+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-/var/log/auth.log {
- rotate 4
- missingok
- notifempty
- weekly
- compress
-}
-
-/var/log/cron.log {
- rotate 4
- weekly
- missingok
- notifempty
- compress
-}
-
-/var/log/daemon.log {
- rotate 7
- weekly
- missingok
- notifempty
- compress
-}
-
-/var/log/debug {
- rotate 4
- weekly
- missingok
- notifempty
- compress
-}
-
-/var/log/kern.log {
- rotate 4
- weekly
- missingok
- notifempty
- compress
-}
-
-/var/log/lpr.log {
- rotate 4
- weekly
- missingok
- notifempty
- compress
-}
-
-/var/log/mail.err {
- rotate 30
- daily
- dateext
- missingok
- notifempty
- compress
-}
-
-/var/log/mail.info {
- rotate 30
- daily
- dateext
- missingok
- notifempty
- compress
-}
-
-/var/log/mail.log {
- rotate 30
- daily
- dateext
- missingok
- notifempty
- compress
- # listmaster asked for this one
- delaycompress
-}
-
-/var/log/mail.warn {
- rotate 30
- daily
- dateext
- missingok
- notifempty
- compress
-}
-
-/var/log/messages {
- rotate 4
- weekly
- missingok
- notifempty
- compress
-}
-
-
-/var/log/user.log {
- rotate 4
- weekly
- missingok
- notifempty
- compress
-}
-
-/var/log/uucp.log {
- rotate 4
- missingok
- notifempty
- weekly
- compress
-}
-
-/var/log/syslog {
- rotate 7
- daily
- compress
- postrotate
- /usr/sbin/invoke-rc.d syslog-ng reload >/dev/null
- endscript
-}
notice("hoster for ${fqdn} is ${hoster}")
include munin-node
+ include syslog-ng
include sudo
include ssh
include debian-org
source => "puppet:///files/etc/default/puppet"
;
- "/etc/syslog-ng/syslog-ng.conf":
- content => template("syslog-ng.conf.erb"),
- require => Package["syslog-ng"],
- notify => Exec["syslog-ng reload"],
- ;
- "/etc/logrotate.d/syslog-ng":
- require => Package["syslog-ng"],
- source => "puppet:///files/etc/logrotate.d/syslog-ng",
- ;
"/etc/cron.d/dsa-puppet-stuff":
source => "puppet:///files/etc/cron.d/dsa-puppet-stuff",
require => Package["cron"]
}
exec {
- "syslog-ng reload":
- path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
- refreshonly => true;
"dpkg-reconfigure tzdata -pcritical -fnoninteractive":
path => "/usr/bin:/usr/sbin:/bin:/sbin",
refreshonly => true;
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+/var/log/auth.log {
+ rotate 4
+ missingok
+ notifempty
+ weekly
+ compress
+}
+
+/var/log/cron.log {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/daemon.log {
+ rotate 7
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/debug {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/kern.log {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/lpr.log {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/mail.err {
+ rotate 30
+ daily
+ dateext
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/mail.info {
+ rotate 30
+ daily
+ dateext
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/mail.log {
+ rotate 30
+ daily
+ dateext
+ missingok
+ notifempty
+ compress
+ # listmaster asked for this one
+ delaycompress
+}
+
+/var/log/mail.warn {
+ rotate 30
+ daily
+ dateext
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/messages {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+
+/var/log/user.log {
+ rotate 4
+ weekly
+ missingok
+ notifempty
+ compress
+}
+
+/var/log/uucp.log {
+ rotate 4
+ missingok
+ notifempty
+ weekly
+ compress
+}
+
+/var/log/syslog {
+ rotate 7
+ daily
+ compress
+ postrotate
+ /usr/sbin/invoke-rc.d syslog-ng reload >/dev/null
+ endscript
+}
--- /dev/null
+class syslog-ng {
+ file {
+ "/etc/syslog-ng/syslog-ng.conf":
+ content => template("syslog-ng/syslog-ng.conf.erb"),
+ require => Package["syslog-ng"],
+ notify => Exec["syslog-ng reload"],
+ ;
+ "/etc/logrotate.d/syslog-ng":
+ require => Package["syslog-ng"],
+ source => "puppet:///modules/syslog-ng/syslog-ng.logrotate",
+ ;
+ }
+ exec {
+ "syslog-ng reload":
+ path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+ refreshonly => true;
+ }
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
--- /dev/null
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
+@version: 3.0
+<%- end -%>
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+#
+# Configuration file for syslog-ng under Debian
+#
+# attempts at reproducing default syslog behavior
+
+# the standard syslog levels are (in descending order of priority):
+# emerg alert crit err warning notice info debug
+# the aliases "error", "panic", and "warn" are deprecated
