send syslog to a central server

2022-06-19 02:56:50 -03:00 · 2022-06-19 02:56:50 -03:00 · 2eef8b1a49
commit 2eef8b1a49
parent 244de034d8
4 changed files with 90 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -100,7 +100,20 @@ ssh-copy-id root@your.host.name

 ## Configuring the playbook

-Create a vault password:
+### General configuration
+
+#### Syslog
+
+Syslog-ng is used to centralize logging into a single node.  Edit the IP
+address for your log server on `alpines.yml`:
+
+```yaml
+   vars:
+-    log_server: "EKU:MEN:IP:ADD::RESS"
+    log_server: "10.13.12.1"
+```
+
+### Create a vault password

 ```bash
 make vault.key
--- a/alpines.yml
+++ b/alpines.yml
@ -5,6 +5,7 @@
  vars:
    alpine_version: 3.16
    apk_version: 2.12.9-r3
+    log_server: "EKU:MEN:IP:ADD::RESS"
    packages:
    - alpine-base
    - linux-virt
--- a/tasks/post_install.yml
+++ b/tasks/post_install.yml
@ -25,7 +25,7 @@
  - runlevel: "boot"
    service: "bootmisc"
  - runlevel: "boot"
-    service: "syslog"
+    service: "syslog-ng"
  - runlevel: "shutdown"
    service: "mount-ro"
  - runlevel: "shutdown"
@ -62,6 +62,7 @@
  - /etc/iptables/rules-save
  - /etc/ipset.d/blocklist4
  - /etc/ipset.d/blocklist6
+  - /etc/syslog-ng/syslog-ng.conf
 - name: "Create NTP directories."
  file:
    state: "directory"
--- a/templates/etc/syslog-ng/syslog-ng.conf.j2
+++ b/templates/etc/syslog-ng/syslog-ng.conf.j2
@ -0,0 +1,73 @@
+@version:3.36
+@include "scl.conf"
+
+# syslog-ng configuration file.
+#
+# See syslog-ng(8) and syslog-ng.conf(5) for more information.
+#
+# Note: It also sources additional configuration files (*.conf)
+#	   located in /etc/syslog-ng/conf.d/.
+
+#
+# Options
+#
+options {
+	# Create destination directories if missing.
+	create_dirs(yes);
+
+	# The default action of syslog-ng is to log a MARK line to the file every
+	# 20 minutes. That's seems high for most people so turn it down to once an
+	# hour. Set it to zero if you don't want the functionality at all.
+	mark_freq(3600);
+
+	# The default action of syslog-ng is to log a STATS line to the file every
+	# 10 minutes. That's pretty ugly after a while. Change it to every 12 hours
+	# so you get a nice daily update of how many messages syslog-ng missed (0).
+	stats_freq(43200);
+
+	# Time to wait before a died connection is re-established (default is 60).
+	time_reopen(5);
+
+	# Disable DNS usage.
+	# syslog-ng blocks on DNS queries, so enabling DNS may lead to a DoS attack.
+	use_dns(no);
+	dns-cache(no);
+
+	# Default owner, group, and permissions for log files.
+	owner(root);
+	group(adm);
+	perm(0640);
+
+	# Default permissions for created directories.
+	dir_perm(0755);
+
+  keep_hostname(yes);
+};
+
+
+#
+# Templates
+#
+
+template t_file {
+	template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n");
+};
+
+
+#
+# Sources
+#
+
+source s_sys {
+	# Standard system log source.
+	system();
+
+	# Messages generated by syslog-ng.
+	internal();
+};
+
+destination d_loghost { udp("{{ log_server }}" port(514)); };
+log { source(s_sys); destination(d_loghost); };
+
+# Source additional configuration files (.conf extension only)
+@include "/etc/syslog-ng/conf.d/*.conf"