From: Stephen Gran Date: Mon, 13 Sep 2010 17:30:51 +0000 (+0100) Subject: make new syslog-ng module X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=b3f915434eb31aef5a7730178c1c3b608a011059;hp=5225ae8b10af48b44141003688115c10d5f969a1;p=mirror%2Fdsa-puppet.git make new syslog-ng module Signed-off-by: Stephen Gran --- diff --git a/files/etc/logrotate.d/syslog-ng b/files/etc/logrotate.d/syslog-ng deleted file mode 100644 index 220471386..000000000 --- a/files/etc/logrotate.d/syslog-ng +++ /dev/null @@ -1,124 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -/var/log/auth.log { - rotate 4 - missingok - notifempty - weekly - compress -} - -/var/log/cron.log { - rotate 4 - weekly - missingok - notifempty - compress -} - -/var/log/daemon.log { - rotate 7 - weekly - missingok - notifempty - compress -} - -/var/log/debug { - rotate 4 - weekly - missingok - notifempty - compress -} - -/var/log/kern.log { - rotate 4 - weekly - missingok - notifempty - compress -} - -/var/log/lpr.log { - rotate 4 - weekly - missingok - notifempty - compress -} - -/var/log/mail.err { - rotate 30 - daily - dateext - missingok - notifempty - compress -} - -/var/log/mail.info { - rotate 30 - daily - dateext - missingok - notifempty - compress -} - -/var/log/mail.log { - rotate 30 - daily - dateext - missingok - notifempty - compress - # listmaster asked for this one - delaycompress -} - -/var/log/mail.warn { - rotate 30 - daily - dateext - missingok - notifempty - compress -} - -/var/log/messages { - rotate 4 - weekly - missingok - notifempty - compress -} - - -/var/log/user.log { - rotate 4 - weekly - missingok - notifempty - compress -} - -/var/log/uucp.log { - rotate 4 - missingok - notifempty - weekly - compress -} - -/var/log/syslog { - rotate 7 - daily - compress - postrotate - /usr/sbin/invoke-rc.d syslog-ng reload >/dev/null - endscript -} diff --git a/manifests/site.pp b/manifests/site.pp index 22e773d18..564d270fc 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -22,6 +22,7 @@ node default { notice("hoster for ${fqdn} is ${hoster}") include munin-node + include syslog-ng include sudo include ssh include debian-org diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index 5edef0db3..7af2230d9 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -80,15 +80,6 @@ class debian-org { source => "puppet:///files/etc/default/puppet" ; - "/etc/syslog-ng/syslog-ng.conf": - content => template("syslog-ng.conf.erb"), - require => Package["syslog-ng"], - notify => Exec["syslog-ng reload"], - ; - "/etc/logrotate.d/syslog-ng": - require => Package["syslog-ng"], - source => "puppet:///files/etc/logrotate.d/syslog-ng", - ; "/etc/cron.d/dsa-puppet-stuff": source => "puppet:///files/etc/cron.d/dsa-puppet-stuff", require => Package["cron"] @@ -128,9 +119,6 @@ class debian-org { } exec { - "syslog-ng reload": - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true; "dpkg-reconfigure tzdata -pcritical -fnoninteractive": path => "/usr/bin:/usr/sbin:/bin:/sbin", refreshonly => true; diff --git a/modules/syslog-ng/files/syslog-ng.logrotate b/modules/syslog-ng/files/syslog-ng.logrotate new file mode 100644 index 000000000..220471386 --- /dev/null +++ b/modules/syslog-ng/files/syslog-ng.logrotate @@ -0,0 +1,124 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +/var/log/auth.log { + rotate 4 + missingok + notifempty + weekly + compress +} + +/var/log/cron.log { + rotate 4 + weekly + missingok + notifempty + compress +} + +/var/log/daemon.log { + rotate 7 + weekly + missingok + notifempty + compress +} + +/var/log/debug { + rotate 4 + weekly + missingok + notifempty + compress +} + +/var/log/kern.log { + rotate 4 + weekly + missingok + notifempty + compress +} + +/var/log/lpr.log { + rotate 4 + weekly + missingok + notifempty + compress +} + +/var/log/mail.err { + rotate 30 + daily + dateext + missingok + notifempty + compress +} + +/var/log/mail.info { + rotate 30 + daily + dateext + missingok + notifempty + compress +} + +/var/log/mail.log { + rotate 30 + daily + dateext + missingok + notifempty + compress + # listmaster asked for this one + delaycompress +} + +/var/log/mail.warn { + rotate 30 + daily + dateext + missingok + notifempty + compress +} + +/var/log/messages { + rotate 4 + weekly + missingok + notifempty + compress +} + + +/var/log/user.log { + rotate 4 + weekly + missingok + notifempty + compress +} + +/var/log/uucp.log { + rotate 4 + missingok + notifempty + weekly + compress +} + +/var/log/syslog { + rotate 7 + daily + compress + postrotate + /usr/sbin/invoke-rc.d syslog-ng reload >/dev/null + endscript +} diff --git a/modules/syslog-ng/manifests/init.pp b/modules/syslog-ng/manifests/init.pp new file mode 100644 index 000000000..1960bdb4a --- /dev/null +++ b/modules/syslog-ng/manifests/init.pp @@ -0,0 +1,21 @@ +class syslog-ng { + file { + "/etc/syslog-ng/syslog-ng.conf": + content => template("syslog-ng/syslog-ng.conf.erb"), + require => Package["syslog-ng"], + notify => Exec["syslog-ng reload"], + ; + "/etc/logrotate.d/syslog-ng": + require => Package["syslog-ng"], + source => "puppet:///modules/syslog-ng/syslog-ng.logrotate", + ; + } + exec { + "syslog-ng reload": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true; + } +} +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/syslog-ng/templates/syslog-ng.conf.erb b/modules/syslog-ng/templates/syslog-ng.conf.erb new file mode 100644 index 000000000..8ea828d69 --- /dev/null +++ b/modules/syslog-ng/templates/syslog-ng.conf.erb @@ -0,0 +1,552 @@ +<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%> +@version: 3.0 +<%- end -%> +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# +# Configuration file for syslog-ng under Debian +# +# attempts at reproducing default syslog behavior + +# the standard syslog levels are (in descending order of priority): +# emerg alert crit err warning notice info debug +# the aliases "error", "panic", and "warn" are deprecated +# the "none" priority found in the original syslogd configuration is +# only used in internal messages created by syslogd + + +###### +# options + +options { + # disable the chained hostname format in logs + # (default is enabled) + chain_hostnames(0); + + # the time to wait before a died connection is re-established + # (default is 60) + time_reopen(10); + + # the time to wait before an idle destination file is closed + # (default is 60) + time_reap(360); + + # the number of lines buffered before written to file + # you might want to increase this if your disk isn't catching with + # all the log messages you get or if you want less disk activity + # (say on a laptop) + # (default is 0) + #sync(0); + + # the number of lines fitting in the output queue + log_fifo_size(2048); + + # enable or disable directory creation for destination files + create_dirs(yes); + + # default owner, group, and permissions for log files + # (defaults are 0, 0, 0600) + #owner(root); + group(adm); + perm(0640); + + # default owner, group, and permissions for created directories + # (defaults are 0, 0, 0700) + #dir_owner(root); + #dir_group(root); + dir_perm(0755); + + # enable or disable DNS usage + # syslog-ng blocks on DNS queries, so enabling DNS may lead to + # a Denial of Service attack + # (default is yes) + use_dns(no); + + # maximum length of message in bytes + # this is only limited by the program listening on the /dev/log Unix + # socket, glibc can handle arbitrary length log messages, but -- for + # example -- syslogd accepts only 1024 bytes + # (default is 2048) + #log_msg_size(2048); + + #Disable statistic log messages. + stats_freq(0); + + # Some program send log messages through a private implementation. + # and sometimes that implementation is bad. If this happen syslog-ng + # may recognise the program name as hostname. Whit this option + # we tell the syslog-ng that if a hostname match this regexp than that + # is not a real hostname. + bad_hostname("^gconfd$"); + +<%- if (hostname == "heininen") || (hostname == "lotti") -%> + # we trust our mutual authenticated syslog clients + keep_hostname(yes); +<%- end -%> + +}; + + +###### +# sources + +# all known message sources +source s_local { + # message generated by Syslog-NG + internal(); +<%- if kernel == 'Linux' -%> + # standard Linux log source (this is the default place for the syslog() + # function to send logs to) + unix-stream("/dev/log"); + # messages from the kernel +<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%> + file("/proc/kmsg" log_prefix("kernel: ")); +<%- else -%> + file("/proc/kmsg" program_override("kernel: ")); +<%- end -%> +<%- else -%> + # standard Linux log source (this is the default place for the syslog() + # function to send logs to) + unix-dgram("/var/run/log"); + # messages from the kernel +<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%> + file("/dev/klog" log_prefix("kernel: ")); +<%- else -%> + file("/dev/klog" program_override("kernel: ")); +<%- end -%> +<%- end -%> +<%- if hostname == "paganini" -%> + # use the following line if you want to receive remote UDP logging messages + # (this is equivalent to the "-r" syslogd flag) + udp(); +<%- end -%> +}; + +<%- if (hostname == "heininen") || (hostname == "lotti") -%> +source s_network { + tcp6(port(5140) max-connections(200) + tls( key_file("/etc/exim4/ssl/thishost.key") + cert_file("/etc/exim4/ssl/thishost.crt") + ca_dir("/etc/exim4/ssl/") + ) + ); +}; +<%- end -%> + + +###### +# destinations + +# some standard log files +destination df_auth { file("/var/log/auth.log"); }; +destination df_syslog { file("/var/log/syslog"); }; +destination df_cron { file("/var/log/cron.log"); }; +destination df_daemon { file("/var/log/daemon.log"); }; +destination df_kern { file("/var/log/kern.log"); }; +destination df_lpr { file("/var/log/lpr.log"); }; +destination df_mail { file("/var/log/mail.log" group(maillog)); }; +destination df_mail_info { file("/var/log/mail.info" group(maillog)); }; +destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); }; +destination df_mail_err { file("/var/log/mail.err" group(maillog)); }; +destination df_user { file("/var/log/user.log" perm(0644)); }; +destination df_uucp { file("/var/log/uucp.log"); }; + +# these files are meant for the mail system log files +# and provide re-usable destinations for {mail,cron,...}.info, +# {mail,cron,...}.notice, etc. +destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; +destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; +destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; +destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; +destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; + +# these files are meant for the news system, and are kept separated +# because they should be owned by "news" instead of "root" +destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; +destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; +destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; + +# some more classical and useful files found in standard syslog configurations +destination df_debug { file("/var/log/debug"); }; +destination df_messages { file("/var/log/messages"); }; + +<%- if kernel == 'Linux' -%> +# pipes +# a console to view log messages under X +destination dp_xconsole { pipe("/dev/xconsole"); }; + +<%- end -%> +# consoles +# this will send messages to everyone logged in +destination du_all { usertty("*"); }; + + +###### +# filters + +# all messages from the auth and authpriv facilities +filter f_auth { facility(auth, authpriv); }; + +# all messages except from the auth and authpriv facilities +filter f_syslog { not facility(auth, authpriv, mail); }; + +# respectively: messages from the cron, daemon, kern, lpr, mail, news, user, +# and uucp facilities +filter f_cron { facility(cron); }; +filter f_daemon { facility(daemon); }; +filter f_kern { facility(kern); }; +filter f_lpr { facility(lpr); }; +filter f_mail { facility(mail); }; +filter f_news { facility(news); }; +filter f_user { facility(user); }; +filter f_uucp { facility(uucp); }; + +# some filters to select messages of priority greater or equal to info, warn, +# and err +# (equivalents of syslogd's *.info, *.warn, and *.err) +filter f_at_least_info { level(info..emerg); }; +filter f_at_least_notice { level(notice..emerg); }; +filter f_at_least_warn { level(warn..emerg); }; +filter f_at_least_err { level(err..emerg); }; +filter f_at_least_crit { level(crit..emerg); }; + +# all messages of priority debug not coming from the auth, authpriv, news, and +# mail facilities +filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; + +# all messages of info, notice, or warn priority not coming form the auth, +# authpriv, cron, daemon, mail, and news facilities +filter f_messages { + level(info,notice,warn) + and not facility(auth,authpriv,cron,daemon,mail,news); +}; + +# messages with priority emerg +filter f_emerg { level(emerg); }; + +<%- if kernel == 'Linux' -%> +# complex filter for messages usually sent to the xconsole +filter f_xconsole { + facility(daemon,mail) + or level(debug,info,notice,warn) + or (facility(news) + and level(crit,err,notice)); +}; + +<%- end -%> + +# order matters if you use "flags(final);" to mark the end of processing in a +# "log" statement + +############################################################################### +########## ON LOG CLIENTS ##################################################### +############################################################################### +############################################################################### +############################################################################### +# all log clients, including the log server, log their locally created +# messages to the standard places. + +# auth,authpriv.* /var/log/auth.log +log { + source(s_local); + filter(f_auth); + destination(df_auth); +}; + +# *.*;auth,authpriv.none -/var/log/syslog +log { + source(s_local); + filter(f_syslog); + destination(df_syslog); +}; + +# this is commented out in the default syslog.conf +# cron.* /var/log/cron.log +#log { +# source(s_local); +# filter(f_cron); +# destination(df_cron); +#}; + +# daemon.* -/var/log/daemon.log +log { + source(s_local); + filter(f_daemon); + destination(df_daemon); +}; + +# kern.* -/var/log/kern.log +log { + source(s_local); + filter(f_kern); + destination(df_kern); +}; + +# lpr.* -/var/log/lpr.log +log { + source(s_local); + filter(f_lpr); + destination(df_lpr); +}; + +# mail.* -/var/log/mail.log +log { + source(s_local); + filter(f_mail); + destination(df_mail); +}; + +# user.* -/var/log/user.log +log { + source(s_local); + filter(f_user); + destination(df_user); +}; + +# uucp.* /var/log/uucp.log +log { + source(s_local); + filter(f_uucp); + destination(df_uucp); +}; + +# mail.info -/var/log/mail.info +log { + source(s_local); + filter(f_mail); + filter(f_at_least_info); + destination(df_mail_info); +}; + +# mail.warn -/var/log/mail.warn +log { + source(s_local); + filter(f_mail); + filter(f_at_least_warn); + destination(df_mail_warn); +}; + +# mail.err /var/log/mail.err +log { + source(s_local); + filter(f_mail); + filter(f_at_least_err); + destination(df_mail_err); +}; + +# news.crit /var/log/news/news.crit +log { + source(s_local); + filter(f_news); + filter(f_at_least_crit); + destination(df_news_dot_crit); +}; + +# news.err /var/log/news/news.err +log { + source(s_local); + filter(f_news); + filter(f_at_least_err); + destination(df_news_dot_err); +}; + +# news.notice /var/log/news/news.notice +log { + source(s_local); + filter(f_news); + filter(f_at_least_notice); + destination(df_news_dot_notice); +}; + + +# *.=debug;\ +# auth,authpriv.none;\ +# news.none;mail.none -/var/log/debug +log { + source(s_local); + filter(f_debug); + destination(df_debug); +}; + + +# *.=info;*.=notice;*.=warn;\ +# auth,authpriv.none;\ +# cron,daemon.none;\ +# mail,news.none -/var/log/messages +log { + source(s_local); + filter(f_messages); + destination(df_messages); +}; + +# *.emerg * +log { + source(s_local); + filter(f_emerg); + destination(du_all); +}; + + +<%- if kernel == 'Linux' -%> +# daemon.*;mail.*;\ +# news.crit;news.err;news.notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn |/dev/xconsole +log { + source(s_local); + filter(f_xconsole); + destination(dp_xconsole); +}; +<%- end -%> + + +<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%> + <%- if hostname != "heininen" -%> +destination loghost-heininen { + tcp("heininen.debian.org" port (5140) + tls( key_file("/etc/ssl/debian/keys/thishost.key") + cert_file("/etc/ssl/debian/certs/thishost.crt") + ca_dir("/etc/ssl/debian/certs/") + ) + ); +}; + <%- end -%> + <%- if hostname != "lotti" -%> +destination loghost-lotti { + tcp("lotti.debian.org" port (5140) + tls( key_file("/etc/ssl/debian/keys/thishost.key") + cert_file("/etc/ssl/debian/certs/thishost.crt") + ca_dir("/etc/ssl/debian/certs/") + ) + ); +}; + <%- end -%> + +log { + source(s_local); + <%- if hostname != "heininen" -%> + destination(loghost-heininen); + <%- end -%> + <%- if hostname != "lotti" -%> + destination(loghost-lotti); + <%- end -%> +}; +<%- end -%> + + + +<%- if (hostname == "heininen") || (hostname == "lotti") -%> +############################################################################### +########## ON LOG HOST ######################################################## +############################################################################### +############################################################################### +# +# The log server, additionally, also logs all local and remote messages to +# a few special places. +destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; + + +#---------------------------------------------------------------------- +# Special catch all destination hostdest_sorting by host +#---------------------------------------------------------------------- +destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; +destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit" + owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; + + +#---------------------------------------------------------------------- +# Catch all log files +#---------------------------------------------------------------------- +destination df_ALL_auth { file("/var/log/auth-all.log"); }; +destination df_ALL_mail { file("/var/log/mail-all.log"); }; +destination df_ALL_syslog { file("/var/log/syslog-all"); }; + +log { source(s_local); + source(s_network); + filter(f_auth); destination(hostdest_auth); }; +log { source(s_local); + source(s_network); + filter(f_syslog); destination(hostdest_syslog); }; +log { source(s_local); + source(s_network); + filter(f_daemon); destination(hostdest_daemon); }; +log { source(s_local); + source(s_network); + filter(f_kern); destination(hostdest_kern); }; +log { source(s_local); + source(s_network); + filter(f_lpr); destination(hostdest_lpr); }; +log { source(s_local); + source(s_network); + filter(f_mail); destination(hostdest_mail); }; +log { source(s_local); + source(s_network); + filter(f_news); destination(hostdest_mail); }; +log { source(s_local); + source(s_network); + filter(f_user); destination(hostdest_user); }; +log { source(s_local); + source(s_network); + filter(f_uucp); destination(hostdest_uucp); }; +log { source(s_local); + source(s_network); + filter(f_debug); destination(hostdest_debug); }; +log { source(s_local); + source(s_network); + filter(f_messages); destination(hostdest_messages); }; + +log { source(s_local); + source(s_network); + filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); }; +log { source(s_local); + source(s_network); + filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); }; +log { source(s_local); + source(s_network); + filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); }; + + +## catch all: +log { source(s_local); + source(s_network); + filter(f_auth); destination(df_ALL_auth); }; +log { source(s_local); + source(s_network); + filter(f_mail); destination(df_ALL_mail); }; +log { source(s_local); + source(s_network); + filter(f_syslog); destination(df_ALL_syslog); }; +<%- end -%> diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb deleted file mode 100644 index 8ea828d69..000000000 --- a/templates/syslog-ng.conf.erb +++ /dev/null @@ -1,552 +0,0 @@ -<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%> -@version: 3.0 -<%- end -%> -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# -# Configuration file for syslog-ng under Debian -# -# attempts at reproducing default syslog behavior - -# the standard syslog levels are (in descending order of priority): -# emerg alert crit err warning notice info debug -# the aliases "error", "panic", and "warn" are deprecated -# the "none" priority found in the original syslogd configuration is -# only used in internal messages created by syslogd - - -###### -# options - -options { - # disable the chained hostname format in logs - # (default is enabled) - chain_hostnames(0); - - # the time to wait before a died connection is re-established - # (default is 60) - time_reopen(10); - - # the time to wait before an idle destination file is closed - # (default is 60) - time_reap(360); - - # the number of lines buffered before written to file - # you might want to increase this if your disk isn't catching with - # all the log messages you get or if you want less disk activity - # (say on a laptop) - # (default is 0) - #sync(0); - - # the number of lines fitting in the output queue - log_fifo_size(2048); - - # enable or disable directory creation for destination files - create_dirs(yes); - - # default owner, group, and permissions for log files - # (defaults are 0, 0, 0600) - #owner(root); - group(adm); - perm(0640); - - # default owner, group, and permissions for created directories - # (defaults are 0, 0, 0700) - #dir_owner(root); - #dir_group(root); - dir_perm(0755); - - # enable or disable DNS usage - # syslog-ng blocks on DNS queries, so enabling DNS may lead to - # a Denial of Service attack - # (default is yes) - use_dns(no); - - # maximum length of message in bytes - # this is only limited by the program listening on the /dev/log Unix - # socket, glibc can handle arbitrary length log messages, but -- for - # example -- syslogd accepts only 1024 bytes - # (default is 2048) - #log_msg_size(2048); - - #Disable statistic log messages. - stats_freq(0); - - # Some program send log messages through a private implementation. - # and sometimes that implementation is bad. If this happen syslog-ng - # may recognise the program name as hostname. Whit this option - # we tell the syslog-ng that if a hostname match this regexp than that - # is not a real hostname. - bad_hostname("^gconfd$"); - -<%- if (hostname == "heininen") || (hostname == "lotti") -%> - # we trust our mutual authenticated syslog clients - keep_hostname(yes); -<%- end -%> - -}; - - -###### -# sources - -# all known message sources -source s_local { - # message generated by Syslog-NG - internal(); -<%- if kernel == 'Linux' -%> - # standard Linux log source (this is the default place for the syslog() - # function to send logs to) - unix-stream("/dev/log"); - # messages from the kernel -<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%> - file("/proc/kmsg" log_prefix("kernel: ")); -<%- else -%> - file("/proc/kmsg" program_override("kernel: ")); -<%- end -%> -<%- else -%> - # standard Linux log source (this is the default place for the syslog() - # function to send logs to) - unix-dgram("/var/run/log"); - # messages from the kernel -<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%> - file("/dev/klog" log_prefix("kernel: ")); -<%- else -%> - file("/dev/klog" program_override("kernel: ")); -<%- end -%> -<%- end -%> -<%- if hostname == "paganini" -%> - # use the following line if you want to receive remote UDP logging messages - # (this is equivalent to the "-r" syslogd flag) - udp(); -<%- end -%> -}; - -<%- if (hostname == "heininen") || (hostname == "lotti") -%> -source s_network { - tcp6(port(5140) max-connections(200) - tls( key_file("/etc/exim4/ssl/thishost.key") - cert_file("/etc/exim4/ssl/thishost.crt") - ca_dir("/etc/exim4/ssl/") - ) - ); -}; -<%- end -%> - - -###### -# destinations - -# some standard log files -destination df_auth { file("/var/log/auth.log"); }; -destination df_syslog { file("/var/log/syslog"); }; -destination df_cron { file("/var/log/cron.log"); }; -destination df_daemon { file("/var/log/daemon.log"); }; -destination df_kern { file("/var/log/kern.log"); }; -destination df_lpr { file("/var/log/lpr.log"); }; -destination df_mail { file("/var/log/mail.log" group(maillog)); }; -destination df_mail_info { file("/var/log/mail.info" group(maillog)); }; -destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); }; -destination df_mail_err { file("/var/log/mail.err" group(maillog)); }; -destination df_user { file("/var/log/user.log" perm(0644)); }; -destination df_uucp { file("/var/log/uucp.log"); }; - -# these files are meant for the mail system log files -# and provide re-usable destinations for {mail,cron,...}.info, -# {mail,cron,...}.notice, etc. -destination df_facility_dot_info { file("/var/log/$FACILITY.info"); }; -destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); }; -destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); }; -destination df_facility_dot_err { file("/var/log/$FACILITY.err"); }; -destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); }; - -# these files are meant for the news system, and are kept separated -# because they should be owned by "news" instead of "root" -destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); }; -destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); }; -destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); }; - -# some more classical and useful files found in standard syslog configurations -destination df_debug { file("/var/log/debug"); }; -destination df_messages { file("/var/log/messages"); }; - -<%- if kernel == 'Linux' -%> -# pipes -# a console to view log messages under X -destination dp_xconsole { pipe("/dev/xconsole"); }; - -<%- end -%> -# consoles -# this will send messages to everyone logged in -destination du_all { usertty("*"); }; - - -###### -# filters - -# all messages from the auth and authpriv facilities -filter f_auth { facility(auth, authpriv); }; - -# all messages except from the auth and authpriv facilities -filter f_syslog { not facility(auth, authpriv, mail); }; - -# respectively: messages from the cron, daemon, kern, lpr, mail, news, user, -# and uucp facilities -filter f_cron { facility(cron); }; -filter f_daemon { facility(daemon); }; -filter f_kern { facility(kern); }; -filter f_lpr { facility(lpr); }; -filter f_mail { facility(mail); }; -filter f_news { facility(news); }; -filter f_user { facility(user); }; -filter f_uucp { facility(uucp); }; - -# some filters to select messages of priority greater or equal to info, warn, -# and err -# (equivalents of syslogd's *.info, *.warn, and *.err) -filter f_at_least_info { level(info..emerg); }; -filter f_at_least_notice { level(notice..emerg); }; -filter f_at_least_warn { level(warn..emerg); }; -filter f_at_least_err { level(err..emerg); }; -filter f_at_least_crit { level(crit..emerg); }; - -# all messages of priority debug not coming from the auth, authpriv, news, and -# mail facilities -filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); }; - -# all messages of info, notice, or warn priority not coming form the auth, -# authpriv, cron, daemon, mail, and news facilities -filter f_messages { - level(info,notice,warn) - and not facility(auth,authpriv,cron,daemon,mail,news); -}; - -# messages with priority emerg -filter f_emerg { level(emerg); }; - -<%- if kernel == 'Linux' -%> -# complex filter for messages usually sent to the xconsole -filter f_xconsole { - facility(daemon,mail) - or level(debug,info,notice,warn) - or (facility(news) - and level(crit,err,notice)); -}; - -<%- end -%> - -# order matters if you use "flags(final);" to mark the end of processing in a -# "log" statement - -############################################################################### -########## ON LOG CLIENTS ##################################################### -############################################################################### -############################################################################### -############################################################################### -# all log clients, including the log server, log their locally created -# messages to the standard places. - -# auth,authpriv.* /var/log/auth.log -log { - source(s_local); - filter(f_auth); - destination(df_auth); -}; - -# *.*;auth,authpriv.none -/var/log/syslog -log { - source(s_local); - filter(f_syslog); - destination(df_syslog); -}; - -# this is commented out in the default syslog.conf -# cron.* /var/log/cron.log -#log { -# source(s_local); -# filter(f_cron); -# destination(df_cron); -#}; - -# daemon.* -/var/log/daemon.log -log { - source(s_local); - filter(f_daemon); - destination(df_daemon); -}; - -# kern.* -/var/log/kern.log -log { - source(s_local); - filter(f_kern); - destination(df_kern); -}; - -# lpr.* -/var/log/lpr.log -log { - source(s_local); - filter(f_lpr); - destination(df_lpr); -}; - -# mail.* -/var/log/mail.log -log { - source(s_local); - filter(f_mail); - destination(df_mail); -}; - -# user.* -/var/log/user.log -log { - source(s_local); - filter(f_user); - destination(df_user); -}; - -# uucp.* /var/log/uucp.log -log { - source(s_local); - filter(f_uucp); - destination(df_uucp); -}; - -# mail.info -/var/log/mail.info -log { - source(s_local); - filter(f_mail); - filter(f_at_least_info); - destination(df_mail_info); -}; - -# mail.warn -/var/log/mail.warn -log { - source(s_local); - filter(f_mail); - filter(f_at_least_warn); - destination(df_mail_warn); -}; - -# mail.err /var/log/mail.err -log { - source(s_local); - filter(f_mail); - filter(f_at_least_err); - destination(df_mail_err); -}; - -# news.crit /var/log/news/news.crit -log { - source(s_local); - filter(f_news); - filter(f_at_least_crit); - destination(df_news_dot_crit); -}; - -# news.err /var/log/news/news.err -log { - source(s_local); - filter(f_news); - filter(f_at_least_err); - destination(df_news_dot_err); -}; - -# news.notice /var/log/news/news.notice -log { - source(s_local); - filter(f_news); - filter(f_at_least_notice); - destination(df_news_dot_notice); -}; - - -# *.=debug;\ -# auth,authpriv.none;\ -# news.none;mail.none -/var/log/debug -log { - source(s_local); - filter(f_debug); - destination(df_debug); -}; - - -# *.