[rsyslog_server] pep-cransified + gulp
parent
44f7e0285c
commit
2095ae8f19
GPG Key ID:
3A75C55819C8CF85
|
|
@ -28,3 +28,25 @@ loc_borg:
|
|||
|
||||
glob_prometheus_node_exporter:
|
||||
listen_addr: "{{ query('ldap', 'ip', ansible_hostname, 'cachan-adm') | ipv4 | first }}"
|
||||
|
||||
loc_rsyslog_server:
|
||||
name: gulp
|
||||
root: /var/log
|
||||
rules:
|
||||
- name: cablage
|
||||
rotate: 365
|
||||
ips:
|
||||
- 172.16.33
|
||||
- 172.16.34
|
||||
programs:
|
||||
- firewall
|
||||
- radiusd
|
||||
- dhcpd
|
||||
modules:
|
||||
- name: imudp
|
||||
index: 53
|
||||
- name: imrelp
|
||||
index: 52
|
||||
vars:
|
||||
- name: InputRELPServerRun
|
||||
value: 20514
|
||||
|
|
|
|||
|
|
@ -34,3 +34,25 @@ loc_borg:
|
|||
- /etc
|
||||
- /var
|
||||
- /pool/home
|
||||
|
||||
loc_rsyslog_server:
|
||||
name: tealc
|
||||
root: /pool/logs
|
||||
rules:
|
||||
- name: cablage
|
||||
rotate: 365
|
||||
ips:
|
||||
- 172.16.33
|
||||
- 172.16.34
|
||||
programs:
|
||||
- firewall
|
||||
- radiusd
|
||||
- dhcpd
|
||||
modules:
|
||||
- name: imudp
|
||||
index: 53
|
||||
- name: imrelp
|
||||
index: 52
|
||||
vars:
|
||||
- name: InputRELPServerRun
|
||||
value: 20514
|
||||
|
|
|
|||
4
hosts
4
hosts
|
|
@ -175,6 +175,10 @@ roundcube.adm.crans.org
|
|||
routeur-sam.adm.crans.org
|
||||
routeur-gulp.cachan-adm.crans.org
|
||||
|
||||
[rsyslog_server]
|
||||
gulp.cachan-adm.crans.org
|
||||
tealc.adm.crans.org
|
||||
|
||||
[slapd]
|
||||
tealc.adm.crans.org
|
||||
sam.adm.crans.org
|
||||
|
|
|
|||
|
|
@ -1,15 +0,0 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# tealc is the log server.
|
||||
# Servers need to send their logs to tealc.
|
||||
|
||||
# Send logs to tealc
|
||||
- hosts: server,!tealc.adm.crans.org
|
||||
vars:
|
||||
rsyslog:
|
||||
server: 172.16.10.1
|
||||
roles: ["rsyslog-client"]
|
||||
|
||||
- hosts: tealc.adm.crans.org
|
||||
roles:
|
||||
- rsyslog-server
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
#!/usr/bin/env ansible-playbook
|
||||
---
|
||||
# tealc is the log server.
|
||||
# Servers need to send their logs to tealc.
|
||||
|
||||
- hosts: rsyslog_server
|
||||
vars:
|
||||
rsyslog_server: "{{ glob_rsyslog_server | default({}) | combine(loc_rsyslog_server | default({})) }}"
|
||||
roles:
|
||||
- rsyslog-server
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: restart rsyslog
|
||||
service:
|
||||
name: rsyslog
|
||||
state: restarted
|
||||
|
|
@ -9,34 +9,29 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Deploy logrotate cablage config
|
||||
- name: Deploy logrotate config
|
||||
template:
|
||||
src: logrotate.d/crans.j2
|
||||
dest: /etc/logrotate.d/crans
|
||||
src: logrotate.d/logrotate.j2
|
||||
dest: "/etc/logrotate.d/{{ rsyslog_server.name }}"
|
||||
mode: 0644
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Deploy rsyslog cablage config
|
||||
- name: Deploy rsyslog config
|
||||
template:
|
||||
src: rsyslog.d/30-cablage.conf.j2
|
||||
dest: /etc/rsyslog.d/30-cablage.conf
|
||||
src: rsyslog.d/30-rules.conf.j2
|
||||
dest: /etc/rsyslog.d/30-rules.conf
|
||||
mode: 0640
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart rsyslog
|
||||
|
||||
- name: Deploy rsyslog listen relp config
|
||||
- name: Deploy rsyslog modules config
|
||||
template:
|
||||
src: rsyslog.d/52-listen_relp.conf.j2
|
||||
dest: /etc/rsyslog.d/52-listen_relp.conf
|
||||
mode: 0640
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Deploy rsyslog listen switches config
|
||||
template:
|
||||
src: rsyslog.d/53-listen_switches.conf.j2
|
||||
dest: /etc/rsyslog.d/53-listen_switches.conf
|
||||
src: rsyslog.d/50-module.conf.j2
|
||||
dest: /etc/rsyslog.d/{{ item.index }}-module_{{ item.name }}.conf
|
||||
mode: 0640
|
||||
owner: root
|
||||
group: root
|
||||
loop: "{{ rsyslog_server.modules }}"
|
||||
notify: restart rsyslog
|
||||
|
|
|
|||
|
|
@ -1,53 +0,0 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
