Stop believing the client timestamp on log servers

[dsa-puppet.git] / modules / syslog-ng / templates / syslog-ng.conf.erb

diff --git a/modules/syslog-ng/templates/syslog-ng.conf.erb b/modules/syslog-ng/templates/syslog-ng.conf.erb
index 8ea828d69b89da9ee743031baa20b7e3560ae067..bd9da2a380e24236b7ed31001ee850217a520cd4 100644 (file)
--- a/modules/syslog-ng/templates/syslog-ng.conf.erb
+++ b/modules/syslog-ng/templates/syslog-ng.conf.erb
@@ -1,6 +1,9 @@
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
 @version: 3.0
 <%- end -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3.3" -%>
+@version: 3.3
+<%- end -%>
 ##
 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
 ## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
@@ -24,7 +27,7 @@
 options {
         # disable the chained hostname format in logs
         # (default is enabled)
-        chain_hostnames(0);
+        chain_hostnames(1);
 
         # the time to wait before a died connection is re-established
         # (default is 60)
@@ -42,7 +45,12 @@ options {
         #sync(0);
 
         # the number of lines fitting in the output queue
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3.1" -%>
         log_fifo_size(2048);
+<%- end -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3.3" -%>
+        log_fifo_size(10000);
+<%- end -%>
 
         # enable or disable directory creation for destination files
         create_dirs(yes);
@@ -82,11 +90,10 @@ options {
        # is not a real hostname.
        bad_hostname("^gconfd$");
 
-<%- if (hostname == "heininen") || (hostname == "lotti") -%>
-       # we trust our mutual authenticated syslog clients
-       keep_hostname(yes);
-<%- end -%>
+       keep_hostname(no);
 
+       # We believe our own clock more than we believe the client clock.
+       keep_timestamp(no)
 };
 
 
@@ -102,22 +109,14 @@ source s_local {
         # function to send logs to)
         unix-stream("/dev/log");
         # messages from the kernel
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
-        file("/proc/kmsg" log_prefix("kernel: "));
-<%- else -%>
         file("/proc/kmsg" program_override("kernel: "));
-<%- end -%>
 <%- else -%>
         # standard Linux log source (this is the default place for the syslog()
         # function to send logs to)
         unix-dgram("/var/run/log");
         # messages from the kernel
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
-        file("/dev/klog" log_prefix("kernel: "));
-<%- else -%>
         file("/dev/klog" program_override("kernel: "));
 <%- end -%>
-<%- end -%>
 <%- if hostname == "paganini" -%>
         # use the following line if you want to receive remote UDP logging messages
         # (this is equivalent to the "-r" syslogd flag)
@@ -125,7 +124,7 @@ source s_local {
 <%- end -%>
 };
 
-<%- if (hostname == "heininen") || (hostname == "lotti") -%>
+<%- if (hostname == "lotti") || (hostname == "lully") -%>
 source s_network {
        tcp6(port(5140) max-connections(200)
                tls( key_file("/etc/exim4/ssl/thishost.key")
@@ -148,7 +147,7 @@ destination df_daemon { file("/var/log/daemon.log"); };
 destination df_kern { file("/var/log/kern.log"); };
 destination df_lpr { file("/var/log/lpr.log"); };
 destination df_mail { file("/var/log/mail.log" group(maillog)); };
-destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
+# destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
 destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
 destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
 destination df_user { file("/var/log/user.log" perm(0644)); };
@@ -314,12 +313,12 @@ log {
 };
 
 # mail.info                       -/var/log/mail.info
-log {
-        source(s_local);
-        filter(f_mail);
-        filter(f_at_least_info);
-        destination(df_mail_info);
-};
+#log {
+#        source(s_local);
+#        filter(f_mail);
+#        filter(f_at_least_info);
+#        destination(df_mail_info);
+#};
 
 # mail.warn                       -/var/log/mail.warn
 log {
@@ -403,10 +402,9 @@ log {
 <%- end -%>
 
 
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
-  <%- if hostname != "heininen" -%>
-destination loghost-heininen {
-       tcp("heininen.debian.org" port (5140)
+ <%- if hostname != "lotti" -%>
+destination loghost-lotti {
+       tcp("lotti.debian.org" port (5140)
                tls( key_file("/etc/ssl/debian/keys/thishost.key")
                     cert_file("/etc/ssl/debian/certs/thishost.crt")
                     ca_dir("/etc/ssl/debian/certs/")
@@ -414,9 +412,9 @@ destination loghost-heininen {
        );
 };
  <%- end -%>
- <%- if hostname != "lotti" -%>
-destination loghost-lotti {
-       tcp("lotti.debian.org" port (5140)
+  <%- if hostname != "lully" -%>
+destination loghost-lully {
+       tcp("lully.debian.org" port (5140)
                tls( key_file("/etc/ssl/debian/keys/thishost.key")
                     cert_file("/etc/ssl/debian/certs/thishost.crt")
                     ca_dir("/etc/ssl/debian/certs/")
@@ -427,18 +425,17 @@ destination loghost-lotti {
 
 log {
        source(s_local);
- <%- if hostname != "heininen" -%> 
-       destination(loghost-heininen);
- <%- end -%>
  <%- if hostname != "lotti" -%>
        destination(loghost-lotti);
  <%- end -%>
+ <%- if hostname != "lully" -%>
+       destination(loghost-lully);
+ <%- end -%>
 };
-<%- end -%>
 
 
 
-<%- if (hostname == "heininen") || (hostname == "lotti") -%>
+<%- if (hostname == "lotti") || (hostname == "lully") -%>
 ###############################################################################
 ########## ON LOG HOST ########################################################
 ###############################################################################