#!/bin/bash # rsyslog management # # source: # - https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html toolName="rsyslog" toolConfig="/etc/rsyslog.conf" # Get script working directory # (when called from a different directory) WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" CONFIG_SNMP="$WDIR/${toolName}/10-snmp.conf" CONFIG_CRON="$WDIR/${toolName}/10-cron.conf" CONFIG_RNGD="$WDIR/${toolName}/10-rngd.conf" CONFIG_REMOTE="$WDIR/${toolName}/90-remote.conf" step_1_info() { echo "Install $toolName"; } step_1_alias() { echo "install"; } step_1() { exe apt update exe apt install "$toolName" } step_2_info() { echo "Check configuration"; } step_2_alias() { echo "checkconf"; } step_2() { exe rsyslogd -N 1 -f "$toolConfig" endReturn -o $? "Invalid $toolName configuration" } step_10_info() { echo "Reduce snmpd syslog messages"; } step_10_alias() { echo "snmpd"; } step_10() { addConf -s -f "$CONFIG_SNMP" "$CONFIG_SNMP_DEST" endReturn -o $? step checkconf exe service rsyslog restart } CONFIG_SNMP_DEST="/etc/rsyslog.d/$(basename $CONFIG_SNMP)" step_12_info() { echo "Reduce cron syslog messages"; } step_12_alias() { echo "cron"; } step_12() { addConf -s -f "$CONFIG_CRON" "$CONFIG_CRON_DEST" endReturn -o $? step checkconf exe service rsyslog restart } CONFIG_CRON_DEST="/etc/rsyslog.d/$(basename $CONFIG_CRON)" step_14_info() { echo "Reduce rngd syslog messages"; } step_14_alias() { echo "rngd"; } step_14() { addConf -s -f "$CONFIG_RNGD" "$CONFIG_RNGD_DEST" endReturn -o $? step checkconf exe service rsyslog restart } CONFIG_RNGD_DEST="/etc/rsyslog.d/$(basename $CONFIG_RNGD)" step_16_info() { echoinfoArgs "" echo "Send syslog messages to remote syslog server" } step_16_alias() { echo "remote"; } step_16() { local rex='^[0-9\.]+\:[0-9]+$' local remoteHost="" # Check if string is a ipv4 address and port if [[ "$2" =~ $rex ]] ; then remoteHost=$2 else error -e "No valid IP:PORT detected: $2" return 1 fi addConf -s -f "$CONFIG_REMOTE" "$CONFIG_REMOTE_DEST" endReturn -o $? "Custom remote host $remoteHost not applied to destination or check ${sqr_missingConf:-}" exe sed -i "s/12\.34\.56\.78\:514/${remoteHost}/" "$CONFIG_REMOTE_DEST" endReturn -o $? "Couldn't apply $remoteHost to $CONFIG_REMOTE_DEST" step checkconf exe service rsyslog restart } CONFIG_REMOTE_DEST="/etc/rsyslog.d/$(basename $CONFIG_REMOTE)" step_17_info() { echo "Add ufw rules for sending to remote syslog. Port 514/tcp"; } step_17_alias() { echo "ufw"; } step_17() { exe ufw allow out on eth0 to any port 514 proto tcp comment "syslog remote" } step_30_info() { echo "Activating syslog server"; } step_30_alias() { echo "server"; } step_30() { color green cat << SERVER_EOF # Uncomment the chapter provide UDP syslog reception provide TCP syslog reception SERVER_EOF } readonly sqr_minVersion=16 . /usr/local/bin/sequencer.sh