X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=templates%2Fsyslog-ng.conf.erb;h=ac214c252365cc1ffdfcb8355ffe2dec9a205961;hb=f8063eba588ec4430e669860035d4f079b1dc0cf;hp=c87596cea68cc50b44b48a0c719be1975a857231;hpb=9734e38e4e233fc2a42bc6959fb6013893c15111;p=mirror%2Fdsa-puppet.git diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb index c87596cea..ac214c252 100644 --- a/templates/syslog-ng.conf.erb +++ b/templates/syslog-ng.conf.erb @@ -1,3 +1,6 @@ +<%- if syslogversion == "3" -%> +@version: 3.0 +<%- end -%> ## ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git @@ -78,6 +81,12 @@ options { # we tell the syslog-ng that if a hostname match this regexp than that # is not a real hostname. bad_hostname("^gconfd$"); + +<%- if hostname == "heininen" -%> + # we trust our mutual authenticated syslog clients + keep_hostname(yes); +<%- end -%> + }; @@ -88,26 +97,45 @@ options { source s_all { # message generated by Syslog-NG internal(); -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel +<%- if syslogversion == "2" -%> file("/proc/kmsg" log_prefix("kernel: ")); -<% else %> +<%- else -%> + file("/proc/kmsg" program_override("kernel: ")); +<%- end -%> +<%- else -%> # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-dgram("/var/run/log"); # messages from the kernel +<%- if syslogversion == "2" -%> file("/dev/klog" log_prefix("kernel: ")); -<%end%> +<%- else -%> + file("/dev/klog" program_override("kernel: ")); +<%- end -%> +<%- end -%> +<%- if hostname == "paganini" -%> # use the following line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) -<% if hostname == "paganini" -%> udp(); -<%end%> +<%- end -%> }; +<%- if hostname == "heininen" -%> +source s_network { + tcp6(port(5140) max-connections(200) + tls( key_file("/etc/exim4/ssl/thishost.key") + cert_file("/etc/exim4/ssl/thishost.crt") + ca_dir("/etc/exim4/ssl/") + ) + ); +}; +<%- end -%> + ###### # destinations @@ -145,12 +173,12 @@ destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; destination df_debug { file("/var/log/debug"); }; destination df_messages { file("/var/log/messages"); }; -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # pipes # a console to view log messages under X destination dp_xconsole { pipe("/dev/xconsole"); }; -<% end %> +<%- end -%> # consoles # this will send messages to everyone logged in destination du_all { usertty("*"); }; @@ -199,7 +227,7 @@ filter f_messages { # messages with priority emerg filter f_emerg { level(emerg); }; -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # complex filter for messages usually sent to the xconsole filter f_xconsole { facility(daemon,mail) @@ -208,7 +236,7 @@ filter f_xconsole { and level(crit,err,notice)); }; -<% end %> +<%- end -%> ###### # logs # order matters if you use "flags(final);" to mark the end of processing in a @@ -219,6 +247,9 @@ filter f_xconsole { # auth,authpriv.* /var/log/auth.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_auth); destination(df_auth); }; @@ -226,6 +257,9 @@ log { # *.*;auth,authpriv.none -/var/log/syslog log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_syslog); destination(df_syslog); }; @@ -241,6 +275,9 @@ log { # daemon.* -/var/log/daemon.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_daemon); destination(df_daemon); }; @@ -248,6 +285,9 @@ log { # kern.* -/var/log/kern.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_kern); destination(df_kern); }; @@ -255,6 +295,9 @@ log { # lpr.* -/var/log/lpr.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_lpr); destination(df_lpr); }; @@ -262,6 +305,9 @@ log { # mail.* -/var/log/mail.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_mail); destination(df_mail); }; @@ -269,6 +315,9 @@ log { # user.* -/var/log/user.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_user); destination(df_user); }; @@ -276,6 +325,9 @@ log { # uucp.* /var/log/uucp.log log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_uucp); destination(df_uucp); }; @@ -283,6 +335,9 @@ log { # mail.info -/var/log/mail.info log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_mail); filter(f_at_least_info); destination(df_mail_info); @@ -291,6 +346,9 @@ log { # mail.warn -/var/log/mail.warn log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_mail); filter(f_at_least_warn); destination(df_mail_warn); @@ -299,6 +357,9 @@ log { # mail.err /var/log/mail.err log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_mail); filter(f_at_least_err); destination(df_mail_err); @@ -307,6 +368,9 @@ log { # news.crit /var/log/news/news.crit log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_news); filter(f_at_least_crit); destination(df_news_dot_crit); @@ -315,6 +379,9 @@ log { # news.err /var/log/news/news.err log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_news); filter(f_at_least_err); destination(df_news_dot_err); @@ -323,6 +390,9 @@ log { # news.notice /var/log/news/news.notice log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_news); filter(f_at_least_notice); destination(df_news_dot_notice); @@ -334,6 +404,9 @@ log { # news.none;mail.none -/var/log/debug log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_debug); destination(df_debug); }; @@ -345,6 +418,9 @@ log { # mail,news.none -/var/log/messages log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_messages); destination(df_messages); }; @@ -352,19 +428,44 @@ log { # *.emerg * log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_emerg); destination(du_all); }; -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # daemon.*;mail.*;\ # news.crit;news.err;news.notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn |/dev/xconsole log { source(s_all); +<%- if hostname == "heininen" -%> + source(s_network); +<%- end -%> filter(f_xconsole); destination(dp_xconsole); }; -<%end%> +<%- end -%> + +<%- if hostname != "heininen" -%> + <%- if syslogversion == "3" -%> +destination loghost-heininen { + tcp("heininen.debian.org" port (5140) + tls( key_file("/etc/ssl/debian/keys/thishost.key") + cert_file("/etc/ssl/debian/certs/thishost.crt") + ca_dir("/etc/ssl/debian/certs/") + ) + ); +}; + + +log { + source(s_all); + destination(loghost-heininen); +}; + <%- end -%> +<%- end -%>