From 0de5e1e523866c0d15a22b77fbe97338c5da8478 Mon Sep 17 00:00:00 2001 From: Seth Vidal Date: Wed, 15 May 2013 21:57:29 +0000 Subject: [PATCH] update the default vars for kernel-qa group add a phx2 option for rsyslog.conf --- files/rsyslog/rsyslog.conf.phx2 | 97 +++++++++++++++++++++++++++++++++ inventory/group_vars/kernel-qa | 4 +- 2 files changed, 100 insertions(+), 1 deletion(-) create mode 100644 files/rsyslog/rsyslog.conf.phx2 diff --git a/files/rsyslog/rsyslog.conf.phx2 b/files/rsyslog/rsyslog.conf.phx2 new file mode 100644 index 0000000000..8215f5cd7c --- /dev/null +++ b/files/rsyslog/rsyslog.conf.phx2 @@ -0,0 +1,97 @@ +#rsyslog v3 config file + +# if you experience problems, check +# http://www.rsyslog.com/troubleshoot for assistance + +#### MODULES #### + +$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) +$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) +#$ModLoad immark.so # provides --MARK-- message capability + +# Provides UDP syslog reception +#$ModLoad imudp.so +#$UDPServerRun 514 + +# Provides TCP syslog reception +#$ModLoad imtcp.so +#$InputTCPServerRun 514 + + +#### GLOBAL DIRECTIVES #### + +# Use default timestamp format +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + + +#### RULES #### + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + + +# Log cron stuff +cron.* /var/log/cron + +# Everybody gets emergency messages +*.emerg * + +# Save news errors of level crit and higher in a special file. +uucp,news.crit /var/log/spooler + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + +# monitor auditd log and send out over local6 to central loghost +$ModLoad imfile.so + +# auditd audit.log +$InputFileName /var/log/audit/audit.log +$InputFileTag tag_audit_log: +$InputFileStateFile audit_log +$InputFileSeverity info +$InputFileFacility local6 +$InputRunFileMonitor + +# ### begin forwarding rule ### +# The statement between the begin ... end define a SINGLE forwarding +# rule. They belong together, do NOT split them. If you create multiple +# forwarding rules, duplicate the whole block! +# Remote Logging (we use TCP for reliable delivery) +# +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +$WorkDirectory /var/spool/rsyslog # where to place spool files +$ActionQueueFileName fwdRule1 # unique name prefix for spool files +$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) +$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +$ActionQueueType LinkedList # run asynchronously +$ActionResumeRetryCount -1 # infinite retries if host is down + +# Disable rate limiting +$IMUXSockRateLimitInterval 0 +$SystemLogRateLimitInterval 0 + +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 +# ### end of the forwarding rule ### +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 + +:msg, !contains, "type=AVC" ~ +local6.* @@log02:514 + diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa index 64c610a971..57e5af10e3 100644 --- a/inventory/group_vars/kernel-qa +++ b/inventory/group_vars/kernel-qa @@ -1,2 +1,4 @@ --- -freezes: true \ No newline at end of file +freezes: true +resolvconf: $files/resolv.conf/phx2 +rsyslogconf: $files/rsyslog/rsyslog.conf.phx2