.conf.f20} | 51 +++++----- roles/base/files/rsyslog/rsyslog.conf.phx2 | 97 ------------------- roles/base/tasks/main.yml | 15 ++- 9 files changed, 103 insertions(+), 177 deletions(-) create mode 100644 roles/base/files/rsyslog/rsyslog-audit.conf create mode 100644 roles/base/files/rsyslog/rsyslog-disablerate.conf create mode 100644 roles/base/files/rsyslog/rsyslog-log02.conf rename roles/base/files/rsyslog/{rsyslog.conf.releng => rsyslog.conf.el6} (60%) rename roles/base/files/rsyslog/{rsyslog.conf.kojibuilder => rsyslog.conf.f20} (59%) delete mode 100644 roles/base/files/rsyslog/rsyslog.conf.phx2 diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa index 8e03331925..39e618921d 100644 --- a/inventory/group_vars/kernel-qa +++ b/inventory/group_vars/kernel-qa @@ -1,6 +1,5 @@ --- freezes: true resolvconf: "{{ files }}/resolv.conf/phx2" -rsyslogconf: "{{ files }}/rsyslog/rsyslog.conf.phx2" fas_client_groups: sysadmin-kernel sudoers: "{{ private }}/files/sudo/kernel-qa" diff --git a/roles/base/files/rsyslog/rsyslog-audit.conf b/roles/base/files/rsyslog/rsyslog-audit.conf new file mode 100644 index 0000000000..8e6c2f5b18 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-audit.conf @@ -0,0 +1,13 @@ +# monitor auditd log and send out over local6 to central loghost +$ModLoad imfile.so + +# auditd audit.log +$InputFileName /var/log/audit/audit.log +$InputFileTag tag_audit_log: +$InputFileStateFile audit_log +$InputFileSeverity info +$InputFileFacility local6 +$InputRunFileMonitor + +:msg, !contains, "type=AVC" +local6.* @@log02:514 diff --git a/roles/base/files/rsyslog/rsyslog-disablerate.conf b/roles/base/files/rsyslog/rsyslog-disablerate.conf new file mode 100644 index 0000000000..e7c93530c2 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-disablerate.conf @@ -0,0 +1,3 @@ +# Disable rate limiting +$IMUXSockRateLimitInterval 0 +$SystemLogRateLimitInterval 0 diff --git a/roles/base/files/rsyslog/rsyslog-log02.conf b/roles/base/files/rsyslog/rsyslog-log02.conf new file mode 100644 index 0000000000..8338bfed72 --- /dev/null +++ b/roles/base/files/rsyslog/rsyslog-log02.conf @@ -0,0 +1,4 @@ +# +# Send everything on to central log02 logger machines +# +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 diff --git a/roles/base/files/rsyslog/rsyslog.conf b/roles/base/files/rsyslog/rsyslog.conf index a1d425816f..36cea98f0e 100644 --- a/roles/base/files/rsyslog/rsyslog.conf +++ b/roles/base/files/rsyslog/rsyslog.conf @@ -1,20 +1,20 @@ -#rsyslog v3 config file +# rsyslog v5 configuration file -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception -#$ModLoad imudp.so +#$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception -#$ModLoad imtcp.so +#$ModLoad imtcp #$InputTCPServerRun 514 @@ -23,10 +23,13 @@ $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat -# File syncing capability is disabled by default. This feature is usually not required, +# File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + #### RULES #### @@ -36,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure @@ -57,16 +60,6 @@ uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log -# monitor auditd log and send out over local6 to central loghost -$ModLoad imfile.so - -# auditd audit.log -$InputFileName /var/log/audit/audit.log -$InputFileTag tag_audit_log: -$InputFileStateFile audit_log -$InputFileSeverity info -$InputFileFacility local6 -$InputRunFileMonitor # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding @@ -76,22 +69,12 @@ $InputRunFileMonitor # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down - -# Disable rate limiting -$IMUXSockRateLimitInterval 0 -$SystemLogRateLimitInterval 0 - +#$WorkDirectory /var/lib/rsyslog # where to place spool files +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - -:msg, !contains, "type=AVC" ~ -local6.* @@log02:514 - diff --git a/roles/base/files/rsyslog/rsyslog.conf.releng b/roles/base/files/rsyslog/rsyslog.conf.el6 similarity index 60% rename from roles/base/files/rsyslog/rsyslog.conf.releng rename to roles/base/files/rsyslog/rsyslog.conf.el6 index 2c2852ddd1..36cea98f0e 100644 --- a/roles/base/files/rsyslog/rsyslog.conf.releng +++ b/roles/base/files/rsyslog/rsyslog.conf.el6 @@ -1,20 +1,20 @@ -#rsyslog v3 config file +# rsyslog v5 configuration file -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception -#$ModLoad imudp.so +#$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception -#$ModLoad imtcp.so +#$ModLoad imtcp #$InputTCPServerRun 514 @@ -23,6 +23,14 @@ $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + + #### RULES #### # Log all kernel messages to the console. @@ -31,7 +39,7 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure @@ -52,6 +60,7 @@ uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple @@ -60,14 +69,12 @@ local7.* /var/log/boot.log # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down +#$WorkDirectory /var/lib/rsyslog # where to place spool files +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - diff --git a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder b/roles/base/files/rsyslog/rsyslog.conf.f20 similarity index 59% rename from roles/base/files/rsyslog/rsyslog.conf.kojibuilder rename to roles/base/files/rsyslog/rsyslog.conf.f20 index 9719770987..6972b4d369 100644 --- a/roles/base/files/rsyslog/rsyslog.conf.kojibuilder +++ b/roles/base/files/rsyslog/rsyslog.conf.f20 @@ -1,38 +1,47 @@ -#rsyslog v3 config file +# rsyslog v5 configuration file -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### MODULES #### -$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) -$ModLoad imjournal # provides access to the systemd journal -$ModLoad imklog # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability +# The imjournal module bellow is now used as a message source instead of imuxsock. +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imjournal # provides access to the systemd journal +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability # Provides UDP syslog reception -#$ModLoad imudp.so +#$ModLoad imudp #$UDPServerRun 514 # Provides TCP syslog reception -#$ModLoad imtcp.so +#$ModLoad imtcp #$InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### -# Include all config files in /etc/rsyslog.d/ -$IncludeConfig /etc/rsyslog.d/*.conf +# Where to place auxiliary files +$WorkDirectory /var/lib/rsyslog # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf + # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. $OmitLocalLogging on # File to store the position in the journal -$StateFile imjournal.state +$IMJournalStateFile imjournal.state + #### RULES #### @@ -42,7 +51,7 @@ $StateFile imjournal.state # Log anything (except mail) of level info or higher. # Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages +*.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure @@ -55,7 +64,7 @@ mail.* -/var/log/maillog cron.* /var/log/cron # Everybody gets emergency messages -*.emerg * +*.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler @@ -63,6 +72,7 @@ uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log + # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple @@ -71,14 +81,11 @@ local7.* /var/log/boot.log # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down +#$ActionQueueFileName fwdRule1 # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host:514 # ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - diff --git a/roles/base/files/rsyslog/rsyslog.conf.phx2 b/roles/base/files/rsyslog/rsyslog.conf.phx2 deleted file mode 100644 index a1d425816f..0000000000 --- a/roles/base/files/rsyslog/rsyslog.conf.phx2 +++ /dev/null @@ -1,97 +0,0 @@ -#rsyslog v3 config file - -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance - -#### MODULES #### - -$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) -$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) -#$ModLoad immark.so # provides --MARK-- message capability - -# Provides UDP syslog reception -#$ModLoad imudp.so -#$UDPServerRun 514 - -# Provides TCP syslog reception -#$ModLoad imtcp.so -#$InputTCPServerRun 514 - - -#### GLOBAL DIRECTIVES #### - -# Use default timestamp format -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# File syncing capability is disabled by default. This feature is usually not required, -# not useful and an extreme performance hit -#$ActionFileEnableSync on - - -#### RULES #### - -# Log all kernel messages to the console. -# Logging much else clutters up the screen. -#kern.* /dev/console - -# Log anything (except mail) of level info or higher. -# Don't log private authentication messages! -*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages - -# The authpriv file has restricted access. -authpriv.* /var/log/secure - -# Log all the mail messages in one place. -mail.* -/var/log/maillog - - -# Log cron stuff -cron.* /var/log/cron - -# Everybody gets emergency messages -*.emerg * - -# Save news errors of level crit and higher in a special file. -uucp,news.crit /var/log/spooler - -# Save boot messages also to boot.log -local7.* /var/log/boot.log - -# monitor auditd log and send out over local6 to central loghost -$ModLoad imfile.so - -# auditd audit.log -$InputFileName /var/log/audit/audit.log -$InputFileTag tag_audit_log: -$InputFileStateFile audit_log -$InputFileSeverity info -$InputFileFacility local6 -$InputRunFileMonitor - -# ### begin forwarding rule ### -# The statement between the begin ... end define a SINGLE forwarding -# rule. They belong together, do NOT split them. If you create multiple -# forwarding rules, duplicate the whole block! -# Remote Logging (we use TCP for reliable delivery) -# -# An on-disk queue is created for this action. If the remote host is -# down, messages are spooled to disk and sent when it is up again. -$WorkDirectory /var/lib/rsyslog # where to place spool files -$ActionQueueFileName fwdRule1 # unique name prefix for spool files -$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) -$ActionQueueSaveOnShutdown on # save messages to disk on shutdown -$ActionQueueType LinkedList # run asynchronously -$ActionResumeRetryCount -1 # infinite retries if host is down - -# Disable rate limiting -$IMUXSockRateLimitInterval 0 -$SystemLogRateLimitInterval 0 - -# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional -#*.* @@remote-host:514 -# ### end of the forwarding rule ### -cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 - -:msg, !contains, "type=AVC" ~ -local6.* @@log02:514 - diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 4d11550d88..7eeac12ec9 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -106,10 +106,7 @@ - name: rsyslog.conf copy: src={{ item }} dest=/etc/rsyslog.conf mode=644 first_available_file: - - "{{ rsyslogconf }}" - - rsyslog/rsyslog.conf.{{ ansible_fqdn }} - - rsyslog/rsyslog.conf.{{ host_group }} - - rsyslog/rsyslog.conf.{{ datacenter }} + - rsyslog/rsyslog.conf.{{ dist_tag }} - rsyslog/rsyslog.conf notify: @@ -118,6 +115,16 @@ - rsyslogd - config +- name: add rsyslog config to /etc/rsyslog.d + copy: src={{ item }} dest=/etc/rsyslog.d/{{ item }} mode=644 + with_items: + - rsyslog-audit.conf + - rsyslog-disablerate.conf + - rsyslog-log02.conf + tags: + - rsyslogd + - config + - name: /etc/postfix/main.cf copy: src={{ item }} dest=/etc/postfix/main.cf first_available_file: