Separate remote log stream from local
This fix separates the remote log streams from the local by binding the remote ruleset to the UDP and TCP input modules. Additionally new overrides are provided to allow for better customization: ``rsyslog_server_logrotation_window`` defaults to 14 days ``rsyslog_server_ratelimit_interval`` defaults to 0 seconds ``rsyslog_server_ratelimit_burst`` defaults to 10000 The rsyslog.conf is also now using v7+ style configuration settings Change-Id: I5759ea8fb7eaad79d857a335a4aede558aa0067d Closes-Bug: #1621559
This commit is contained in:
parent
02eebf7884
commit
2e9a46068f
|
@ -21,6 +21,7 @@ rsyslog_server_package_state: "latest"
|
|||
|
||||
rsyslog_server_spool_directory: /var/spool/rsyslog
|
||||
rsyslog_server_storage_directory: /var/log/rsyslog
|
||||
rsyslog_server_logrotation_window: 14 #Number of days to keep logfiles
|
||||
|
||||
# provides UDP syslog reception
|
||||
rsyslog_server_udp_reception: true
|
||||
|
@ -29,3 +30,9 @@ rsyslog_server_udp_port: 514
|
|||
# provides TCP syslog reception
|
||||
rsyslog_server_tcp_reception: true
|
||||
rsyslog_server_tcp_port: 514
|
||||
|
||||
# Rate limits
|
||||
rsyslog_server_ratelimit_interval: 0 # Disabled by default
|
||||
|
||||
# To use this setting, you have to configure a interval >0 seconds for rsyslog_server_ratelimit_interval
|
||||
rsyslog_server_ratelimit_burst: 10000
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
upgrade:
|
||||
- New overrides are provided to allow for better customization
|
||||
around logfile retention and rate limiting for UDP/TCP sockets.
|
||||
``rsyslog_server_logrotation_window`` defaults to 14 days
|
||||
``rsyslog_server_ratelimit_interval`` defaults to 0 seconds
|
||||
``rsyslog_server_ratelimit_burst`` defaults to 10000
|
||||
- The rsyslog.conf is now using v7+ style configuration settings
|
|
@ -3,7 +3,7 @@
|
|||
copytruncate
|
||||
weekly
|
||||
missingok
|
||||
rotate 14
|
||||
rotate {{ rsyslog_server_logrotation_window }}
|
||||
compress
|
||||
dateext
|
||||
maxage 60
|
||||
|
|
|
@ -3,40 +3,21 @@
|
|||
#################
|
||||
#### MODULES ####
|
||||
#################
|
||||
$ModLoad imuxsock # provides support for local system logging
|
||||
$ModLoad imklog # provides kernel logging support
|
||||
|
||||
{% if rsyslog_server_udp_reception == true %}
|
||||
# provides UDP syslog reception
|
||||
$ModLoad imudp
|
||||
$UDPServerRun {{ rsyslog_server_udp_port }}
|
||||
{% endif %}
|
||||
|
||||
{% if rsyslog_server_tcp_reception == true %}
|
||||
# provides TCP syslog reception
|
||||
$ModLoad imtcp
|
||||
$InputTCPServerRun {{ rsyslog_server_tcp_port }}
|
||||
{% endif %}
|
||||
|
||||
# Enable non-kernel facility klog messages
|
||||
$KLogPermitNonKernelFacility on
|
||||
|
||||
module(load="imuxsock") # provides support for local system logging
|
||||
module(load="imklog") # provides kernel logging support
|
||||
|
||||
###########################
|
||||
#### GLOBAL DIRECTIVES ####
|
||||
###########################
|
||||
#
|
||||
|
||||
# Use traditional timestamp format.
|
||||
# To enable high precision timestamps, comment out the following line.
|
||||
#
|
||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||
|
||||
# Filter duplicated messages
|
||||
$RepeatedMsgReduction on
|
||||
|
||||
#
|
||||
# Set the default permissions for all log files.
|
||||
#
|
||||
$FileOwner syslog
|
||||
$FileGroup adm
|
||||
$FileCreateMode 0640
|
||||
|
@ -45,17 +26,33 @@ $Umask 0022
|
|||
$PrivDropToUser syslog
|
||||
$PrivDropToGroup syslog
|
||||
|
||||
#
|
||||
# Where to place spool and state files
|
||||
#
|
||||
$WorkDirectory {{ rsyslog_server_spool_directory }}
|
||||
|
||||
#
|
||||
# Include all config files in /etc/rsyslog.d/
|
||||
#
|
||||
$IncludeConfig /etc/rsyslog.d/*.conf
|
||||
|
||||
$template DDF, "{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log"
|
||||
if \
|
||||
$source != 'logsrv' \
|
||||
then -?DDF
|
||||
# Log all remote messages into a sub directory
|
||||
template(name="DDF" type="string" string="{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log")
|
||||
ruleset(name="remote"){
|
||||
*.* -?DDF
|
||||
}
|
||||
|
||||
# Switch back to default ruleset
|
||||
$Ruleset RSYSLOG_DefaultRuleset
|
||||
|
||||
# Enable non-kernel facility klog messages
|
||||
$KLogPermitNonKernelFacility on
|
||||
|
||||
{% if rsyslog_server_udp_reception == true %}
|
||||
# Provides UDP syslog reception
|
||||
module(load="imudp")
|
||||
input(type="imudp" port="{{ rsyslog_server_udp_port }}" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}")
|
||||
{% endif %}
|
||||
|
||||
{% if rsyslog_server_tcp_reception == true %}
|
||||
# Provides TCP syslog reception
|
||||
module(load="imtcp")
|
||||
input(type="imtcp" port="514" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}")
|
||||
{% endif %}
|
||||
|
||||
# Include all config files in /etc/rsyslog.d/
|
||||
$IncludeConfig /etc/rsyslog.d/*.conf
|
||||
|
|
|
@ -33,5 +33,5 @@
|
|||
- name: Check role functions
|
||||
assert:
|
||||
that:
|
||||
- "'$template DDF' in (rsyslog_conf.content | b64decode)"
|
||||
- "'template(name=\"DDF' in (rsyslog_conf.content | b64decode)"
|
||||
- "os_aggregate_storage.stat.exists"
|
||||
|
|
Loading…
Reference in New Issue