2017-01-29 13:33:33 -06:00
|
|
|
###############################################################################
|
|
|
|
# Managed by Ansible
|
|
|
|
# file: ansible/roles/acs/templates/rsyslog.conf.j2
|
|
|
|
###############################################################################
|
|
|
|
#
|
|
|
|
# /etc/rsyslog.conf Configuration file for rsyslog.
|
|
|
|
#
|
|
|
|
# For more information see
|
|
|
|
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
|
|
|
|
|
|
|
|
|
|
|
|
#################
|
|
|
|
#### MODULES ####
|
|
|
|
#################
|
|
|
|
|
|
|
|
$ModLoad imuxsock # provides support for local system logging
|
2022-12-20 02:53:58 -06:00
|
|
|
|
2023-09-14 07:52:14 -05:00
|
|
|
{% set gconf = (SYSLOG_CONFIG | d({})).get('GLOBAL', {}) -%}
|
|
|
|
{% set rate_limit_interval = gconf.get('rate_limit_interval') %}
|
|
|
|
{% set rate_limit_burst = gconf.get('rate_limit_burst') %}
|
2022-12-20 02:53:58 -06:00
|
|
|
|
2023-09-14 07:52:14 -05:00
|
|
|
{% if rate_limit_interval is not none %}
|
2022-12-20 02:53:58 -06:00
|
|
|
$SystemLogRateLimitInterval {{ rate_limit_interval }}
|
|
|
|
{% endif %}
|
2023-09-14 07:52:14 -05:00
|
|
|
{% if rate_limit_burst is not none %}
|
2022-12-20 02:53:58 -06:00
|
|
|
$SystemLogRateLimitBurst {{ rate_limit_burst }}
|
|
|
|
{% endif %}
|
|
|
|
|
2017-01-29 13:33:33 -06:00
|
|
|
$ModLoad imklog # provides kernel logging support
|
|
|
|
#$ModLoad immark # provides --MARK-- message capability
|
|
|
|
|
|
|
|
# provides UDP syslog reception
|
|
|
|
$ModLoad imudp
|
2020-06-30 08:29:20 -05:00
|
|
|
$UDPServerAddress {{udp_server_ip}} #bind to localhost before udp server run
|
2017-01-29 13:33:33 -06:00
|
|
|
$UDPServerRun 514
|
|
|
|
|
|
|
|
# provides TCP syslog reception
|
|
|
|
#$ModLoad imtcp
|
|
|
|
#$InputTCPServerRun 514
|
|
|
|
|
|
|
|
|
|
|
|
###########################
|
|
|
|
#### GLOBAL DIRECTIVES ####
|
|
|
|
###########################
|
2023-09-14 07:52:14 -05:00
|
|
|
{% set format = gconf.get('format', 'standard') -%}
|
|
|
|
{% set fw_name = gconf.get('welf_firewall_name', hostname) -%}
|
2017-01-29 13:33:33 -06:00
|
|
|
#
|
|
|
|
# Use traditional timestamp format.
|
|
|
|
# To enable high precision timestamps, comment out the following line.
|
|
|
|
#
|
|
|
|
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
|
|
|
|
|
|
|
# Define a custom template
|
2017-09-08 20:25:25 -05:00
|
|
|
$template SONiCFileFormat,"%timegenerated%.%timegenerated:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
|
2017-04-21 10:22:44 -05:00
|
|
|
$ActionFileDefaultTemplate SONiCFileFormat
|
2017-01-29 13:33:33 -06:00
|
|
|
|
2023-09-14 07:52:14 -05:00
|
|
|
template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall time=\"%timereported\
|
|
|
|
:::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
|
|
|
|
:::date-second%\" fw=\"{{ fw_name }}\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
|
|
|
|
|
2017-01-29 13:33:33 -06:00
|
|
|
#
|
|
|
|
# Set the default permissions for all log files.
|
|
|
|
#
|
|
|
|
$FileOwner root
|
|
|
|
$FileGroup adm
|
|
|
|
$FileCreateMode 0640
|
|
|
|
$DirCreateMode 0755
|
|
|
|
$Umask 0022
|
|
|
|
|
|
|
|
#
|
|
|
|
# Where to place spool and state files
|
|
|
|
#
|
|
|
|
$WorkDirectory /var/spool/rsyslog
|
|
|
|
|
|
|
|
#
|
|
|
|
# Include all config files in /etc/rsyslog.d/
|
|
|
|
#
|
|
|
|
$IncludeConfig /etc/rsyslog.d/*.conf
|
|
|
|
|
2019-01-29 05:41:40 -06:00
|
|
|
#
|
|
|
|
# Suppress duplicate messages and report "message repeated n times"
|
|
|
|
#
|
|
|
|
$RepeatedMsgReduction on
|
2017-01-29 13:33:33 -06:00
|
|
|
|
|
|
|
###############
|
|
|
|
#### RULES ####
|
|
|
|
###############
|
2022-07-20 02:05:13 -05:00
|
|
|
|
|
|
|
#
|
|
|
|
# Remote syslog logging
|
|
|
|
#
|
|
|
|
|
2023-09-14 07:52:14 -05:00
|
|
|
# The omfwd plug-in provides the core functionality of traditional message
|
|
|
|
# forwarding via UDP and plain TCP. It is a built-in module that does not need
|
|
|
|
# to be loaded.
|
2023-08-14 15:12:33 -05:00
|
|
|
|
2023-09-14 07:52:14 -05:00
|
|
|
{% set servers = SYSLOG_SERVER | d({}) -%}
|
|
|
|
{% for server in servers %}
|
|
|
|
{% set conf = servers[server] | d({}) -%}
|
|
|
|
|
|
|
|
{% set source = conf.get('source') -%}
|
|
|
|
{% set port = conf.get('port', 514) -%}
|
|
|
|
{% set proto = conf.get('protocol', 'udp') -%}
|
|
|
|
{% set vrf = conf.get('vrf', 'default') -%}
|
|
|
|
{% set severity = conf.get('severity', gconf.get('severity', 'notice')) -%}
|
|
|
|
{% set filter = conf.get('filter') -%}
|
|
|
|
{% set regex = conf.get('filter_regex') -%}
|
|
|
|
|
|
|
|
{% set fmodifier = '!' if filter == 'exclude' else '' %}
|
|
|
|
{% set device = 'eth0' if vrf == 'default' else vrf -%}
|
|
|
|
{% set template = 'WelfRemoteFormat' if format == 'welf' else 'SONiCFileFormat' -%}
|
|
|
|
|
|
|
|
{# Server extra options -#}
|
|
|
|
{% set options = '' -%}
|
|
|
|
|
|
|
|
{% if source -%}
|
|
|
|
{% set options = options ~ ' Address="' ~ source ~ '"'-%}
|
|
|
|
{% endif -%}
|
|
|
|
|
|
|
|
{% if filter %}
|
|
|
|
:msg, {{ fmodifier }}ereregex, "{{ regex }}"
|
2022-07-20 02:05:13 -05:00
|
|
|
{% endif %}
|
2023-09-14 07:52:14 -05:00
|
|
|
*.{{ severity }}
|
|
|
|
action(type="omfwd" Target="{{ server }}" Port="{{ port }}" Protocol="{{ proto }}" Device="{{ device }}" Template="{{ template }}"{{ options }})
|
2022-07-20 02:05:13 -05:00
|
|
|
{% endfor %}
|