=info;*.=notice;*.=warn;\ -# auth,authpriv.none;\ -# cron,daemon.none;\ -# mail,news.none -/var/log/messages -log { - source(s_local); - filter(f_messages); - destination(df_messages); -}; - -# *.emerg * -log { - source(s_local); - filter(f_emerg); - destination(du_all); -}; - - -<%- if kernel == 'Linux' -%> -# daemon.*;mail.*;\ -# news.crit;news.err;news.notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn |/dev/xconsole -log { - source(s_local); - filter(f_xconsole); - destination(dp_xconsole); -}; -<%- end -%> - - -<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%> - <%- if hostname != "heininen" -%> -destination loghost-heininen { - tcp("heininen.debian.org" port (5140) - tls( key_file("/etc/ssl/debian/keys/thishost.key") - cert_file("/etc/ssl/debian/certs/thishost.crt") - ca_dir("/etc/ssl/debian/certs/") - ) - ); -}; - <%- end -%> - <%- if hostname != "lotti" -%> -destination loghost-lotti { - tcp("lotti.debian.org" port (5140) - tls( key_file("/etc/ssl/debian/keys/thishost.key") - cert_file("/etc/ssl/debian/certs/thishost.crt") - ca_dir("/etc/ssl/debian/certs/") - ) - ); -}; - <%- end -%> - -log { - source(s_local); - <%- if hostname != "heininen" -%> - destination(loghost-heininen); - <%- end -%> - <%- if hostname != "lotti" -%> - destination(loghost-lotti); - <%- end -%> -}; -<%- end -%> - - - -<%- if (hostname == "heininen") || (hostname == "lotti") -%> -############################################################################### -########## ON LOG HOST ######################################################## -############################################################################### -############################################################################### -# -# The log server, additionally, also logs all local and remote messages to -# a few special places. -destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; - - -#---------------------------------------------------------------------- -# Special catch all destination hostdest_sorting by host -#---------------------------------------------------------------------- -destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; -destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit" - owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); }; - - -#---------------------------------------------------------------------- -# Catch all log files -#---------------------------------------------------------------------- -destination df_ALL_auth { file("/var/log/auth-all.log"); }; -destination df_ALL_mail { file("/var/log/mail-all.log"); }; -destination df_ALL_syslog { file("/var/log/syslog-all"); }; - -log { source(s_local); - source(s_network); - filter(f_auth); destination(hostdest_auth); }; -log { source(s_local); - source(s_network); - filter(f_syslog); destination(hostdest_syslog); }; -log { source(s_local); - source(s_network); - filter(f_daemon); destination(hostdest_daemon); }; -log { source(s_local); - source(s_network); - filter(f_kern); destination(hostdest_kern); }; -log { source(s_local); - source(s_network); - filter(f_lpr); destination(hostdest_lpr); }; -log { source(s_local); - source(s_network); - filter(f_mail); destination(hostdest_mail); }; -log { source(s_local); - source(s_network); - filter(f_news); destination(hostdest_mail); }; -log { source(s_local); - source(s_network); - filter(f_user); destination(hostdest_user); }; -log { source(s_local); - source(s_network); - filter(f_uucp); destination(hostdest_uucp); }; -log { source(s_local); - source(s_network); - filter(f_debug); destination(hostdest_debug); }; -log { source(s_local); - source(s_network); - filter(f_messages); destination(hostdest_messages); }; - -log { source(s_local); - source(s_network); - filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); }; -log { source(s_local); - source(s_network); - filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); }; -log { source(s_local); - source(s_network); - filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); }; - - -## catch all: -log { source(s_local); - source(s_network); - filter(f_auth); destination(df_ALL_auth); }; -log { source(s_local); - source(s_network); - filter(f_mail); destination(df_ALL_mail); }; -log { source(s_local); - source(s_network); - filter(f_syslog); destination(df_ALL_syslog); }; -<%- end -%>