+# the "none" priority found in the original syslogd configuration is
+# only used in internal messages created by syslogd
+
+
+######
+# options
+
+options {
+ # disable the chained hostname format in logs
+ # (default is enabled)
+ chain_hostnames(0);
+
+ # the time to wait before a died connection is re-established
+ # (default is 60)
+ time_reopen(10);
+
+ # the time to wait before an idle destination file is closed
+ # (default is 60)
+ time_reap(360);
+
+ # the number of lines buffered before written to file
+ # you might want to increase this if your disk isn't catching with
+ # all the log messages you get or if you want less disk activity
+ # (say on a laptop)
+ # (default is 0)
+ #sync(0);
+
+ # the number of lines fitting in the output queue
+ log_fifo_size(2048);
+
+ # enable or disable directory creation for destination files
+ create_dirs(yes);
+
+ # default owner, group, and permissions for log files
+ # (defaults are 0, 0, 0600)
+ #owner(root);
+ group(adm);
+ perm(0640);
+
+ # default owner, group, and permissions for created directories
+ # (defaults are 0, 0, 0700)
+ #dir_owner(root);
+ #dir_group(root);
+ dir_perm(0755);
+
+ # enable or disable DNS usage
+ # syslog-ng blocks on DNS queries, so enabling DNS may lead to
+ # a Denial of Service attack
+ # (default is yes)
+ use_dns(no);
+
+ # maximum length of message in bytes
+ # this is only limited by the program listening on the /dev/log Unix
+ # socket, glibc can handle arbitrary length log messages, but -- for
+ # example -- syslogd accepts only 1024 bytes
+ # (default is 2048)
+ #log_msg_size(2048);
+
+ #Disable statistic log messages.
+ stats_freq(0);
+
+ # Some program send log messages through a private implementation.
+ # and sometimes that implementation is bad. If this happen syslog-ng
+ # may recognise the program name as hostname. Whit this option
+ # we tell the syslog-ng that if a hostname match this regexp than that
+ # is not a real hostname.
+ bad_hostname("^gconfd$");
+
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
+ # we trust our mutual authenticated syslog clients
+ keep_hostname(yes);
+<%- end -%>
+
+};
+
+
+######
+# sources
+
+# all known message sources
+source s_local {
+ # message generated by Syslog-NG
+ internal();
+<%- if kernel == 'Linux' -%>
+ # standard Linux log source (this is the default place for the syslog()
+ # function to send logs to)
+ unix-stream("/dev/log");
+ # messages from the kernel
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
+ file("/proc/kmsg" log_prefix("kernel: "));
+<%- else -%>
+ file("/proc/kmsg" program_override("kernel: "));
+<%- end -%>
+<%- else -%>
+ # standard Linux log source (this is the default place for the syslog()
+ # function to send logs to)
+ unix-dgram("/var/run/log");
+ # messages from the kernel
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
+ file("/dev/klog" log_prefix("kernel: "));
+<%- else -%>
+ file("/dev/klog" program_override("kernel: "));
+<%- end -%>
+<%- end -%>
+<%- if hostname == "paganini" -%>
+ # use the following line if you want to receive remote UDP logging messages
+ # (this is equivalent to the "-r" syslogd flag)
+ udp();
+<%- end -%>
+};
+
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
+source s_network {
+ tcp6(port(5140) max-connections(200)
+ tls( key_file("/etc/exim4/ssl/thishost.key")
+ cert_file("/etc/exim4/ssl/thishost.crt")
+ ca_dir("/etc/exim4/ssl/")
+ )
+ );
+};
+<%- end -%>
+
+
+######
+# destinations
+
+# some standard log files
+destination df_auth { file("/var/log/auth.log"); };
+destination df_syslog { file("/var/log/syslog"); };
+destination df_cron { file("/var/log/cron.log"); };
+destination df_daemon { file("/var/log/daemon.log"); };
+destination df_kern { file("/var/log/kern.log"); };
+destination df_lpr { file("/var/log/lpr.log"); };
+destination df_mail { file("/var/log/mail.log" group(maillog)); };
+destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
+destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
+destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
+destination df_user { file("/var/log/user.log" perm(0644)); };
+destination df_uucp { file("/var/log/uucp.log"); };
+
+# these files are meant for the mail system log files
+# and provide re-usable destinations for {mail,cron,...}.info,
+# {mail,cron,...}.notice, etc.
+destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
+destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
+destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
+destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
+destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
+
+# these files are meant for the news system, and are kept separated
+# because they should be owned by "news" instead of "root"
+destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
+destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
+destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
+
+# some more classical and useful files found in standard syslog configurations
+destination df_debug { file("/var/log/debug"); };
+destination df_messages { file("/var/log/messages"); };
+
+<%- if kernel == 'Linux' -%>
+# pipes
+# a console to view log messages under X
+destination dp_xconsole { pipe("/dev/xconsole"); };
+
+<%- end -%>
+# consoles
+# this will send messages to everyone logged in
+destination du_all { usertty("*"); };
+
+
+######
+# filters
+
+# all messages from the auth and authpriv facilities
+filter f_auth { facility(auth, authpriv); };
+
+# all messages except from the auth and authpriv facilities
+filter f_syslog { not facility(auth, authpriv, mail); };
+
+# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
+# and uucp facilities
+filter f_cron { facility(cron); };
+filter f_daemon { facility(daemon); };
+filter f_kern { facility(kern); };
+filter f_lpr { facility(lpr); };
+filter f_mail { facility(mail); };
+filter f_news { facility(news); };
+filter f_user { facility(user); };
+filter f_uucp { facility(uucp); };
+
+# some filters to select messages of priority greater or equal to info, warn,
+# and err
+# (equivalents of syslogd's *.info, *.warn, and *.err)
+filter f_at_least_info { level(info..emerg); };
+filter f_at_least_notice { level(notice..emerg); };
+filter f_at_least_warn { level(warn..emerg); };
+filter f_at_least_err { level(err..emerg); };
+filter f_at_least_crit { level(crit..emerg); };
+
+# all messages of priority debug not coming from the auth, authpriv, news, and
+# mail facilities
+filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
+
+# all messages of info, notice, or warn priority not coming form the auth,
+# authpriv, cron, daemon, mail, and news facilities
+filter f_messages {
+ level(info,notice,warn)
+ and not facility(auth,authpriv,cron,daemon,mail,news);
+};
+
+# messages with priority emerg
+filter f_emerg { level(emerg); };
+
+<%- if kernel == 'Linux' -%>
+# complex filter for messages usually sent to the xconsole
+filter f_xconsole {
+ facility(daemon,mail)
+ or level(debug,info,notice,warn)
+ or (facility(news)
+ and level(crit,err,notice));
+};
+
+<%- end -%>
+
+# order matters if you use "flags(final);" to mark the end of processing in a
+# "log" statement
+
+###############################################################################
+########## ON LOG CLIENTS #####################################################
+###############################################################################
+###############################################################################
+###############################################################################
+# all log clients, including the log server, log their locally created
+# messages to the standard places.
