From 2e9a46068fce51c594f08d450d4432a417d29a99 Mon Sep 17 00:00:00 2001 From: Bjoern Teipel Date: Thu, 8 Sep 2016 13:48:31 -0500 Subject: [PATCH] Separate remote log stream from local This fix separates the remote log streams from the local by binding the remote ruleset to the UDP and TCP input modules. Additionally new overrides are provided to allow for better customization: ``rsyslog_server_logrotation_window`` defaults to 14 days ``rsyslog_server_ratelimit_interval`` defaults to 0 seconds ``rsyslog_server_ratelimit_burst`` defaults to 10000 The rsyslog.conf is also now using v7+ style configuration settings Change-Id: I5759ea8fb7eaad79d857a335a4aede558aa0067d Closes-Bug: #1621559 --- defaults/main.yml | 7 +++ ...emote-log-separation-76de4b64f0c18edb.yaml | 8 +++ templates/os_aggregate_storage.j2 | 2 +- templates/rsyslog.conf.j2 | 61 +++++++++---------- tests/test.yml | 2 +- 5 files changed, 46 insertions(+), 34 deletions(-) create mode 100644 releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 581f8f7..28b4c64 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -21,6 +21,7 @@ rsyslog_server_package_state: "latest" rsyslog_server_spool_directory: /var/spool/rsyslog rsyslog_server_storage_directory: /var/log/rsyslog +rsyslog_server_logrotation_window: 14 #Number of days to keep logfiles # provides UDP syslog reception rsyslog_server_udp_reception: true @@ -29,3 +30,9 @@ rsyslog_server_udp_port: 514 # provides TCP syslog reception rsyslog_server_tcp_reception: true rsyslog_server_tcp_port: 514 + +# Rate limits +rsyslog_server_ratelimit_interval: 0 # Disabled by default + +# To use this setting, you have to configure a interval >0 seconds for rsyslog_server_ratelimit_interval +rsyslog_server_ratelimit_burst: 10000 diff --git a/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml b/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml new file mode 100644 index 0000000..5a29e08 --- /dev/null +++ b/releasenotes/notes/rsyslog-remote-log-separation-76de4b64f0c18edb.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - New overrides are provided to allow for better customization + around logfile retention and rate limiting for UDP/TCP sockets. + ``rsyslog_server_logrotation_window`` defaults to 14 days + ``rsyslog_server_ratelimit_interval`` defaults to 0 seconds + ``rsyslog_server_ratelimit_burst`` defaults to 10000 + - The rsyslog.conf is now using v7+ style configuration settings diff --git a/templates/os_aggregate_storage.j2 b/templates/os_aggregate_storage.j2 index 1da60c7..e0144b7 100644 --- a/templates/os_aggregate_storage.j2 +++ b/templates/os_aggregate_storage.j2 @@ -3,7 +3,7 @@ copytruncate weekly missingok - rotate 14 + rotate {{ rsyslog_server_logrotation_window }} compress dateext maxage 60 diff --git a/templates/rsyslog.conf.j2 b/templates/rsyslog.conf.j2 index 5f2e35b..84c66cb 100644 --- a/templates/rsyslog.conf.j2 +++ b/templates/rsyslog.conf.j2 @@ -3,40 +3,21 @@ ################# #### MODULES #### ################# -$ModLoad imuxsock # provides support for local system logging -$ModLoad imklog # provides kernel logging support - -{% if rsyslog_server_udp_reception == true %} -# provides UDP syslog reception -$ModLoad imudp -$UDPServerRun {{ rsyslog_server_udp_port }} -{% endif %} - -{% if rsyslog_server_tcp_reception == true %} -# provides TCP syslog reception -$ModLoad imtcp -$InputTCPServerRun {{ rsyslog_server_tcp_port }} -{% endif %} - -# Enable non-kernel facility klog messages -$KLogPermitNonKernelFacility on - +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support ########################### #### GLOBAL DIRECTIVES #### ########################### -# + # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. -# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Filter duplicated messages $RepeatedMsgReduction on -# # Set the default permissions for all log files. -# $FileOwner syslog $FileGroup adm $FileCreateMode 0640 @@ -45,17 +26,33 @@ $Umask 0022 $PrivDropToUser syslog $PrivDropToGroup syslog -# # Where to place spool and state files -# $WorkDirectory {{ rsyslog_server_spool_directory }} -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf -$template DDF, "{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log" -if \ -$source != 'logsrv' \ -then -?DDF +# Log all remote messages into a sub directory +template(name="DDF" type="string" string="{{ rsyslog_server_storage_directory }}/%hostname%/%programname%.log") +ruleset(name="remote"){ + *.* -?DDF +} + +# Switch back to default ruleset +$Ruleset RSYSLOG_DefaultRuleset + +# Enable non-kernel facility klog messages +$KLogPermitNonKernelFacility on + +{% if rsyslog_server_udp_reception == true %} +# Provides UDP syslog reception +module(load="imudp") +input(type="imudp" port="{{ rsyslog_server_udp_port }}" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}") +{% endif %} + +{% if rsyslog_server_tcp_reception == true %} +# Provides TCP syslog reception +module(load="imtcp") +input(type="imtcp" port="514" ruleset="remote" RateLimit.Interval="{{ rsyslog_server_ratelimit_interval }}" RateLimit.Burst="{{ rsyslog_server_ratelimit_burst }}") +{% endif %} + +# Include all config files in /etc/rsyslog.d/ +$IncludeConfig /etc/rsyslog.d/*.conf diff --git a/tests/test.yml b/tests/test.yml index d198d57..24bd624 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -33,5 +33,5 @@ - name: Check role functions assert: that: - - "'$template DDF' in (rsyslog_conf.content | b64decode)" + - "'template(name=\"DDF' in (rsyslog_conf.content | b64decode)" - "os_aggregate_storage.stat.exists"