From 358cff38b1550b48b570ec633fe82fd73af7142b Mon Sep 17 00:00:00 2001 From: Martin Winkler Date: Thu, 12 Dec 2019 23:51:26 +0100 Subject: [PATCH] New sequence to manage rsyslog config Only client configuration for now --- seqs/rsyslog.sh | 77 +++++++++++++++++++++++++++++++++++++ seqs/rsyslog/10-cron.conf | 1 + seqs/rsyslog/10-snmp.conf | 6 +++ seqs/rsyslog/90-remote.conf | 4 ++ 4 files changed, 88 insertions(+) create mode 100755 seqs/rsyslog.sh create mode 100644 seqs/rsyslog/10-cron.conf create mode 100644 seqs/rsyslog/10-snmp.conf create mode 100644 seqs/rsyslog/90-remote.conf diff --git a/seqs/rsyslog.sh b/seqs/rsyslog.sh new file mode 100755 index 0000000..8efad40 --- /dev/null +++ b/seqs/rsyslog.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# rsyslog management +# +# source: +# - https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html + +toolName="rsyslog" +toolConfig="/etc/rsyslog.conf" + +# Get script working directory +# (when called from a different directory) +WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" +CONFIG_SNMP="$WDIR/${toolName}/10-snmp.conf" +CONFIG_CRON="$WDIR/${toolName}/10-cron.conf" +CONFIG_REMOTE="$WDIR/${toolName}/90-remote.conf" + +step_1_info() { echo "Install $toolName"; } +step_1_alias() { ALIAS="install"; } +step_1() { + exe apt update + exe apt install "$toolName" +} + +step_2_info() { echo "Check configuration"; } +step_2_alias() { ALIAS="checkconf"; } +step_2() { + exe rsyslogd -N 1 -f "$toolConfig" + endReturn -o $? "Invalid $toolName configuration" +} + +step_10_info() { echo "Reduce snmpd syslog messages"; } +step_10_alias() { ALIAS="snmpd"; } +step_10() { + addConf -s -f "$CONFIG_SNMP" "$CONFIG_SNMP_DEST" + endReturn -o $? + + step checkconf + exe service rsyslog restart +} +CONFIG_SNMP_DEST="/etc/rsyslog.d/$(basename $CONFIG_SNMP)" + +step_12_info() { echo "Reduce cron syslog messages"; } +step_12_alias() { ALIAS="cron"; } +step_12() { + addConf -s -f "$CONFIG_CRON" "$CONFIG_CRON_DEST" + endReturn -o $? + + step checkconf + exe service rsyslog restart +} +CONFIG_CRON_DEST="/etc/rsyslog.d/$(basename $CONFIG_CRON)" + +step_14_info() { echo "Send syslog messages to remote syslog server "; } +step_14_alias() { ALIAS="remote"; } +step_14() { + local rex='^[0-9\.]+\:[0-9]+$' + local remoteHost="" + # Check if string is a ipv4 address and port + if [[ "$2" =~ $rex ]] ; then + remoteHost=$2 + else + echoerr " [E] No valid IP:PORT detected: $2" + return 1 + fi + addConf -s -f "$CONFIG_REMOTE" "$CONFIG_REMOTE_DEST" + endReturn -o $? "Custom remote host $remoteHost not applied to destination or $MISSING_CONF" + exe sed -i "s/12\.34\.56\.78\:514/${remoteHost}/" "$CONFIG_REMOTE_DEST" + endReturn -o $? "Couldn't apply $remoteHost to $CONFIG_REMOTE_DEST" + + step checkconf + exe service rsyslog restart +} +CONFIG_REMOTE_DEST="/etc/rsyslog.d/$(basename $CONFIG_REMOTE)" + +VERSION_SEQREV=8 +. /usr/local/bin/sequencer diff --git a/seqs/rsyslog/10-cron.conf b/seqs/rsyslog/10-cron.conf new file mode 100644 index 0000000..a3a4ea5 --- /dev/null +++ b/seqs/rsyslog/10-cron.conf @@ -0,0 +1 @@ +if $programname == 'CRON' and re_match($msg, "\\(root\\).*CMD.*") then stop diff --git a/seqs/rsyslog/10-snmp.conf b/seqs/rsyslog/10-snmp.conf new file mode 100644 index 0000000..5edac3d --- /dev/null +++ b/seqs/rsyslog/10-snmp.conf @@ -0,0 +1,6 @@ +#Blocking snmpd connection information +if $programname == 'snmpd' and $msg contains 'Connection from UDP: [192.168.23.21' then stop +if $programname == 'snmpd' and $msg contains 'Cannot statfs' then stop +# raspberry pi sepcific +if $programname == 'snmpd' and $msg contains 'pcilib:' then stop +if $programname == 'sudo' and re_match($msg, "Debian-snmp.*USER=root.*COMMAND") then stop diff --git a/seqs/rsyslog/90-remote.conf b/seqs/rsyslog/90-remote.conf new file mode 100644 index 0000000..f74aa53 --- /dev/null +++ b/seqs/rsyslog/90-remote.conf @@ -0,0 +1,4 @@ +# for UDP +@12.34.56.78:514 +# for tcp +#@@12.34.56.78:514