+
+# auth,authpriv.* /var/log/auth.log
+log {
+ source(s_local);
+ filter(f_auth);
+ destination(df_auth);
+};
+
+# *.*;auth,authpriv.none -/var/log/syslog
+log {
+ source(s_local);
+ filter(f_syslog);
+ destination(df_syslog);
+};
+
+# this is commented out in the default syslog.conf
+# cron.* /var/log/cron.log
+#log {
+# source(s_local);
+# filter(f_cron);
+# destination(df_cron);
+#};
+
+# daemon.* -/var/log/daemon.log
+log {
+ source(s_local);
+ filter(f_daemon);
+ destination(df_daemon);
+};
+
+# kern.* -/var/log/kern.log
+log {
+ source(s_local);
+ filter(f_kern);
+ destination(df_kern);
+};
+
+# lpr.* -/var/log/lpr.log
+log {
+ source(s_local);
+ filter(f_lpr);
+ destination(df_lpr);
+};
+
+# mail.* -/var/log/mail.log
+log {
+ source(s_local);
+ filter(f_mail);
+ destination(df_mail);
+};
+
+# user.* -/var/log/user.log
+log {
+ source(s_local);
+ filter(f_user);
+ destination(df_user);
+};
+
+# uucp.* /var/log/uucp.log
+log {
+ source(s_local);
+ filter(f_uucp);
+ destination(df_uucp);
+};
+
+# mail.info -/var/log/mail.info
+log {
+ source(s_local);
+ filter(f_mail);
+ filter(f_at_least_info);
+ destination(df_mail_info);
+};
+
+# mail.warn -/var/log/mail.warn
+log {
+ source(s_local);
+ filter(f_mail);
+ filter(f_at_least_warn);
+ destination(df_mail_warn);
+};
+
+# mail.err /var/log/mail.err
+log {
+ source(s_local);
+ filter(f_mail);
+ filter(f_at_least_err);
+ destination(df_mail_err);
+};
+
+# news.crit /var/log/news/news.crit
+log {
+ source(s_local);
+ filter(f_news);
+ filter(f_at_least_crit);
+ destination(df_news_dot_crit);
+};
+
+# news.err /var/log/news/news.err
+log {
+ source(s_local);
+ filter(f_news);
+ filter(f_at_least_err);
+ destination(df_news_dot_err);
+};
+
+# news.notice /var/log/news/news.notice
+log {
+ source(s_local);
+ filter(f_news);
+ filter(f_at_least_notice);
+ destination(df_news_dot_notice);
+};
+
+
+# *.=debug;\
+# auth,authpriv.none;\
+# news.none;mail.none -/var/log/debug
+log {
+ source(s_local);
+ filter(f_debug);
+ destination(df_debug);
+};
+
+
+# *.=info;*.=notice;*.=warn;\
+# auth,authpriv.none;\
+# cron,daemon.none;\
+# mail,news.none -/var/log/messages
+log {
+ source(s_local);
+ filter(f_messages);
+ destination(df_messages);
+};
+
+# *.emerg *
+log {
+ source(s_local);
+ filter(f_emerg);
+ destination(du_all);
+};
+
+
+<%- if kernel == 'Linux' -%>
+# daemon.*;mail.*;\
+# news.crit;news.err;news.notice;\
+# *.=debug;*.=info;\
+# *.=notice;*.=warn |/dev/xconsole
+log {
+ source(s_local);
+ filter(f_xconsole);
+ destination(dp_xconsole);
+};
+<%- end -%>
+
+
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
+ <%- if hostname != "heininen" -%>
+destination loghost-heininen {
+ tcp("heininen.debian.org" port (5140)
+ tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ cert_file("/etc/ssl/debian/certs/thishost.crt")
+ ca_dir("/etc/ssl/debian/certs/")
+ )
+ );
+};
+ <%- end -%>
+ <%- if hostname != "lotti" -%>
+destination loghost-lotti {
+ tcp("lotti.debian.org" port (5140)
+ tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ cert_file("/etc/ssl/debian/certs/thishost.crt")
+ ca_dir("/etc/ssl/debian/certs/")
+ )
+ );
+};
+ <%- end -%>
+
+log {
+ source(s_local);
+ <%- if hostname != "heininen" -%>
+ destination(loghost-heininen);
+ <%- end -%>
+ <%- if hostname != "lotti" -%>
+ destination(loghost-lotti);
+ <%- end -%>
+};
+<%- end -%>
+
+
+
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
+###############################################################################
+########## ON LOG HOST ########################################################
+###############################################################################
+###############################################################################
+#
+# The log server, additionally, also logs all local and remote messages to
+# a few special places.
+destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+
+
+#----------------------------------------------------------------------
+# Special catch all destination hostdest_sorting by host
+#----------------------------------------------------------------------
+destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
+ owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
+
+
+#----------------------------------------------------------------------
+# Catch all log files
+#----------------------------------------------------------------------
+destination df_ALL_auth { file("/var/log/auth-all.log"); };
+destination df_ALL_mail { file("/var/log/mail-all.log"); };
+destination df_ALL_syslog { file("/var/log/syslog-all"); };
+
+log { source(s_local);
+ source(s_network);
+ filter(f_auth); destination(hostdest_auth); };
+log { source(s_local);
+ source(s_network);
+ filter(f_syslog); destination(hostdest_syslog); };
+log { source(s_local);
+ source(s_network);
+ filter(f_daemon); destination(hostdest_daemon); };
+log { source(s_local);
+ source(s_network);
+ filter(f_kern); destination(hostdest_kern); };
+log { source(s_local);
+ source(s_network);
+ filter(f_lpr); destination(hostdest_lpr); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); destination(hostdest_mail); };
+log { source(s_local);
+ source(s_network);
+ filter(f_news); destination(hostdest_mail); };
+log { source(s_local);
+ source(s_network);
+ filter(f_user); destination(hostdest_user); };
+log { source(s_local);
+ source(s_network);
+ filter(f_uucp); destination(hostdest_uucp); };
+log { source(s_local);
+ source(s_network);
+ filter(f_debug); destination(hostdest_debug); };
+log { source(s_local);
+ source(s_network);
+ filter(f_messages); destination(hostdest_messages); };
+
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
+
+
+## catch all:
+log { source(s_local);
+ source(s_network);
+ filter(f_auth); destination(df_ALL_auth); };
+log { source(s_local);
+ source(s_network);
+ filter(f_mail); destination(df_ALL_mail); };
+log { source(s_local);
+ source(s_network);
+ filter(f_syslog); destination(df_ALL_syslog); };
+<%- end -%>
+++ /dev/null
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
-@version: 3.0
-<%- end -%>
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-#
-# Configuration file for syslog-ng under Debian
-#
-# attempts at reproducing default syslog behavior
-
-# the standard syslog levels are (in descending order of priority):
-# emerg alert crit err warning notice info debug
-# the aliases "error", "panic", and "warn" are deprecated
-# the "none" priority found in the original syslogd configuration is
-# only used in internal messages created by syslogd
-
-
-######
-# options
-
-options {
- # disable the chained hostname format in logs
- # (default is enabled)
- chain_hostnames(0);
-
- # the time to wait before a died connection is re-established
- # (default is 60)
- time_reopen(10);
-
- # the time to wait before an idle destination file is closed
- # (default is 60)
- time_reap(360);
-
- # the number of lines buffered before written to file
- # you might want to increase this if your disk isn't catching with
- # all the log messages you get or if you want less disk activity
- # (say on a laptop)
- # (default is 0)
- #sync(0);
-
- # the number of lines fitting in the output queue
- log_fifo_size(2048);
-
- # enable or disable directory creation for destination files
- create_dirs(yes);
-
- # default owner, group, and permissions for log files
- # (defaults are 0, 0, 0600)
- #owner(root);
- group(adm);
- perm(0640);
-
- # default owner, group, and permissions for created directories
- # (defaults are 0, 0, 0700)
- #dir_owner(root);
- #dir_group(root);
- dir_perm(0755);
-
- # enable or disable DNS usage
- # syslog-ng blocks on DNS queries, so enabling DNS may lead to
- # a Denial of Service attack
- # (default is yes)
- use_dns(no);
-
- # maximum length of message in bytes
- # this is only limited by the program listening on the /dev/log Unix
- # socket, glibc can handle arbitrary length log messages, but -- for
- # example -- syslogd accepts only 1024 bytes
- # (default is 2048)
- #log_msg_size(2048);
-
- #Disable statistic log messages.
- stats_freq(0);
-
- # Some program send log messages through a private implementation.
- # and sometimes that implementation is bad. If this happen syslog-ng
- # may recognise the program name as hostname. Whit this option
- # we tell the syslog-ng that if a hostname match this regexp than that
- # is not a real hostname.
