Separate remote log stream from local

This fix separates the remote log streams from the local by binding the remote ruleset to the UDP and TCP input modules. Additionally new overrides are provided to allow for better customization: ``rsyslog_server_logrotation_window`` defaults to 14 days ``rsyslog_server_ratelimit_interval`` defaults to 0 seconds ``rsyslog_server_ratelimit_burst`` defaults to 10000 The rsyslog.conf is also now using v7+ style configuration settings Change-Id: I5759ea8fb7eaad79d857a335a4aede558aa0067d Closes-Bug: #1621559
2016-09-08 13:48:31 -05:00 · 2016-09-08 13:48:31 -05:00 · 2e9a46068f
parent 02eebf7884
commit 2e9a46068f
5 changed files with 46 additions and 34 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -21,6 +21,7 @@ rsyslog_server_package_state: "latest"

 rsyslog_server_spool_directory: /var/spool/rsyslog
 rsyslog_server_storage_directory: /var/log/rsyslog
+rsyslog_server_logrotation_window: 14 #Number of days to keep logfiles

 # provides UDP syslog reception
 rsyslog_server_udp_reception: true
@ -29,3 +30,9 @@ rsyslog_server_udp_port: 514
 # provides TCP syslog reception
 rsyslog_server_tcp_reception: true
 rsyslog_server_tcp_port: 514
+
+# Rate limits
+rsyslog_server_ratelimit_interval: 0 # Disabled by default
+
+# To use this setting, you have to configure a interval >0 seconds for rsyslog_server_ratelimit_interval
+rsyslog_server_ratelimit_burst: 10000
--- a/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml
+++ b/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - New overrides are provided to allow for better customization
+    around logfile retention and rate limiting for UDP/TCP sockets.
+    ``rsyslog_server_logrotation_window`` defaults to 14 days
+    ``rsyslog_server_ratelimit_interval`` defaults to 0 seconds
+    ``rsyslog_server_ratelimit_burst`` defaults to 10000
+  - The rsyslog.conf is now using v7+ style configuration settings
--- a/templates/os_aggregate_storage.j2
+++ b/templates/os_aggregate_storage.j2
@ -3,7 +3,7 @@
        copytruncate
        weekly
        missingok
-        rotate 14
+        rotate {{ rsyslog_server_logrotation_window }}
        compress
        dateext
        maxage 60
--- a/templates/rsyslog.conf.j2
+++ b/templates/rsyslog.conf.j2
@ -3,40 +3,21 @@
 #################
 #### MODULES ####
 #################
-$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog   # provides kernel logging support
-
-{% if rsyslog_server_udp_reception == true %}
-# provides UDP syslog reception
-$ModLoad imudp
-$UDPServerRun {{ rsyslog_server_udp_port }}
-{% endif %}
-
-{% if rsyslog_server_tcp_reception == true %}
-# provides TCP syslog reception
-$ModLoad imtcp
-$InputTCPServerRun {{ rsyslog_server_tcp_port }}
-{% endif %}
-
-# Enable non-kernel facility klog messages
-$KLogPermitNonKernelFacility on
-
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog") # provides kernel logging support

 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
-#
+
 # Use traditional timestamp format.
 # To enable high precision timestamps, comment out the following line.
-#
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

 # Filter duplicated messages
 $RepeatedMsgReduction on

-#
 # Set the default permissions for all log files.
-#
 $FileOwner syslog
 $FileGroup adm
 $FileCreateMode 0640
@ -45,17 +26,33 @@ $Umask 0022
 $PrivDropToUser syslog
 $PrivDropToGroup syslog

-#
 # Where to place spool and state files
-#
 $WorkDirectory {{ rsyslog_server_spool_directory }}

-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf

-$template DDF, "{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log"
-if \
-$source != 'logsrv' \
-then -?DDF
+# Log all remote messages into a sub directory
+template(name="DDF" type="string" string="{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log")
+ruleset(name="remote"){
+  *.* -?DDF
+}
+
+# Switch back to default ruleset
+$Ruleset RSYSLOG_DefaultRuleset
+
+# Enable non-kernel facility klog messages
+$KLogPermitNonKernelFacility on
+
+{% if rsyslog_server_udp_reception == true %}
+# Provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="{{ rsyslog_server_udp_port }}" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}")
+{% endif %}
+
+{% if rsyslog_server_tcp_reception == true %}
+# Provides TCP syslog reception
+module(load="imtcp")
+input(type="imtcp" port="514" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}")
+{% endif %}
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
--- a/tests/test.yml
+++ b/tests/test.yml
@ -33,5 +33,5 @@
    - name: Check role functions
      assert:
        that:
-          - "'$template DDF' in (rsyslog_conf.content | b64decode)"
+          - "'template(name=\"DDF' in (rsyslog_conf.content | b64decode)"
          - "os_aggregate_storage.stat.exists"