added rsyslog lab work for logging project
This commit is contained in:
parent
1ee7d5f00e
commit
ea06929d4f
1
rsyslog/Readme.txt
Normal file
1
rsyslog/Readme.txt
Normal file
@ -0,0 +1 @@
|
||||
Config dump from my lab, passwords are not real.
|
||||
37
rsyslog/rsyslog/manage_rsyslog_logrotate.yaml
Normal file
37
rsyslog/rsyslog/manage_rsyslog_logrotate.yaml
Normal file
@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: Manage rsyslog and logrotate configurations locally on Ubuntu 20.04 LTS
|
||||
hosts: localhost
|
||||
become: yes
|
||||
connection: local
|
||||
gather_facts: yes
|
||||
tasks:
|
||||
- name: Install rsyslog and logrotate packages
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- rsyslog
|
||||
- logrotate
|
||||
state: present
|
||||
|
||||
- name: Copy rsyslog configuration file
|
||||
ansible.builtin.copy:
|
||||
src: rsyslog.conf
|
||||
dest: /etc/rsyslog.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: restart rsyslog
|
||||
|
||||
- name: Copy logrotate configuration file for rsyslog JSON logs
|
||||
ansible.builtin.copy:
|
||||
src: rsyslog-json
|
||||
dest: /etc/logrotate.d/rsyslog-json
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
handlers:
|
||||
- name: restart rsyslog
|
||||
ansible.builtin.systemd:
|
||||
name: rsyslog
|
||||
state: restarted
|
||||
|
||||
17
rsyslog/rsyslog/pgsql.conf
Normal file
17
rsyslog/rsyslog/pgsql.conf
Normal file
@ -0,0 +1,17 @@
|
||||
### Configuration file for rsyslog-pgsql
|
||||
### Changes are preserved
|
||||
|
||||
module (load="ompgsql")
|
||||
|
||||
#came from package
|
||||
# *.* action(type="ompgsql" server="localhost" db="Syslog" uid="rsyslog" pwd="test")
|
||||
|
||||
# Legacy template for PostgreSQL
|
||||
# $template pgsqlLogFormat,"INSERT INTO logs (log_data) VALUES ('%msg:jsonLogFormat%')",SQL
|
||||
$template pgsqlCombinedTemplate,"INSERT INTO logs (log_data) VALUES ('{\"timestamp\":\"%timereported:::date-rfc3339%\",\"message\":\"%msg:::json%\",\"host\":\"%hostname:::json%\",\"severity\":\"%syslogseverity-text:::json%\",\"facility\":\"%syslogfacility-text:::json%\",\"syslogtag\":\"%syslogtag:::json%\"}')",SQL
|
||||
|
||||
# Save incoming logs to PostgreSQL DB with caching
|
||||
if $fromhost-ip != '127.0.0.1' then {
|
||||
action(type="ompgsql" server="localhost" user="myuser" pass="mypassword" db="logs" template="pgsqlCombinedTemplate" queue.type="LinkedList" queue.size="10000" queue.workerThreads="2" queue.dequeueBatchSize="100" queue.highWatermark="8000" queue.lowWatermark="2000" queue.discardSeverity="0" queue.discardMark="9750")
|
||||
}
|
||||
|
||||
13
rsyslog/rsyslog/rsyslog-json
Normal file
13
rsyslog/rsyslog/rsyslog-json
Normal file
@ -0,0 +1,13 @@
|
||||
/var/log/remote/*/*/*.log /var/log/remote/*/*/*.json {
|
||||
daily
|
||||
missingok
|
||||
rotate 7
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
create 0640 root adm
|
||||
postrotate
|
||||
invoke-rc.d rsyslog rotate >/dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
||||
|
||||
60
rsyslog/rsyslog/rsyslog.conf
Normal file
60
rsyslog/rsyslog/rsyslog.conf
Normal file
@ -0,0 +1,60 @@
|
||||
# Load input modules (Choose TCP or UDP)
|
||||
module(load="imtcp")
|
||||
input(type="imtcp" port="514")
|
||||
|
||||
# OR
|
||||
|
||||
module(load="imudp")
|
||||
input(type="imudp" port="514")
|
||||
|
||||
# Queue configuration for caching
|
||||
$ActionQueueType LinkedList
|
||||
$ActionQueueSize 10000
|
||||
$ActionQueueWorkerThreads 2
|
||||
$ActionQueueDequeueBatchSize 100
|
||||
$ActionQueueHighWatermark 8000
|
||||
$ActionQueueLowWatermark 2000
|
||||
$ActionQueueDiscardSeverity 0
|
||||
$ActionQueueDiscardMark 9750
|
||||
|
||||
# JSON log format template
|
||||
template(name="jsonLogFormat" type="list") {
|
||||
constant(value="{")
|
||||
constant(value="\"timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
|
||||
constant(value="\",\"message\":\"") property(name="msg")
|
||||
constant(value="\",\"host\":\"") property(name="hostname")
|
||||
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
|
||||
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
|
||||
constant(value="\",\"syslogtag\":\"") property(name="syslogtag")
|
||||
constant(value="\"}")
|
||||
}
|
||||
|
||||
|
||||
# Dynamic file name template based on date, host, and application
|
||||
template(name="DynamicFile" type="list") {
|
||||
constant(value="/var/log/remote/")
|
||||
property(name="timereported" dateFormat="year")
|
||||
constant(value="/")
|
||||
property(name="timereported" dateFormat="month")
|
||||
constant(value="/")
|
||||
property(name="timereported" dateFormat="day")
|
||||
constant(value="/")
|
||||
property(name="hostname")
|
||||
constant(value="/")
|
||||
property(name="programname")
|
||||
constant(value=".log")
|
||||
}
|
||||
|
||||
|
||||
# Save incoming logs to dynamic file names with caching
|
||||
if $fromhost-ip != '127.0.0.1' then {
|
||||
action(type="omfile" dynaFile="DynamicFile" template="jsonLogFormat" queue.type="LinkedList" queue.size="10000" queue.workerThreads="2" queue.dequeueBatchSize="100" queue.highWatermark="8000" queue.lowWatermark="2000" queue.discardSeverity="0" queue.discardMark="9750")
|
||||
}
|
||||
|
||||
include(file="/etc/rsyslog.d/pgsql.conf")
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
10
rsyslog/rsyslog/run.sh
Executable file
10
rsyslog/rsyslog/run.sh
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Usage: $0 <playbook_file>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
playbook_file=$1
|
||||
|
||||
ansible-playbook $playbook_file --ask-become-pass
|
||||
Loading…
Reference in New Issue
Block a user