111 lines
2.9 KiB
Bash
Executable File
111 lines
2.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# rsyslog management
|
|
#
|
|
# source:
|
|
# - https://selivan.github.io/2017/02/07/rsyslog-log-forward-save-filename-handle-multi-line-failover.html
|
|
|
|
toolName="rsyslog"
|
|
toolConfig="/etc/rsyslog.conf"
|
|
|
|
# Get script working directory
|
|
# (when called from a different directory)
|
|
WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
|
|
CONFIG_SNMP="$WDIR/${toolName}/10-snmp.conf"
|
|
CONFIG_CRON="$WDIR/${toolName}/10-cron.conf"
|
|
CONFIG_RNGD="$WDIR/${toolName}/10-rngd.conf"
|
|
CONFIG_REMOTE="$WDIR/${toolName}/90-remote.conf"
|
|
|
|
step_1_info() { echo "Install $toolName"; }
|
|
step_1_alias() { ALIAS="install"; }
|
|
step_1() {
|
|
exe apt update
|
|
exe apt install "$toolName"
|
|
}
|
|
|
|
step_2_info() { echo "Check configuration"; }
|
|
step_2_alias() { ALIAS="checkconf"; }
|
|
step_2() {
|
|
exe rsyslogd -N 1 -f "$toolConfig"
|
|
endReturn -o $? "Invalid $toolName configuration"
|
|
}
|
|
|
|
step_10_info() { echo "Reduce snmpd syslog messages"; }
|
|
step_10_alias() { ALIAS="snmpd"; }
|
|
step_10() {
|
|
addConf -s -f "$CONFIG_SNMP" "$CONFIG_SNMP_DEST"
|
|
endReturn -o $?
|
|
|
|
step checkconf
|
|
exe service rsyslog restart
|
|
}
|
|
CONFIG_SNMP_DEST="/etc/rsyslog.d/$(basename $CONFIG_SNMP)"
|
|
|
|
step_12_info() { echo "Reduce cron syslog messages"; }
|
|
step_12_alias() { ALIAS="cron"; }
|
|
step_12() {
|
|
addConf -s -f "$CONFIG_CRON" "$CONFIG_CRON_DEST"
|
|
endReturn -o $?
|
|
|
|
step checkconf
|
|
exe service rsyslog restart
|
|
}
|
|
CONFIG_CRON_DEST="/etc/rsyslog.d/$(basename $CONFIG_CRON)"
|
|
|
|
step_14_info() { echo "Reduce rngd syslog messages"; }
|
|
step_14_alias() { ALIAS="rngd"; }
|
|
step_14() {
|
|
addConf -s -f "$CONFIG_RNGD" "$CONFIG_RNGD_DEST"
|
|
endReturn -o $?
|
|
|
|
step checkconf
|
|
exe service rsyslog restart
|
|
}
|
|
CONFIG_RNGD_DEST="/etc/rsyslog.d/$(basename $CONFIG_RNGD)"
|
|
|
|
step_16_info() {
|
|
echoinfoArgs "<REMOTE_IP:PORT>"
|
|
echo "Send syslog messages to remote syslog server"
|
|
}
|
|
step_16_alias() { ALIAS="remote"; }
|
|
step_16() {
|
|
local rex='^[0-9\.]+\:[0-9]+$'
|
|
local remoteHost=""
|
|
# Check if string is a ipv4 address and port
|
|
if [[ "$2" =~ $rex ]] ; then
|
|
remoteHost=$2
|
|
else
|
|
echoerr " [E] No valid IP:PORT detected: $2"
|
|
return 1
|
|
fi
|
|
addConf -s -f "$CONFIG_REMOTE" "$CONFIG_REMOTE_DEST"
|
|
endReturn -o $? "Custom remote host $remoteHost not applied to destination or $MISSING_CONF"
|
|
exe sed -i "s/12\.34\.56\.78\:514/${remoteHost}/" "$CONFIG_REMOTE_DEST"
|
|
endReturn -o $? "Couldn't apply $remoteHost to $CONFIG_REMOTE_DEST"
|
|
|
|
step checkconf
|
|
exe service rsyslog restart
|
|
}
|
|
CONFIG_REMOTE_DEST="/etc/rsyslog.d/$(basename $CONFIG_REMOTE)"
|
|
|
|
step_17_info() { echo "Add ufw rules for sending to remote syslog. Port 514/tcp"; }
|
|
step_17_alias() { ALIAS="ufw"; }
|
|
step_17() {
|
|
exe ufw allow out on eth0 to any port 514 proto tcp comment "syslog remote"
|
|
}
|
|
|
|
step_30_info() { echo "Activating syslog server"; }
|
|
step_30_alias() { ALIAS="server"; }
|
|
step_30() {
|
|
outColor green
|
|
cat << SERVER_EOF
|
|
|
|
# Uncomment the chapter
|
|
provide UDP syslog reception
|
|
provide TCP syslog reception
|
|
SERVER_EOF
|
|
}
|
|
|
|
VERSION_SEQREV=14
|
|
. /usr/local/bin/sequencer.sh
|