[logall] Added role to handle firewall logs
parent
50f105bcfe
commit
15cd5ce7ec
13
network.yml
13
network.yml
|
|
@ -34,7 +34,13 @@
|
|||
roles:
|
||||
- unifi-controller
|
||||
|
||||
# Deploy BGP server on IPv4 routers
|
||||
# Configure routers
|
||||
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
|
||||
roles:
|
||||
- logall
|
||||
- quagga
|
||||
|
||||
# Deploy BGP server configuration on IPv4 routers
|
||||
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
|
||||
vars:
|
||||
zebra:
|
||||
|
|
@ -46,10 +52,9 @@
|
|||
neighbor: 158.255.113.72
|
||||
remote_as: 8218
|
||||
roles:
|
||||
- quagga
|
||||
- quagga-ipv4
|
||||
|
||||
# Deploy BGP server on IPv6 routers
|
||||
# Deploy BGP server configuration on IPv6 routers
|
||||
- hosts: ipv6-zayo.adm.crans.org
|
||||
vars:
|
||||
zebra:
|
||||
|
|
@ -61,5 +66,5 @@
|
|||
neighbor: 2001:1b48:2:103::bb:1
|
||||
remote_as: 8218
|
||||
roles:
|
||||
- quagga
|
||||
- quagga-ipv6
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
- name: Deploy firewall rsyslog
|
||||
template:
|
||||
src: rsyslog.d/10-firewall.conf.j2
|
||||
dest: /etc/rsyslog.d/10-firewall.conf
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Deploy firewall logrotate
|
||||
template:
|
||||
src: logrotate.d/firewall.j2
|
||||
dest: /etc/logrotate.d/firewall
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
/var/log/firewall/trace.log
|
||||
/var/log/firewall/filtre.log
|
||||
/var/log/firewall/iptables.err
|
||||
/var/log/firewall/iptables.log {
|
||||
rotate 1
|
||||
weekly
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
postrotate
|
||||
/usr/sbin/invoke-rc.d rsyslog rotate >/dev/null;
|
||||
endscript
|
||||
}
|
||||
/var/log/firewall/logall.log {
|
||||
daily
|
||||
compress
|
||||
compresscmd /bin/bzip2
|
||||
uncompresscmd /bin/bunzip2
|
||||
compressext .bz2
|
||||
rotate 10
|
||||
notifempty
|
||||
sharedscripts
|
||||
postrotate
|
||||
/usr/sbin/invoke-rc.d rsyslog rotate >/dev/null;
|
||||
QUIET=y /usr/scripts/firewall/firewall-logrotate-script.sh;
|
||||
endscript
|
||||
}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
# {{ ansible_managed }}
|
||||
#$ModLoad imklog #Déjà présent dans rsyslog.conf
|
||||
|
||||
# Messages du firewall (ie de sa génération)
|
||||
if $programname == 'firewall' and $syslogseverity <= '3' then /var/log/firewall/iptables.err
|
||||
|
||||
if $programname == 'firewall' then /var/log/firewall/iptables.log
|
||||
|
||||
|
||||
# kernel (facility = 0):
|
||||
# Discard broadcast (sinon trop de spam)
|
||||
# Note: on discard tout au final, sinon, on risquerait d'envoyer du contenu
|
||||
# (LOG_ALL est dans PREROUTING donc je sais pas si ça compte, mais je veux
|
||||
# pas essayer)
|
||||
if $syslogfacility == '0' and $msg contains 'ff:ff:ff:ff:ff:ff' then ~
|
||||
|
||||
# LOG_ALL pour … je sais plus à quoi ça sert …
|
||||
if $syslogfacility == '0' and $msg contains 'LOG_ALL' and ($msg contains 'SRC=10.' or $msg contains 'SRC=185.230.76.' or $msg contains 'SRC=185.230.77.' or $msg contains 'SRC=185.230.78.' or $msg contains 'SRC=185.230.79.' or $msg contains 'SRC=136.231.' or $msg contains 'SRC=2a0c:0700:') then /var/log/firewall/logall.log
|
||||
& ~
|
||||
|
||||
# LOG_MAC_IP pour l'association mac_ip en ipv6
|
||||
if $syslogfacility == '0' and $msg contains 'LOG_MAC_IP' then ~
|
||||
|
||||
# TRACE
|
||||
if $syslogfacility == '0' and $msg contains 'TRACE:' then /var/log/firewall/trace.log
|
||||
& ~
|
||||
|
||||
# filtre.log était parsé par un script pour gérer les déconnexions
|
||||
#if $syslogfacility == '0' and $msg contains 'DST=' then /var/log/firewall/filtre.log
|
||||
#& ~
|
||||
|
||||
if $syslogfacility == '0' and $msg contains 'LOG_ALL' then ~
|
||||
Loading…
Reference in New Issue