X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=templates%2Fsyslog-ng.conf.erb;h=fffd050ab77cb36e1a1a750e39c7798fb75b470e;hb=f15775100449de106f0ee2cd14d327362ce45909;hp=3d64384dc937102ad90d156e604884bd142527ef;hpb=60232010ad086ed9f337337c697de0c701003e43;p=mirror%2Fdsa-puppet.git diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb index 3d64384dc..fffd050ab 100644 --- a/templates/syslog-ng.conf.erb +++ b/templates/syslog-ng.conf.erb @@ -1,3 +1,11 @@ +<% if syslogversion == "3" -%> +@version: 3.0 +<%end%> +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + # # Configuration file for syslog-ng under Debian # @@ -73,6 +81,12 @@ options { # we tell the syslog-ng that if a hostname match this regexp than that # is not a real hostname. bad_hostname("^gconfd$"); + +<% if hostname == "heininen" -%> + # we trust our mutual authenticated syslog clients + keep_hostname(yes); +<%end%> + }; @@ -88,19 +102,40 @@ source s_all { # function to send logs to) unix-stream("/dev/log"); # messages from the kernel +<% if syslogversion == "2" -%> file("/proc/kmsg" log_prefix("kernel: ")); <% else %> + file("/proc/kmsg" program_override("kernel: ")); +<%end%> +<%else%> # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-dgram("/var/run/log"); # messages from the kernel +<% if syslogversion == "2" -%> file("/dev/klog" log_prefix("kernel: ")); +<% else %> + file("/dev/klog" program_override("kernel: ")); <%end%> +<%end%> +<% if hostname == "paganini" -%> # use the following line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) - # udp(); + udp(); +<%end%> }; +<% if hostname == "heininen" -%> +source s_network { + tcp6(port(5140) + tls( key_file("/etc/exim4/ssl/thishost.key") + cert_file("/etc/exim4/ssl/thishost.crt") + ca_dir("/etc/exim4/ssl/") + ) + ); +}; +<%end%> + ###### # destinations @@ -212,6 +247,9 @@ filter f_xconsole { # auth,authpriv.* /var/log/auth.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_auth); destination(df_auth); }; @@ -219,6 +257,9 @@ log { # *.*;auth,authpriv.none -/var/log/syslog log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_syslog); destination(df_syslog); }; @@ -234,6 +275,9 @@ log { # daemon.* -/var/log/daemon.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_daemon); destination(df_daemon); }; @@ -241,6 +285,9 @@ log { # kern.* -/var/log/kern.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_kern); destination(df_kern); }; @@ -248,6 +295,9 @@ log { # lpr.* -/var/log/lpr.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_lpr); destination(df_lpr); }; @@ -255,6 +305,9 @@ log { # mail.* -/var/log/mail.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_mail); destination(df_mail); }; @@ -262,6 +315,9 @@ log { # user.* -/var/log/user.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_user); destination(df_user); }; @@ -269,6 +325,9 @@ log { # uucp.* /var/log/uucp.log log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_uucp); destination(df_uucp); }; @@ -276,6 +335,9 @@ log { # mail.info -/var/log/mail.info log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_mail); filter(f_at_least_info); destination(df_mail_info); @@ -284,6 +346,9 @@ log { # mail.warn -/var/log/mail.warn log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_mail); filter(f_at_least_warn); destination(df_mail_warn); @@ -292,6 +357,9 @@ log { # mail.err /var/log/mail.err log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_mail); filter(f_at_least_err); destination(df_mail_err); @@ -300,6 +368,9 @@ log { # news.crit /var/log/news/news.crit log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_news); filter(f_at_least_crit); destination(df_news_dot_crit); @@ -308,6 +379,9 @@ log { # news.err /var/log/news/news.err log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_news); filter(f_at_least_err); destination(df_news_dot_err); @@ -316,6 +390,9 @@ log { # news.notice /var/log/news/news.notice log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_news); filter(f_at_least_notice); destination(df_news_dot_notice); @@ -327,6 +404,9 @@ log { # news.none;mail.none -/var/log/debug log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_debug); destination(df_debug); }; @@ -338,6 +418,9 @@ log { # mail,news.none -/var/log/messages log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_messages); destination(df_messages); }; @@ -345,6 +428,9 @@ log { # *.emerg * log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_emerg); destination(du_all); }; @@ -357,7 +443,27 @@ log { # *.=notice;*.=warn |/dev/xconsole log { source(s_all); +<% if hostname == "heininen" -%> + source(s_network); +<% end %> filter(f_xconsole); destination(dp_xconsole); }; <%end%> + +<% if hostname != "heininen" -%> + <% if syslogversion == "3" %> +destination loghost-heininen { + tcp("heininen.debian.org" port (5140) + tls( key_file("/etc/ssl/debian/keys/thishost.key") + cert_file("/etc/ssl/debian/certs/thishost.crt") + ca_dir("/etc/ssl/debian/certs/") + ) + ) +}; +log { + source(s_all); + destination(loghost-heininen); +}; + <%end%> +<%end%>