X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=templates%2Fsyslog-ng.conf.erb;h=822616ba253a328a8d0afd10f5ba0fd4c6338ef1;hb=2fa273f8bc57e6b0eee85c98aeaa0ccc110de186;hp=c62a7f7998ff70637b62e38355d946070f0869f0;hpb=890ae68b439424f810e5e9a843b9b33267270ff3;p=mirror%2Fdsa-puppet.git diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb index c62a7f799..822616ba2 100644 --- a/templates/syslog-ng.conf.erb +++ b/templates/syslog-ng.conf.erb @@ -1,6 +1,6 @@ -<% if syslogversion == "3" -%> +<%- if defined?(syslogversion) && syslogversion.to_s == "3" -%> @version: 3.0 -<%end%> +<%- end -%> ## ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git @@ -81,6 +81,12 @@ options { # we tell the syslog-ng that if a hostname match this regexp than that # is not a real hostname. bad_hostname("^gconfd$"); + +<%- if hostname == "heininen" -%> + # we trust our mutual authenticated syslog clients + keep_hostname(yes); +<%- end -%> + }; @@ -88,47 +94,47 @@ options { # sources # all known message sources -source s_all { +source s_local { # message generated by Syslog-NG internal(); -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel -<% if syslogversion == "2" -%> +<%- if defined?(syslogversion) && syslogversion.to_s == "2" -%> file("/proc/kmsg" log_prefix("kernel: ")); -<% else %> +<%- else -%> file("/proc/kmsg" program_override("kernel: ")); -<%end%> -<%else%> +<%- end -%> +<%- else -%> # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-dgram("/var/run/log"); # messages from the kernel -<%end%> -<% if syslogversion == "2" -%> +<%- if defined?(syslogversion) && syslogversion.to_s == "2" -%> file("/dev/klog" log_prefix("kernel: ")); -<% else %> +<%- else -%> file("/dev/klog" program_override("kernel: ")); -<%end%> +<%- end -%> +<%- end -%> +<%- if hostname == "paganini" -%> # use the following line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) -<% if hostname == "paganini" -%> udp(); -<%end%> +<%- end -%> }; -<% if hostname == "heininen" -%> +<%- if hostname == "heininen" -%> source s_network { - tcp6(port(5140) + tcp6(port(5140) max-connections(200) tls( key_file("/etc/exim4/ssl/thishost.key") - cert_file("/etc/exim4/ssl/thishost.cert") + cert_file("/etc/exim4/ssl/thishost.crt") ca_dir("/etc/exim4/ssl/") ) ); }; -<%end%> +<%- end -%> ###### @@ -167,12 +173,12 @@ destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; destination df_debug { file("/var/log/debug"); }; destination df_messages { file("/var/log/messages"); }; -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # pipes # a console to view log messages under X destination dp_xconsole { pipe("/dev/xconsole"); }; -<% end %> +<%- end -%> # consoles # this will send messages to everyone logged in destination du_all { usertty("*"); }; @@ -185,7 +191,7 @@ destination du_all { usertty("*"); }; filter f_auth { facility(auth, authpriv); }; # all messages except from the auth and authpriv facilities -filter f_syslog { not facility(auth, authpriv); }; +filter f_syslog { not facility(auth, authpriv, mail); }; # respectively: messages from the cron, daemon, kern, lpr, mail, news, user, # and uucp facilities @@ -221,7 +227,7 @@ filter f_messages { # messages with priority emerg filter f_emerg { level(emerg); }; -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # complex filter for messages usually sent to the xconsole filter f_xconsole { facility(daemon,mail) @@ -230,30 +236,29 @@ filter f_xconsole { and level(crit,err,notice)); }; -<% end %> -###### -# logs +<%- end -%> + # order matters if you use "flags(final);" to mark the end of processing in a # "log" statement -# these rules provide the same behavior as the commented original syslogd rules +############################################################################### +########## ON LOG CLIENTS ##################################################### +############################################################################### +############################################################################### +############################################################################### +# all log clients, including the log server, log their locally created +# messages to the standard places. # auth,authpriv.* /var/log/auth.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_auth); destination(df_auth); }; # *.*;auth,authpriv.none -/var/log/syslog log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_syslog); destination(df_syslog); }; @@ -261,77 +266,56 @@ log { # this is commented out in the default syslog.conf # cron.* /var/log/cron.log #log { -# source(s_all); +# source(s_local); # filter(f_cron); # destination(df_cron); #}; # daemon.* -/var/log/daemon.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_daemon); destination(df_daemon); }; # kern.* -/var/log/kern.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_kern); destination(df_kern); }; # lpr.* -/var/log/lpr.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_lpr); destination(df_lpr); }; # mail.* -/var/log/mail.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_mail); destination(df_mail); }; # user.* -/var/log/user.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_user); destination(df_user); }; # uucp.