-<% if syslogversion == "3" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
@version: 3.0
-<%end%>
+<%- end -%>
##
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
# is not a real hostname.
bad_hostname("^gconfd$");
-<% if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
# we trust our mutual authenticated syslog clients
keep_hostname(yes);
-<%end%>
+<%- end -%>
};
# sources
# all known message sources
-source s_all {
+source s_local {
# message generated by Syslog-NG
internal();
-<% if kernel == 'Linux' %>
+<%- if kernel == 'Linux' -%>
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
-<% if syslogversion == "2" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
file("/proc/kmsg" log_prefix("kernel: "));
-<% else %>
+<%- else -%>
file("/proc/kmsg" program_override("kernel: "));
-<%end%>
-<%else%>
+<%- end -%>
+<%- else -%>
# standard Linux log source (this is the default place for the syslog()
# function to send logs to)
unix-dgram("/var/run/log");
# messages from the kernel
-<% if syslogversion == "2" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
file("/dev/klog" log_prefix("kernel: "));
-<% else %>
+<%- else -%>
file("/dev/klog" program_override("kernel: "));
-<%end%>
-<%end%>
-<% if hostname == "paganini" -%>
+<%- end -%>
+<%- end -%>
+<%- if hostname == "paganini" -%>
# use the following line if you want to receive remote UDP logging messages
# (this is equivalent to the "-r" syslogd flag)
udp();
-<%end%>
+<%- end -%>
};
-<% if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
source s_network {
- tcp6(port(5140)
+ tcp6(port(5140) max-connections(200)
tls( key_file("/etc/exim4/ssl/thishost.key")
cert_file("/etc/exim4/ssl/thishost.crt")
ca_dir("/etc/exim4/ssl/")
)
);
};
-<%end%>
+<%- end -%>
######
destination df_debug { file("/var/log/debug"); };
destination df_messages { file("/var/log/messages"); };
-<% if kernel == 'Linux' %>
+<%- if kernel == 'Linux' -%>
# pipes
# a console to view log messages under X
destination dp_xconsole { pipe("/dev/xconsole"); };
-<% end %>
+<%- end -%>
# consoles
# this will send messages to everyone logged in
destination du_all { usertty("*"); };
filter f_auth { facility(auth, authpriv); };
# all messages except from the auth and authpriv facilities
-filter f_syslog { not facility(auth, authpriv); };
+filter f_syslog { not facility(auth, authpriv, mail); };
# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
# and uucp facilities
# messages with priority emerg
filter f_emerg { level(emerg); };
-<% if kernel == 'Linux' %>
+<%- if kernel == 'Linux' -%>
# complex filter for messages usually sent to the xconsole
filter f_xconsole {
facility(daemon,mail)
and level(crit,err,notice));
};
-<% end %>
-######
-# logs
+<%- end -%>
+
# order matters if you use "flags(final);" to mark the end of processing in a
# "log" statement
-# these rules provide the same behavior as the commented original syslogd rules
+###############################################################################
+########## ON LOG CLIENTS #####################################################
+###############################################################################
+###############################################################################
+###############################################################################
+# all log clients, including the log server, log their locally created
+# messages to the standard places.
