Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

iad2: log01: add a rsyslog config file for log01.iad2

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2020-05-08 17:49:21 -07:00
parent a83dfc7548
commit b8de4f9d7d
1 changed files with 215 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

215
roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org Normal file
View file

@ -0,0 +1,215 @@
################################################################################
# RSYSLOG.CONF - central logging server #
################################################################################
# N O T E #
#------------------------------------------------------------------------------#
# This rsyslog configuration is suitable for a central log host. This is not #
# intended for a normal server. #
# #
# This config was built and tested for rsyslog version rsyslog-2.0.0. #
################################################################################
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
# M O D U L E S #
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
$ModLoad immark.so # mark messages
$MarkMessagePeriod 1200 # every 20 minutes
$ModLoad imudp.so #udp sockets
$ModLoad imtcp.so #tcp socks
$ModLoad imuxsock # local syslog() listener
#$ModLoad imklog # local klog logging
$ModLoad imjournal # provides access to the systemd journal
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
# G L O B A L S E T T I N G S #
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
$umask 0000
$CreateDirs on
$DirCreateMode 0755
$FileCreateMode 0644
$FileOwner root
$FileGroup root
$RepeatedMsgReduction on
$EscapeControlCharactersOnReceive off
$UDPServerRun 514
$InputTCPMaxSessions 2000
$InputTCPServerRun 514
$InputTCPServerRun 5000
$IMUXSockRateLimitInterval 0
$SystemLogRateLimitInterval 0
$WorkDirectory /var/lib/rsyslog
$IMJournalStateFile imjournal.state
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
# T E M P L A T E S #
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
$template CustomFormat,"%TIMESTAMP% %FROMHOST% %HOSTNAME% %syslogtag%%msg%\n"
$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg%\n"
$template MergeFormat,"%timegenerated% %FROMHOST% %syslogtag%%msg%\n"
$template RawMessage,"%msg:2:2048%\n"
#------------------------------------------------------------------------------#
# templates for merged remote logging #
#------------------------------------------------------------------------------#
$template m_messages, "/var/log/merged/messages.log"
$template m_secure, "/var/log/merged/secure.log"
$template m_mail, "/var/log/merged/mail.log"
$template m_cron, "/var/log/merged/cron.log"
$template m_spooler, "/var/log/merged/spooler.log"
$template m_boot, "/var/log/merged/boot.log"
$template m_kern, "/var/log/merged/kernel.log"
$template m_audit, "/var/log/merged/audit.log"
$template m_http_error, "/var/log/merged/http_error.log"
$template m_http_apps, "/var/log/merged/apps.log"
#------------------------------------------------------------------------------#
# templates for remote logging #
#------------------------------------------------------------------------------#
$template r_messages, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/messages.log"
$template r_secure, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/secure.log"
$template r_mail, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/mail.log"
$template r_cron, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/cron.log"
$template r_spooler, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/spooler.log"
$template r_boot, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/boot.log"
$template r_kern, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/kernel.log"
$template r_audit, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/audit.log"
$template r_http_error, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/http_error.log"
$template r_http_apps, "/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/apps.log"
#------------------------------------------------------------------------------#
# templates for http logging #
#------------------------------------------------------------------------------#
$template HttpAccessTemplate,"/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/http/%APP-NAME%"
$template HttpErrorTemplate,"/var/log/hosts/%FROMHOST%/%$YEAR%/%$MONTH%/%$DAY%/http/%APP-NAME%"
#------------------------------------------------------------------------------#
# templates for local logging #
#------------------------------------------------------------------------------#
$template l_messages, "/var/log/messages"
$template l_secure, "/var/log/secure"
$template l_mail, "/var/log/maillog"
$template l_cron, "/var/log/cron"
$template l_spooler, "/var/log/spooler"
$template l_boot, "/var/log/boot.log"
$template l_idgaud, "/var/log/idgaudit.log"
$template l_idgsys, "/var/log/idgsystem.log"
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
# R E M O T E L O G G I N G #
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
#------------------------------------------------------------------------------#
# remote messages log #
#------------------------------------------------------------------------------#
*.info;mail.none;authpriv.none;cron.none;local6.none;local5.none;local4.none ?r_messages;TraditionalFormat
#------------------------------------------------------------------------------#
# remote auth/secure log #
#------------------------------------------------------------------------------#
authpriv.* -?r_secure;TraditionalFormat
#------------------------------------------------------------------------------#
# remote mail log #
#------------------------------------------------------------------------------#
mail.* -?r_mail;TraditionalFormat
#------------------------------------------------------------------------------#
# remote cron log #
#------------------------------------------------------------------------------#
cron.* ?r_cron;TraditionalFormat
#------------------------------------------------------------------------------#
# remote spool log #
#------------------------------------------------------------------------------#
uucp,news.crit ?r_spooler;TraditionalFormat
#------------------------------------------------------------------------------#
# remote audit log #
#------------------------------------------------------------------------------#
local6.* ?r_audit;TraditionalFormat
#------------------------------------------------------------------------------#
# remote http_error log #
#------------------------------------------------------------------------------#
local5.* ?r_http_error;TraditionalFormat
#------------------------------------------------------------------------------#
# remote http app log #
#------------------------------------------------------------------------------#
local4.* ?r_http_apps;TraditionalFormat
#------------------------------------------------------------------------------#
# remote boot log #
#------------------------------------------------------------------------------#
local7.* ?r_boot;TraditionalFormat
#------------------------------------------------------------------------------#
# remote kernel log #
#------------------------------------------------------------------------------#
kern.* ?r_kern;TraditionalFormat
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
# MERGED R E M O T E L O G G I N G #
#%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%#
#------------------------------------------------------------------------------#
# remote messages log #
#------------------------------------------------------------------------------#
*.info;mail.none;authpriv.none;cron.none;local6.none;local5.none;local4.none ?m_messages;MergeFormat
#------------------------------------------------------------------------------#
# remote auth/secure log #
#------------------------------------------------------------------------------#
authpriv.* -?m_secure;MergeFormat
#------------------------------------------------------------------------------#
# remote mail log #
#------------------------------------------------------------------------------#
mail.* -?m_mail;MergeFormat
#------------------------------------------------------------------------------#
# remote cron log #
#------------------------------------------------------------------------------#
cron.* ?m_cron;MergeFormat
#------------------------------------------------------------------------------#
# remote spool log #
#------------------------------------------------------------------------------#
uucp,news.crit ?m_spooler;MergeFormat
#------------------------------------------------------------------------------#
# remote boot log #
#------------------------------------------------------------------------------#
local7.* ?m_boot;MergeFormat
#------------------------------------------------------------------------------#
# remote kernel log #
#------------------------------------------------------------------------------#
kern.* ?m_kern;MergeFormat
#------------------------------------------------------------------------------#
# remote http_error
#------------------------------------------------------------------------------#
local5.* ?m_http_error;MergeFormat
#------------------------------------------------------------------------------#
# remote http_apps
#------------------------------------------------------------------------------#
local4.* ?m_http_apps;MergeFormat
#------------------------------------------------------------------------------#
# remote audit log #
#------------------------------------------------------------------------------#
#this means: if log message does not contain 'type=AVC' then drop it
# this is only for the merged logs from auditd
:msg, !contains, "type=AVC" ~
local6.* ?m_audit;MergeFormat