# Logs Crans
|
||||
|
||||
# Logs pour le cablage
|
||||
/pool/logs/tealc/cablage/global.log {
|
||||
daily
|
||||
rotate 365
|
||||
compress
|
||||
notifempty
|
||||
missingok
|
||||
create 640 root adm
|
||||
postrotate
|
||||
invoke-rc.d rsyslog rotate > /dev/null
|
||||
endscript
|
||||
}
|
||||
|
||||
|
||||
# Logs centralisés
|
||||
|
||||
# FreeRADIUS
|
||||
/pool/logs/tealc/freeradius/*.log {
|
||||
weekly
|
||||
rotate 365
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
missingok
|
||||
postrotate
|
||||
invoke-rc.d rsyslog rotate > /dev/null
|
||||
endscript
|
||||
}
|
||||
|
||||
# Logs des bornes et des switches
|
||||
/pool/logs/tealc/wifi/global.log {
|
||||
daily
|
||||
rotate 365
|
||||
compress
|
||||
notifempty
|
||||
postrotate
|
||||
invoke-rc.d rsyslog rotate > /dev/null
|
||||
endscript
|
||||
}
|
||||
|
||||
/pool/logs/tealc/filaire/global.log {
|
||||
daily
|
||||
rotate 365
|
||||
compress
|
||||
notifempty
|
||||
postrotate
|
||||
invoke-rc.d rsyslog rotate > /dev/null
|
||||
endscript
|
||||
}
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
# Logs pour le cablage
|
||||
{% for rule in rsyslog_server.rules %}
|
||||
{{ rsyslog_server.root }}/{{ rsyslog_server.name }}/{{ rule.name }}/global.log {
|
||||
daily
|
||||
rotate {{ rule.rotate }}
|
||||
compress
|
||||
notifempty
|
||||
missingok
|
||||
create 640 root adm
|
||||
postrotate
|
||||
invoke-rc.d rsyslog rotate > /dev/null
|
||||
endscript
|
||||
}
|
||||
{% endfor %}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
$template CablageFileFormat,"%TIMESTAMP:::date-rfc3339% %fromhost% %syslogtag%%msg%\n"
|
||||
|
||||
# Logs des switches
|
||||
|
||||
if $fromhost-ip startswith '172.16.33.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
|
||||
|
||||
# Logs des bornes
|
||||
|
||||
## Dropbear est atteint de logorhée, une partie de ses logs ne sont pas vitaux
|
||||
if $programname contains "dropbear" and $msg contains "Exit before auth: Exited normally" then ~
|
||||
if $programname contains "dropbear" and re_match($msg, "Child connection from (127.0.0.1|::1|10.231.148.102)") then ~
|
||||
if $programname contains "dropbear" and re_match($msg, "Pubkey auth succeeded .* from 10.231.148.102") then ~
|
||||
if $programname contains "dropbear" and re_match($msg, "Exit \\(.*\\): Disconnect received") then ~
|
||||
|
||||
if $fromhost-ip startswith '172.16.34.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
|
||||
|
||||
# Logs RADIUS
|
||||
if $programname contains 'freeradius' then /pool/logs/tealc/cablage/global.log
|
||||
if $programname contains 'radiusd' then /pool/logs/tealc/cablage/global.log
|
||||
|
||||
# Logs DHCP
|
||||
if $programname contains 'dhcpd' then /pool/logs/tealc/cablage/global.log
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
{{ ansible_header | comment }}
|
||||
$template CablageFileFormat,"%TIMESTAMP:::date-rfc3339% %fromhost% %syslogtag%%msg%\n"
|
||||
|
||||
{% for rule in rsyslog_server.rules %}
|
||||
{% set dest = rsyslog_server.root+'/'+rsyslog_server.name+'/'+rule.name+'/global.log' %}
|
||||
{% for ip in rule.ips %}
|
||||
if $fromhost-ip startswith '{{ ip }}' then {{ dest }}; CablageFileFormat
|
||||
{% endfor %}
|
||||
{% for program in rule.programs %}
|
||||
if $programname contains '{{ program }}' then {{ dest }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
$ModLoad {{ item.name }}
|
||||
{% if item.vars is defined %}
|
||||
{% for var in item.vars %}
|
||||
${{ var.name }} {{ var.value }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
$ModLoad imrelp
|
||||
$InputRELPServerRun 20514
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
# Réception en udp: pour les switchs seulement
|
||||
# et les bornes wifi
|
||||
$ModLoad imudp
|
||||
$UDPServerRun 514
|
||||
|
||||
$AllowedSender UDP, 127.0.0.1, *.adm.crans.org, 172.16.10.0/24, *.infra.crans.org, 172.16.33.0/24, 172.16.34.0/24
|
||||
Loading…
Reference in New Issue