# auth,authpriv.* /var/log/auth.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_auth);
destination(df_auth);
};
# *.*;auth,authpriv.none -/var/log/syslog
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_syslog);
destination(df_syslog);
};
# this is commented out in the default syslog.conf
# cron.* /var/log/cron.log
#log {
-# source(s_all);
+# source(s_local);
# filter(f_cron);
# destination(df_cron);
#};
# daemon.* -/var/log/daemon.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_daemon);
destination(df_daemon);
};
# kern.* -/var/log/kern.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_kern);
destination(df_kern);
};
# lpr.* -/var/log/lpr.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_lpr);
destination(df_lpr);
};
# mail.* -/var/log/mail.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_mail);
destination(df_mail);
};
# user.* -/var/log/user.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_user);
destination(df_user);
};
# uucp.* /var/log/uucp.log
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_uucp);
destination(df_uucp);
};
# mail.info -/var/log/mail.info
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_mail);
filter(f_at_least_info);
destination(df_mail_info);
# mail.warn -/var/log/mail.warn
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_mail);
filter(f_at_least_warn);
destination(df_mail_warn);
# mail.err /var/log/mail.err
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_mail);
filter(f_at_least_err);
destination(df_mail_err);
# news.crit /var/log/news/news.crit
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_news);
filter(f_at_least_crit);
destination(df_news_dot_crit);
# news.err /var/log/news/news.err
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_news);
filter(f_at_least_err);
destination(df_news_dot_err);
# news.notice /var/log/news/news.notice
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_news);
filter(f_at_least_notice);
destination(df_news_dot_notice);
# auth,authpriv.none;\
# news.none;mail.none -/var/log/debug
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_debug);
destination(df_debug);
};
# cron,daemon.none;\
# mail,news.none -/var/log/messages
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_messages);
destination(df_messages);
};
# *.emerg *
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_emerg);
destination(du_all);
};
-<% if kernel == 'Linux' %>
+<%- if kernel == 'Linux' -%>
# daemon.*;mail.*;\
# news.crit;news.err;news.notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole
log {
- source(s_all);
-<% if hostname == "heininen" -%>
- source(s_network);
-<% end %>
+ source(s_local);
filter(f_xconsole);
destination(dp_xconsole);
};
-<%end%>
+<%- end -%>
-<% if hostname != "heininen" -%>
- <% if syslogversion == "3" %>
+
+<%- if (hostname != "heininen") || (hostname != "lotti") -%>
+ <%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
destination loghost-heininen {
- tcp6("heininen.debian.org" port (5140)
+ tcp("heininen.debian.org" port (5140)
+ tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ cert_file("/etc/ssl/debian/certs/thishost.crt")
+ ca_dir("/etc/ssl/debian/certs/")
+ )
+ );
+};
+destination loghost-lotti {
+ tcp("lotti.debian.org" port (5140)
tls( key_file("/etc/ssl/debian/keys/thishost.key")
cert_file("/etc/ssl/debian/certs/thishost.crt")
ca_dir("/etc/ssl/debian/certs/")
)
- )
+ );
};
+
+
log {
- source(s_all);
+ source(s_local);
destination(loghost-heininen);
+ destination(loghost-lotti);
};
- <%end%>
-<%end%>
+ <%- end -%>
+<%- end -%>
+
+
+
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
+###############################################################################
+########## ON LOG HOST ########################################################
+###############################################################################
+###############################################################################
+#
+# The log server, additionally, also logs all local and remote messages to
+# a few special places.
+destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+
+
+#----------------------------------------------------------------------
+# Special catch all destination hostdest_sorting by host
+#----------------------------------------------------------------------
+destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+
+
+#----------------------------------------------------------------------
+# Catch all log files
+#----------------------------------------------------------------------
+destination df_ALL_auth { file("/var/log/auth-all.log"); };
+destination df_ALL_mail { file("/var/log/mail-all.log"); };
+destination df_ALL_syslog { file("/var/log/syslog-all"); };
+
+log { source(s_local);
+ source(s_network);
+ filter(f_auth); destination(hostdest_auth); };
+log { source(s_local);
+ source(s_network);
+ filter(f_syslog); destination(hostdest_syslog); };
+log { source(s_local);
+ source(s_network);
+ filter(f_daemon); destination(hostdest_daemon); };
+log { source(s_local);
+ source(s_network);
+ filter(f_kern); destination(hostdest_kern); };
+log { source(s_local);
+ source(s_network);
+ filter(f_lpr); destination(hostdest_lpr); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); destination(hostdest_mail); };
+log { source(s_local);
+ source(s_network);
+ filter(f_news); destination(hostdest_mail); };
+log { source(s_local);
+ source(s_network);
+ filter(f_user); destination(hostdest_user); };
+log { source(s_local);
+ source(s_network);
+ filter(f_uucp); destination(hostdest_uucp); };
+log { source(s_local);
+ source(s_network);
+ filter(f_debug); destination(hostdest_debug); };
+log { source(s_local);
+ source(s_network);
+ filter(f_messages); destination(hostdest_messages); };
+
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
+
+
+## catch all:
+log { source(s_local);
+ source(s_network);
+ filter(f_auth); destination(df_ALL_auth); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); destination(df_ALL_mail); };
+log { source(s_local);
+ source(s_network);
+ filter(f_syslog); destination(df_ALL_syslog); };
+<%- end -%>
projects / dsa-puppet.git / blobdiff