- bad_hostname("^gconfd$");
-
-<%- if (hostname == "heininen") || (hostname == "lotti") -%>
- # we trust our mutual authenticated syslog clients
- keep_hostname(yes);
-<%- end -%>
-
-};
-
-
-######
-# sources
-
-# all known message sources
-source s_local {
- # message generated by Syslog-NG
- internal();
-<%- if kernel == 'Linux' -%>
- # standard Linux log source (this is the default place for the syslog()
- # function to send logs to)
- unix-stream("/dev/log");
- # messages from the kernel
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
- file("/proc/kmsg" log_prefix("kernel: "));
-<%- else -%>
- file("/proc/kmsg" program_override("kernel: "));
-<%- end -%>
-<%- else -%>
- # standard Linux log source (this is the default place for the syslog()
- # function to send logs to)
- unix-dgram("/var/run/log");
- # messages from the kernel
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
- file("/dev/klog" log_prefix("kernel: "));
-<%- else -%>
- file("/dev/klog" program_override("kernel: "));
-<%- end -%>
-<%- end -%>
-<%- if hostname == "paganini" -%>
- # use the following line if you want to receive remote UDP logging messages
- # (this is equivalent to the "-r" syslogd flag)
- udp();
-<%- end -%>
-};
-
-<%- if (hostname == "heininen") || (hostname == "lotti") -%>
-source s_network {
- tcp6(port(5140) max-connections(200)
- tls( key_file("/etc/exim4/ssl/thishost.key")
- cert_file("/etc/exim4/ssl/thishost.crt")
- ca_dir("/etc/exim4/ssl/")
- )
- );
-};
-<%- end -%>
-
-
-######
-# destinations
-
-# some standard log files
-destination df_auth { file("/var/log/auth.log"); };
-destination df_syslog { file("/var/log/syslog"); };
-destination df_cron { file("/var/log/cron.log"); };
-destination df_daemon { file("/var/log/daemon.log"); };
-destination df_kern { file("/var/log/kern.log"); };
-destination df_lpr { file("/var/log/lpr.log"); };
-destination df_mail { file("/var/log/mail.log" group(maillog)); };
-destination df_mail_info { file("/var/log/mail.info" group(maillog)); };
-destination df_mail_warn { file("/var/log/mail.warn" group(maillog)); };
-destination df_mail_err { file("/var/log/mail.err" group(maillog)); };
-destination df_user { file("/var/log/user.log" perm(0644)); };
-destination df_uucp { file("/var/log/uucp.log"); };
-
-# these files are meant for the mail system log files
-# and provide re-usable destinations for {mail,cron,...}.info,
-# {mail,cron,...}.notice, etc.
-destination df_facility_dot_info { file("/var/log/$FACILITY.info"); };
-destination df_facility_dot_notice { file("/var/log/$FACILITY.notice"); };
-destination df_facility_dot_warn { file("/var/log/$FACILITY.warn"); };
-destination df_facility_dot_err { file("/var/log/$FACILITY.err"); };
-destination df_facility_dot_crit { file("/var/log/$FACILITY.crit"); };
-
-# these files are meant for the news system, and are kept separated
-# because they should be owned by "news" instead of "root"
-destination df_news_dot_notice { file("/var/log/news/news.notice" owner("news")); };
-destination df_news_dot_err { file("/var/log/news/news.err" owner("news")); };
-destination df_news_dot_crit { file("/var/log/news/news.crit" owner("news")); };
-
-# some more classical and useful files found in standard syslog configurations
-destination df_debug { file("/var/log/debug"); };
-destination df_messages { file("/var/log/messages"); };
-
-<%- if kernel == 'Linux' -%>
-# pipes
-# a console to view log messages under X
-destination dp_xconsole { pipe("/dev/xconsole"); };
-
-<%- end -%>
-# consoles
-# this will send messages to everyone logged in
-destination du_all { usertty("*"); };
-
-
-######
-# filters
-
-# all messages from the auth and authpriv facilities
-filter f_auth { facility(auth, authpriv); };
-
-# all messages except from the auth and authpriv facilities
-filter f_syslog { not facility(auth, authpriv, mail); };
-
-# respectively: messages from the cron, daemon, kern, lpr, mail, news, user,
-# and uucp facilities
-filter f_cron { facility(cron); };
-filter f_daemon { facility(daemon); };
-filter f_kern { facility(kern); };
-filter f_lpr { facility(lpr); };
-filter f_mail { facility(mail); };
-filter f_news { facility(news); };
-filter f_user { facility(user); };
-filter f_uucp { facility(uucp); };
-
-# some filters to select messages of priority greater or equal to info, warn,
-# and err
-# (equivalents of syslogd's *.info, *.warn, and *.err)
-filter f_at_least_info { level(info..emerg); };
-filter f_at_least_notice { level(notice..emerg); };
-filter f_at_least_warn { level(warn..emerg); };
-filter f_at_least_err { level(err..emerg); };
-filter f_at_least_crit { level(crit..emerg); };
-
-# all messages of priority debug not coming from the auth, authpriv, news, and
-# mail facilities
-filter f_debug { level(debug) and not facility(auth, authpriv, news, mail); };
-
-# all messages of info, notice, or warn priority not coming form the auth,
-# authpriv, cron, daemon, mail, and news facilities
-filter f_messages {
- level(info,notice,warn)
- and not facility(auth,authpriv,cron,daemon,mail,news);
-};
-
-# messages with priority emerg
-filter f_emerg { level(emerg); };
-
-<%- if kernel == 'Linux' -%>
-# complex filter for messages usually sent to the xconsole
-filter f_xconsole {
- facility(daemon,mail)
- or level(debug,info,notice,warn)
- or (facility(news)
- and level(crit,err,notice));
-};
-
-<%- end -%>
-
-# order matters if you use "flags(final);" to mark the end of processing in a
-# "log" statement
-
-###############################################################################
-########## ON LOG CLIENTS #####################################################
-###############################################################################
-###############################################################################
-###############################################################################
-# all log clients, including the log server, log their locally created
-# messages to the standard places.