* /var/log/uucp.log log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_uucp); destination(df_uucp); }; # mail.info -/var/log/mail.info log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_mail); filter(f_at_least_info); destination(df_mail_info); @@ -339,10 +323,7 @@ log { # mail.warn -/var/log/mail.warn log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_mail); filter(f_at_least_warn); destination(df_mail_warn); @@ -350,10 +331,7 @@ log { # mail.err /var/log/mail.err log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_mail); filter(f_at_least_err); destination(df_mail_err); @@ -361,10 +339,7 @@ log { # news.crit /var/log/news/news.crit log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_news); filter(f_at_least_crit); destination(df_news_dot_crit); @@ -372,10 +347,7 @@ log { # news.err /var/log/news/news.err log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_news); filter(f_at_least_err); destination(df_news_dot_err); @@ -383,10 +355,7 @@ log { # news.notice /var/log/news/news.notice log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_news); filter(f_at_least_notice); destination(df_news_dot_notice); @@ -397,10 +366,7 @@ log { # auth,authpriv.none;\ # news.none;mail.none -/var/log/debug log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_debug); destination(df_debug); }; @@ -411,47 +377,162 @@ log { # cron,daemon.none;\ # mail,news.none -/var/log/messages log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_messages); destination(df_messages); }; # *.emerg * log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_emerg); destination(du_all); }; -<% if kernel == 'Linux' %> +<%- if kernel == 'Linux' -%> # daemon.*;mail.*;\ # news.crit;news.err;news.notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn |/dev/xconsole log { - source(s_all); -<% if hostname == "heininen" -%> - source(s_network); -<% end %> + source(s_local); filter(f_xconsole); destination(dp_xconsole); }; -<%end%> +<%- end -%> + -<% if hostname == "corelli" -%> -destination loghost-paganini { - udp("192.168.2.10",port(514)); +<%- if hostname != "heininen" -%> + <%- if defined?(syslogversion) && syslogversion.to_s == "3" -%> +destination loghost-heininen { + tcp("heininen.debian.org" port (5140) + tls( key_file("/etc/ssl/debian/keys/thishost.key") + cert_file("/etc/ssl/debian/certs/thishost.crt") + ca_dir("/etc/ssl/debian/certs/") + ) + ); }; + log { - source(s_all); - destination(loghost-paganini); + source(s_local); + destination(loghost-heininen); }; -<%end%> + <%- end -%> +<%- end -%> + + + +<%- if hostname == "heininen" -%> +############################################################################### +########## ON LOG HOST ######################################################## +############################################################################### +############################################################################### +# +# The log server, additionally, also logs all local and remote messages to +# a few special places. +destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; + + +#---------------------------------------------------------------------- +# Special catch all destination hostdest_sorting by host +#---------------------------------------------------------------------- +destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; + + +#---------------------------------------------------------------------- +# Catch all log files +#---------------------------------------------------------------------- +destination df_ALL_auth { file("/var/log/auth-all.log"); }; +destination df_ALL_mail { file("/var/log/mail-all.log"); }; +destination df_ALL_syslog { file("/var/log/syslog-all"); }; + +log { source(s_local); + source(s_network); + filter(f_auth); destination(hostdest_auth); }; +log { source(s_local); + source(s_network); + filter(f_syslog); destination(hostdest_syslog); }; +log { source(s_local); + source(s_network); + filter(f_daemon); destination(hostdest_daemon); }; +log { source(s_local); + source(s_network); + filter(f_kern); destination(hostdest_kern); }; +log { source(s_local); + source(s_network); + filter(f_lpr); destination(hostdest_lpr); }; +log { source(s_local); + source(s_network); + filter(f_mail); destination(hostdest_mail); }; +log { source(s_local); + source(s_network); + filter(f_news); destination(hostdest_mail); }; +log { source(s_local); + source(s_network); + filter(f_user); destination(hostdest_user); }; +log { source(s_local); + source(s_network); + filter(f_uucp); destination(hostdest_uucp); }; +log { source(s_local); + source(s_network); + filter(f_debug); destination(hostdest_debug); }; +log { source(s_local); + source(s_network); + filter(f_messages); destination(hostdest_messages); }; + +log { source(s_local); + source(s_network); + filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); }; +log { source(s_local); + source(s_network); + filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); }; +log { source(s_local); + source(s_network); + filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); }; + + +## catch all: +log { source(s_local); + source(s_network); + filter(f_auth); destination(df_ALL_auth); }; +log { source(s_local); + source(s_network); + filter(f_mail); destination(df_ALL_mail); }; +log { source(s_local); + source(s_network); + filter(f_syslog); destination(df_ALL_syslog); }; +<%- end -%>