send syslog to a central server

This commit is contained in:
f 2022-06-19 02:56:50 -03:00
parent 244de034d8
commit 2eef8b1a49
4 changed files with 90 additions and 2 deletions

View file

@ -100,7 +100,20 @@ ssh-copy-id root@your.host.name
## Configuring the playbook
Create a vault password:
### General configuration
#### Syslog
Syslog-ng is used to centralize logging into a single node. Edit the IP
address for your log server on `alpines.yml`:
```yaml
vars:
- log_server: "EKU:MEN:IP:ADD::RESS"
+ log_server: "10.13.12.1"
```
### Create a vault password
```bash
make vault.key

View file

@ -5,6 +5,7 @@
vars:
alpine_version: 3.16
apk_version: 2.12.9-r3
log_server: "EKU:MEN:IP:ADD::RESS"
packages:
- alpine-base
- linux-virt

View file

@ -25,7 +25,7 @@
- runlevel: "boot"
service: "bootmisc"
- runlevel: "boot"
service: "syslog"
service: "syslog-ng"
- runlevel: "shutdown"
service: "mount-ro"
- runlevel: "shutdown"
@ -62,6 +62,7 @@
- /etc/iptables/rules-save
- /etc/ipset.d/blocklist4
- /etc/ipset.d/blocklist6
- /etc/syslog-ng/syslog-ng.conf
- name: "Create NTP directories."
file:
state: "directory"

View file

@ -0,0 +1,73 @@
@version:3.36
@include "scl.conf"
# syslog-ng configuration file.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: It also sources additional configuration files (*.conf)
# located in /etc/syslog-ng/conf.d/.
#
# Options
#
options {
# Create destination directories if missing.
create_dirs(yes);
# The default action of syslog-ng is to log a MARK line to the file every
# 20 minutes. That's seems high for most people so turn it down to once an
# hour. Set it to zero if you don't want the functionality at all.
mark_freq(3600);
# The default action of syslog-ng is to log a STATS line to the file every
# 10 minutes. That's pretty ugly after a while. Change it to every 12 hours
# so you get a nice daily update of how many messages syslog-ng missed (0).
stats_freq(43200);
# Time to wait before a died connection is re-established (default is 60).
time_reopen(5);
# Disable DNS usage.
# syslog-ng blocks on DNS queries, so enabling DNS may lead to a DoS attack.
use_dns(no);
dns-cache(no);
# Default owner, group, and permissions for log files.
owner(root);
group(adm);
perm(0640);
# Default permissions for created directories.
dir_perm(0755);
keep_hostname(yes);
};
#
# Templates
#
template t_file {
template("${YEAR}-${MONTH}-${DAY} ${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n");
};
#
# Sources
#
source s_sys {
# Standard system log source.
system();
# Messages generated by syslog-ng.
internal();
};
destination d_loghost { udp("{{ log_server }}" port(514)); };
log { source(s_sys); destination(d_loghost); };
# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"