New sequence to manage rsyslog config

Only client configuration for now
2019-12-12 23:51:26 +01:00
parent 9a303b634f
commit 358cff38b1
4 changed files with 88 additions and 0 deletions
--- a/seqs/rsyslog.sh
+++ b/seqs/rsyslog.sh
@@ -0,0 +1,77 @@
 #!/bin/bash
 # rsyslog management
 #
 # source:
 # - https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html
 toolName="rsyslog"
 toolConfig="/etc/rsyslog.conf"
 # Get script working directory
 # (when called from a different directory)
 WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
 CONFIG_SNMP="$WDIR/${toolName}/10-snmp.conf"
 CONFIG_CRON="$WDIR/${toolName}/10-cron.conf"
 CONFIG_REMOTE="$WDIR/${toolName}/90-remote.conf"
 step_1_info() { echo "Install $toolName"; }
 step_1_alias() { ALIAS="install"; }
 step_1() {
  exe apt update
  exe apt install "$toolName"
 }
 step_2_info() { echo "Check configuration"; }
 step_2_alias() { ALIAS="checkconf"; }
 step_2() {
  exe rsyslogd -N 1 -f "$toolConfig"
  endReturn -o $? "Invalid $toolName configuration"
 }
 step_10_info() { echo "Reduce snmpd syslog messages"; }
 step_10_alias() { ALIAS="snmpd"; }
 step_10() {
  addConf -s -f "$CONFIG_SNMP" "$CONFIG_SNMP_DEST"
  endReturn -o $?
  step checkconf
  exe service rsyslog restart
 }
 CONFIG_SNMP_DEST="/etc/rsyslog.d/$(basename $CONFIG_SNMP)"
 step_12_info() { echo "Reduce cron syslog messages"; }
 step_12_alias() { ALIAS="cron"; }
 step_12() {
  addConf -s -f "$CONFIG_CRON" "$CONFIG_CRON_DEST"
  endReturn -o $?
  step checkconf
  exe service rsyslog restart
 }
 CONFIG_CRON_DEST="/etc/rsyslog.d/$(basename $CONFIG_CRON)"
 step_14_info() { echo "Send syslog messages to remote syslog server <REMOTE_IP:PORT>"; }
 step_14_alias() { ALIAS="remote"; }
 step_14() {
  local rex='^[0-9\.]+\:[0-9]+$'
  local remoteHost=""
  # Check if string is a ipv4 address and port 
  if [[ "$2" =~ $rex ]] ; then
    remoteHost=$2
  else
    echoerr " [E] No valid IP:PORT detected: $2"
    return 1
  fi 
  addConf -s -f "$CONFIG_REMOTE" "$CONFIG_REMOTE_DEST"
  endReturn -o $? "Custom remote host $remoteHost not applied to destination or $MISSING_CONF"
  exe sed -i "s/12\.34\.56\.78\:514/${remoteHost}/" "$CONFIG_REMOTE_DEST"
  endReturn -o $? "Couldn't apply $remoteHost to $CONFIG_REMOTE_DEST"
  step checkconf
  exe service rsyslog restart
 }
 CONFIG_REMOTE_DEST="/etc/rsyslog.d/$(basename $CONFIG_REMOTE)"
 VERSION_SEQREV=8
 . /usr/local/bin/sequencer
--- a/seqs/rsyslog/10-cron.conf
+++ b/seqs/rsyslog/10-cron.conf
@@ -0,0 +1 @@
 if $programname == 'CRON' and re_match($msg, "\\(root\\).*CMD.*") then stop
--- a/seqs/rsyslog/10-snmp.conf
+++ b/seqs/rsyslog/10-snmp.conf
@@ -0,0 +1,6 @@
 #Blocking snmpd connection information
 if $programname == 'snmpd' and $msg contains 'Connection from UDP: [192.168.23.21' then stop
 if $programname == 'snmpd' and $msg contains 'Cannot statfs' then stop
 # raspberry pi sepcific
 if $programname == 'snmpd' and $msg contains 'pcilib:' then stop
 if $programname == 'sudo' and re_match($msg, "Debian-snmp.*USER=root.*COMMAND") then stop
--- a/seqs/rsyslog/90-remote.conf
+++ b/seqs/rsyslog/90-remote.conf
@@ -0,0 +1,4 @@
 # for UDP
@12.34.56.78:514
 # for tcp
 #@@12.34.56.78:514
		`@@ -0,0 +1 @@`
							`if $programname == 'CRON' and re_match($msg, "\\(root\\).CMD.") then stop`