-
-# auth,authpriv.* /var/log/auth.log
-log {
- source(s_local);
- filter(f_auth);
- destination(df_auth);
-};
-
-# *.*;auth,authpriv.none -/var/log/syslog
-log {
- source(s_local);
- filter(f_syslog);
- destination(df_syslog);
-};
-
-# this is commented out in the default syslog.conf
-# cron.* /var/log/cron.log
-#log {
-# source(s_local);
-# filter(f_cron);
-# destination(df_cron);
-#};
-
-# daemon.* -/var/log/daemon.log
-log {
- source(s_local);
- filter(f_daemon);
- destination(df_daemon);
-};
-
-# kern.* -/var/log/kern.log
-log {
- source(s_local);
- filter(f_kern);
- destination(df_kern);
-};
-
-# lpr.* -/var/log/lpr.log
-log {
- source(s_local);
- filter(f_lpr);
- destination(df_lpr);
-};
-
-# mail.* -/var/log/mail.log
-log {
- source(s_local);
- filter(f_mail);
- destination(df_mail);
-};
-
-# user.* -/var/log/user.log
-log {
- source(s_local);
- filter(f_user);
- destination(df_user);
-};
-
-# uucp.* /var/log/uucp.log
-log {
- source(s_local);
- filter(f_uucp);
- destination(df_uucp);
-};
-
-# mail.info -/var/log/mail.info
-log {
- source(s_local);
- filter(f_mail);
- filter(f_at_least_info);
- destination(df_mail_info);
-};
-
-# mail.warn -/var/log/mail.warn
-log {
- source(s_local);
- filter(f_mail);
- filter(f_at_least_warn);
- destination(df_mail_warn);
-};
-
-# mail.err /var/log/mail.err
-log {
- source(s_local);
- filter(f_mail);
- filter(f_at_least_err);
- destination(df_mail_err);
-};
-
-# news.crit /var/log/news/news.crit
-log {
- source(s_local);
- filter(f_news);
- filter(f_at_least_crit);
- destination(df_news_dot_crit);
-};
-
-# news.err /var/log/news/news.err
-log {
- source(s_local);
- filter(f_news);
- filter(f_at_least_err);
- destination(df_news_dot_err);
-};
-
-# news.notice /var/log/news/news.notice
-log {
- source(s_local);
- filter(f_news);
- filter(f_at_least_notice);
- destination(df_news_dot_notice);
-};
-
-
-# *.=debug;\
-# auth,authpriv.none;\
-# news.none;mail.none -/var/log/debug
-log {
- source(s_local);
- filter(f_debug);
- destination(df_debug);
-};
-
-
-# *.=info;*.=notice;*.=warn;\
-# auth,authpriv.none;\
-# cron,daemon.none;\
-# mail,news.none -/var/log/messages
-log {
- source(s_local);
- filter(f_messages);
- destination(df_messages);
-};
-
-# *.emerg *
-log {
- source(s_local);
- filter(f_emerg);
- destination(du_all);
-};
-
-
-<%- if kernel == 'Linux' -%>
-# daemon.*;mail.*;\
-# news.crit;news.err;news.notice;\
-# *.=debug;*.=info;\
-# *.=notice;*.=warn |/dev/xconsole
-log {
- source(s_local);
- filter(f_xconsole);
- destination(dp_xconsole);
-};
-<%- end -%>
-
-
-<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
- <%- if hostname != "heininen" -%>
-destination loghost-heininen {
- tcp("heininen.debian.org" port (5140)
- tls( key_file("/etc/ssl/debian/keys/thishost.key")
- cert_file("/etc/ssl/debian/certs/thishost.crt")
- ca_dir("/etc/ssl/debian/certs/")
- )
- );
-};
- <%- end -%>
- <%- if hostname != "lotti" -%>
-destination loghost-lotti {
- tcp("lotti.debian.org" port (5140)
- tls( key_file("/etc/ssl/debian/keys/thishost.key")
- cert_file("/etc/ssl/debian/certs/thishost.crt")
- ca_dir("/etc/ssl/debian/certs/")
- )
- );
-};
- <%- end -%>
-
-log {
- source(s_local);
- <%- if hostname != "heininen" -%>
- destination(loghost-heininen);
- <%- end -%>
- <%- if hostname != "lotti" -%>
- destination(loghost-lotti);
- <%- end -%>
-};
-<%- end -%>
-
-
-
-<%- if (hostname == "heininen") || (hostname == "lotti") -%>
-###############################################################################
-########## ON LOG HOST ########################################################
-###############################################################################
-###############################################################################
-#
-# The log server, additionally, also logs all local and remote messages to
-# a few special places.
