tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added TCP/TLS support for rsyslog client

Browse source
This commit is contained in:
Ossi Salmi 2011-10-04 16:43:15 +03:00 committed by Timo Mkinen
parent ac6c7387d4
commit da6f4df080
4 changed files with 34 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
syslog/manifests/init.pp
View file

@ -10,11 +10,19 @@
# $syslog_server: # $syslog_server:
# Address of remote syslog server where to send logs. # Address of remote syslog server where to send logs.
# #
# $syslog_tlsserver:
# Address of remote syslog server where to send logs over TCP/TLS.
#
class syslog::client { class syslog::client {
if !$syslog_type { if !$syslog_type {
case $operatingsystem { case $operatingsystem {
"centos": { $syslog_type = "syslogd" } "centos": {
$syslog_type = $operatingsystemrelease ? {
/^6/ => "rsyslog",
default => "syslogd",
}
}
"fedora": { $syslog_type = "rsyslog" } "fedora": { $syslog_type = "rsyslog" }
"openbsd": { $syslog_type = "syslogd" } "openbsd": { $syslog_type = "syslogd" }
"ubuntu": { $syslog_type = "rsyslog" } "ubuntu": { $syslog_type = "rsyslog" }
@ -83,6 +91,12 @@ class syslog::client::rsyslog {
ensure => installed, ensure => installed,
} }
if $operatingsystem != "OpenBSD" {
package { "rsyslog-gnutls":
ensure => installed,
}
}
file { "/etc/rsyslog.conf": file { "/etc/rsyslog.conf":
ensure => present, ensure => present,
content => template("syslog/rsyslog.conf.erb", content => template("syslog/rsyslog.conf.erb",

2
syslog/templates/rsyslog.conf.erb
View file

@ -7,10 +7,12 @@ $ModLoad immark
$ModLoad imklog $ModLoad imklog
# Provides support for local system logging (e.g. via logger command) # Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock $ModLoad imuxsock
<% if operatingsystem == "OpenBSD" -%> <% if operatingsystem == "OpenBSD" -%>
# Local sockets for chrooted services # Local sockets for chrooted services
$AddUnixListenSocket /var/empty/dev/log $AddUnixListenSocket /var/empty/dev/log
$AddUnixListenSocket /var/named/dev/log $AddUnixListenSocket /var/named/dev/log
$AddUnixListenSocket /var/nsd/dev/log $AddUnixListenSocket /var/nsd/dev/log
$AddUnixListenSocket /var/www/dev/log $AddUnixListenSocket /var/www/dev/log
<% end -%> <% end -%>

1
syslog/templates/syslog.conf.OpenBSD.erb
View file

@ -1,4 +1,3 @@
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages kern.debug;syslog,user.info /var/log/messages
auth.info /var/log/authlog auth.info /var/log/authlog

15
syslog/templates/syslog.conf.client.erb
View file

@ -1,8 +1,21 @@
*.* <% if operatingsystem != "OpenBSD" %>-<% end %>/var/log/all.log *.* <% if operatingsystem != "OpenBSD" %>-<% end %>/var/log/all.log
mark.* <% if operatingsystem != "OpenBSD" %>-<% end %>/var/log/all.log mark.* <% if operatingsystem != "OpenBSD" %>-<% end %>/var/log/all.log
<% if has_variable?('syslog_tlsserver') and syslog_type == "rsyslog" -%>
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile <%= puppet_ssldir %>/certs/ca.pem
$DefaultNetstreamDriverCertFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
$DefaultNetstreamDriverKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer <%= syslog_tlsserver %>
*.* @@<%= syslog_tlsserver %>
mark.* @@<%= syslog_tlsserver %>
<% elsif has_variable?('syslog_server') -%>
<% if has_variable?('syslog_server') -%>
*.* @<%= syslog_server %> *.* @<%= syslog_server %>
mark.* @<%= syslog_server %> mark.* @<%= syslog_server %>
<% end -%> <% end -%>