Added TCP/TLS support for rsyslog client

2011-10-04 16:43:15 +03:00 · 2011-10-04 16:43:15 +03:00 · da6f4df080
commit da6f4df080
parent ac6c7387d4
4 changed files with 34 additions and 6 deletions
--- a/syslog/templates/rsyslog.conf.erb
+++ b/syslog/templates/rsyslog.conf.erb
@ -7,10 +7,12 @@ $ModLoad immark
 $ModLoad imklog
 # Provides support for local system logging (e.g. via logger command)
 $ModLoad imuxsock
+
 <% if operatingsystem == "OpenBSD" -%>
 # Local sockets for chrooted services
 $AddUnixListenSocket /var/empty/dev/log
 $AddUnixListenSocket /var/named/dev/log
 $AddUnixListenSocket /var/nsd/dev/log
 $AddUnixListenSocket /var/www/dev/log
+
 <% end -%>
--- a/syslog/templates/syslog.conf.OpenBSD.erb
+++ b/syslog/templates/syslog.conf.OpenBSD.erb
@ -1,4 +1,3 @@
-
 *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none	/var/log/messages
 kern.debug;syslog,user.info				/var/log/messages
 auth.info						/var/log/authlog
@ -12,11 +11,11 @@ mail.info						/var/log/maillog

 # Uncomment this line to send "important" messages to the system
 # console: be aware that this could create lots of output.
-#*.err;auth.notice;authpriv.none;kern.debug;mail.crit   /dev/console
+#*.err;auth.notice;authpriv.none;kern.debug;mail.crit	/dev/console

 # Uncomment this to have all messages of notice level and higher
 # as well as all authentication messages sent to root.
-#*.notice;auth.debug                                    root
+#*.notice;auth.debug					root

 # Everyone gets emergency messages.
-*.emerg                                                 *
+*.emerg							*
--- a/syslog/templates/syslog.conf.client.erb
+++ b/syslog/templates/syslog.conf.client.erb
@ -1,8 +1,21 @@

 *.*		<% if operatingsystem != "OpenBSD" %>-<% end %>/var/log/all.log
 mark.*		<% if operatingsystem != "OpenBSD" %>-<% end %>/var/log/all.log
+<% if has_variable?('syslog_tlsserver') and syslog_type == "rsyslog" -%>
+
+$DefaultNetstreamDriver gtls
+$DefaultNetstreamDriverCAFile <%= puppet_ssldir %>/certs/ca.pem
+$DefaultNetstreamDriverCertFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
+$DefaultNetstreamDriverKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+
+$ActionSendStreamDriverMode 1
+$ActionSendStreamDriverAuthMode x509/name
+$ActionSendStreamDriverPermittedPeer <%= syslog_tlsserver %>
+
+*.*		@@<%= syslog_tlsserver %>
+mark.*		@@<%= syslog_tlsserver %>
+<% elsif has_variable?('syslog_server') -%>

-<% if has_variable?('syslog_server') -%>
 *.*		@<%= syslog_server %>
 mark.*		@<%= syslog_server %>
 <% end -%>