-destination hostdest_auth { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/auth.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_syslog { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/syslog"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_cron { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/cron.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_daemon { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/daemon.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_kern { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/kern.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_lpr { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/lpr.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_mail { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/mail.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_news { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/news.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_user { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/user.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_uucp { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/uucp.log"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_debug { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/debug"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_messages { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/messages"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-
-
-#----------------------------------------------------------------------
-# Special catch all destination hostdest_sorting by host
-#----------------------------------------------------------------------
-destination hostdest_facility_dot_info { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.info"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_facility_dot_notice { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.notice"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_facility_dot_warn { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.warn"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_facility_dot_err { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.err"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-destination hostdest_facility_dot_crit { file("/var/log/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.crit"
- owner(root) group(adm) perm(0640) dir_perm(0755) create_dirs(yes) dir_owner(root) dir_group(adm)); };
-
-
-#----------------------------------------------------------------------
-# Catch all log files
-#----------------------------------------------------------------------
-destination df_ALL_auth { file("/var/log/auth-all.log"); };
-destination df_ALL_mail { file("/var/log/mail-all.log"); };
-destination df_ALL_syslog { file("/var/log/syslog-all"); };
-
-log { source(s_local);
- source(s_network);
- filter(f_auth); destination(hostdest_auth); };
-log { source(s_local);
- source(s_network);
- filter(f_syslog); destination(hostdest_syslog); };
-log { source(s_local);
- source(s_network);
- filter(f_daemon); destination(hostdest_daemon); };
-log { source(s_local);
- source(s_network);
- filter(f_kern); destination(hostdest_kern); };
-log { source(s_local);
- source(s_network);
- filter(f_lpr); destination(hostdest_lpr); };
-log { source(s_local);
- source(s_network);
- filter(f_mail); destination(hostdest_mail); };
-log { source(s_local);
- source(s_network);
- filter(f_news); destination(hostdest_mail); };
-log { source(s_local);
- source(s_network);
- filter(f_user); destination(hostdest_user); };
-log { source(s_local);
- source(s_network);
- filter(f_uucp); destination(hostdest_uucp); };
-log { source(s_local);
- source(s_network);
- filter(f_debug); destination(hostdest_debug); };
-log { source(s_local);
- source(s_network);
- filter(f_messages); destination(hostdest_messages); };
-
-log { source(s_local);
- source(s_network);
- filter(f_mail); filter(f_at_least_info); destination(hostdest_facility_dot_info); };
-log { source(s_local);
- source(s_network);
- filter(f_mail); filter(f_at_least_warn); destination(hostdest_facility_dot_warn); };
-log { source(s_local);
- source(s_network);
- filter(f_mail); filter(f_at_least_err); destination(hostdest_facility_dot_err); };
-
-
-## catch all:
-log { source(s_local);
- source(s_network);
- filter(f_auth); destination(df_ALL_auth); };
-log { source(s_local);
- source(s_network);
- filter(f_mail); destination(df_ALL_mail); };
-log { source(s_local);
- source(s_network);
- filter(f_syslog); destination(df_ALL_syslog); };
-<%- end -%>
projects / dsa-puppet.git / commitdiff