Download as
Browse Code »

Commit 25847d30f9663736f0a9bd141055377b6fe06c0b

Authored by Paulo Tada
1 parent 81a0701b
Exists in syslog

Adding rsyslog cookbook and creating a new template for firewall monitor machine

Showing 6 changed files with 142 additions and 0 deletions   Show diff stats
cookbooks/firewall/templates/host-monitor/iptables-filter.erb 0 → 100644
  Diff comments   View file @25847d3
@@ -0,0 +1,5 @@ @@ -0,0 +1,5 @@
  1 +# Allow access to Rsyslog
  2 +-A INPUT -s <%= node['peers']['integration'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
  3 +-A INPUT -s <%= node['peers']['social'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
  4 +-A INPUT -s <%= node['peers']['email'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
  5 +-A INPUT -s <%= node['peers']['database'] %> -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
0 \ No newline at end of file 6 \ No newline at end of file
cookbooks/firewall/templates/host-monitor/iptables-nat.erb 0 → 100644
  Diff comments   View file @25847d3
cookbooks/rsyslog/recipes/node.rb 0 → 100644
  Diff comments   View file @25847d3
@@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@
  1 +# This cookbook installs a cliente rsyslog
  2 +
  3 +package 'rsyslog' do
  4 + action [:install, :upgrade]
  5 +end
  6 +
  7 +template '/etc/rsyslog.conf' do
  8 + source "node/rsyslog.conf.erb"
  9 + owner 'root'
  10 + group 'root'
  11 + mode 0755
  12 +end
  13 +
  14 +service 'rsyslog' do
  15 + action [:enable, :restart]
  16 +end
0 \ No newline at end of file 17 \ No newline at end of file
cookbooks/rsyslog/recipes/server.rb 0 → 100644
  Diff comments   View file @25847d3
@@ -0,0 +1,16 @@ @@ -0,0 +1,16 @@
  1 +# This cookbook installs a server rsyslog
  2 +
  3 +package 'rsyslog' do
  4 + action [:install, :upgrade]
  5 +end
  6 +
  7 +template '/etc/rsyslog.conf' do
  8 + source 'server/rsyslog.conf.erb'
  9 + owner 'root'
  10 + group 'root'
  11 + mode 0755
  12 +end
  13 +
  14 +service 'rsyslog' do
  15 + action [:enable, :restart]
  16 +end
0 \ No newline at end of file 17 \ No newline at end of file
cookbooks/rsyslog/templates/node/rsyslog.conf.erb 0 → 100644
  Diff comments   View file @25847d3
@@ -0,0 +1,50 @@ @@ -0,0 +1,50 @@
  1 +#### MODULES ####
  2 +
  3 +# The imjournal module bellow is now used as a message source instead of imuxsock.
  4 +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
  5 +$ModLoad imjournal # provides access to the systemd journal
  6 +
  7 +#### GLOBAL DIRECTIVES ####
  8 +
  9 +# Where to place auxiliary files
  10 +$WorkDirectory /var/lib/rsyslog
  11 +
  12 +# Use default timestamp format
  13 +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
  14 +
  15 +# Include all config files in /etc/rsyslog.d/
  16 +$IncludeConfig /etc/rsyslog.d/*.conf
  17 +
  18 +# Turn off message reception via local log socket;
  19 +# local messages are retrieved through imjournal now.
  20 +$OmitLocalLogging on
  21 +
  22 +# File to store the position in the journal
  23 +$IMJournalStateFile imjournal.state
  24 +
  25 +#### RULES ####
  26 +
  27 +# Log anything (except mail) of level info or higher.
  28 +# Don't log private authentication messages!
  29 +*.info;mail.none;authpriv.none;cron.none /var/log/messages
  30 +
  31 +# The authpriv file has restricted access.
  32 +authpriv.* /var/log/secure
  33 +
  34 +# Log all the mail messages in one place.
  35 +mail.* -/var/log/maillog
  36 +
  37 +# Log cron stuff
  38 +cron.* /var/log/cron
  39 +
  40 +# Everybody gets emergency messages
  41 +*.emerg :omusrmsg:*
  42 +
  43 +# Save news errors of level crit and higher in a special file.
  44 +uucp,news.crit /var/log/spooler
  45 +
  46 +# Save boot messages also to boot.log
  47 +local7.* /var/log/boot.log
  48 +
  49 +# Sending <%= node.name %> logs
  50 +*.* @@<%= node['peers']['monitor'] %>
0 \ No newline at end of file 51 \ No newline at end of file
cookbooks/rsyslog/templates/server/rsyslog.conf.erb 0 → 100644
  Diff comments   View file @25847d3
@@ -0,0 +1,55 @@ @@ -0,0 +1,55 @@
  1 +#### MODULES ####
  2 +
  3 +# The imjournal module bellow is now used as a message source instead of imuxsock.
  4 +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
  5 +$ModLoad imjournal # provides access to the systemd journal
  6 +
  7 +# Provides TCP syslog reception
  8 +$ModLoad imtcp
  9 +$InputTCPServerRun 514
  10 +
  11 +#### GLOBAL DIRECTIVES ####
  12 +
  13 +# Where to place auxiliary files
  14 +$WorkDirectory /var/lib/rsyslog
  15 +
  16 +# Use default timestamp format
  17 +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
  18 +
  19 +# Include all config files in /etc/rsyslog.d/
  20 +$IncludeConfig /etc/rsyslog.d/*.conf
  21 +
  22 +# Turn off message reception via local log socket;
  23 +# local messages are retrieved through imjournal now.
  24 +$OmitLocalLogging on
  25 +
  26 +# File to store the position in the journal
  27 +$IMJournalStateFile imjournal.state
  28 +
  29 +#### RULES ####
  30 +
  31 +# Log anything (except mail) of level info or higher.
  32 +# Don't log private authentication messages!
  33 +*.info;mail.none;authpriv.none;cron.none /var/log/messages
  34 +
  35 +# The authpriv file has restricted access.
  36 +authpriv.* /var/log/secure
  37 +
  38 +# Log all the mail messages in one place.
  39 +mail.* -/var/log/maillog
  40 +
  41 +# Log cron stuff
  42 +cron.* /var/log/cron
  43 +
  44 +# Everybody gets emergency messages
  45 +*.emerg :omusrmsg:*
  46 +
  47 +# Save news errors of level crit and higher in a special file.
  48 +uucp,news.crit /var/log/spooler
  49 +
  50 +# Save boot messages also to boot.log
  51 +local7.* /var/log/boot.log
  52 +
  53 +# SPB logs
  54 +# Social
  55 +if $fromhost-ip=='<%= node['peers']['social']%>' then /var/log/spb/social/social.log
0 \ No newline at end of file 56 \ No newline at end of file