diff --git a/README.md b/README.md index 7b3a380d..5c991ef1 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,9 @@ or send some bitcoins to ```1Na3YFUmdxKxJLiuRXQYJU2kiNqA3KY2j9``` log_remote => true, spool_size => '1g', spool_timeoutenqueue => false, + spool_queuesize => 1200000, + spool_discardmark => undef, + spool_discardseverity => undef, remote_type => 'tcp', remote_forward_format => 'RSYSLOG_ForwardFormat', log_local => false, @@ -249,6 +252,9 @@ The following lists all the class parameters this module accepts. ------------------------------------------------------------------- log_remote true,false Log Remotely. Defaults to true. spool_size STRING Max size for disk queue if remote server failed. Defaults to '1g'. + spool_queuesize STRING Maximum number of entries waiting in queue + spool_discardmark STRING Start discarding messages after some number of msgs in queue + spool_discardseverity STRING Which severity of messages to discard when watermark is hit remote_type 'tcp','udp','relp' Which protocol to use when logging remotely. Defaults to 'tcp'. remote_forward_format STRING Which forward format for remote servers should be used. Only used if remote_servers is false. log_local true,false Log locally. Defaults to false. diff --git a/manifests/client.pp b/manifests/client.pp index e045adc8..653918cc 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -7,6 +7,9 @@ # [*log_remote*] # [*spool_size*] # [*spool_timeoutenqueue*] +# [*spool_queuesize*] +# [*spool_discardmark*] +# [*spool_discardseverity*] # [*remote_type*] # [*remote_forward_format*] # [*log_local*] @@ -42,6 +45,9 @@ $log_remote = true, $spool_size = '1g', $spool_timeoutenqueue = false, + $spool_queuesize = 1200000, + $spool_discardmark = undef, + $spool_discardseverity = undef, $remote_type = 'tcp', $remote_forward_format = 'RSYSLOG_ForwardFormat', $log_local = false, @@ -83,7 +89,7 @@ } if $content_real { - rsyslog::snippet { '00_client': + rsyslog::snippet { '01_client': ensure => present, content => $content_real, } @@ -105,7 +111,7 @@ ensure => absent, } - rsyslog::snippet { '00_client_config': + rsyslog::snippet { '01_client_config': ensure => present, content => template("${module_name}/client/config.conf.erb"), } @@ -121,6 +127,10 @@ } } + if $spool_discard_severity and ! $spool_discardmark { + fail('You cannot use spool discard severity without discard mark set.') + } + if $ssl and $ssl_ca == undef { fail('You need to define $ssl_ca in order to use SSL.') } diff --git a/manifests/params.pp b/manifests/params.pp index d5c24623..ea129651 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -58,7 +58,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $service_hasrestart = true $service_hasstatus = true @@ -79,7 +79,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $omit_local_logging = false $im_journal_ratelimit_interval = undef @@ -97,7 +97,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $omit_local_logging = false $im_journal_ratelimit_interval = undef @@ -115,7 +115,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $omit_local_logging = false $im_journal_ratelimit_interval = undef @@ -123,7 +123,7 @@ $im_journal_ignore_previous_messages = undef $im_journal_statefile = undef } - elsif versioncmp($::operatingsystemmajrelease, '7') >= 0 { + elsif versioncmp($::operatingsystemmajrelease, '7') == 0 { $rsyslog_package_name = 'rsyslog' $mysql_package_name = 'rsyslog-mysql' $pgsql_package_name = 'rsyslog-pgsql' @@ -134,7 +134,27 @@ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imjournal # provides access to the systemd journal', '#$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', + ] + $omit_local_logging = true + $im_journal_ratelimit_interval = '600' + $im_journal_ratelimit_burst = '20000' + $im_journal_ignore_previous_messages = 'off' + $im_journal_statefile = 'imjournal.state' + } + elsif versioncmp($::operatingsystemmajrelease, '8') >= 0 { + $rsyslog_package_name = 'rsyslog' + $mysql_package_name = 'rsyslog-mysql' + $pgsql_package_name = 'rsyslog-pgsql' + $gnutls_package_name = 'rsyslog-gnutls' + $relp_package_name = 'rsyslog-relp' + $default_config_file = 'rsyslog_default_rhel7' + $modules = [ + '$ModLoad imuxsock # provides support for local system logging', + '#$ModLoad imjournal # provides access to the systemd journal', + 'module(load="imjournal" FileCreateMode="0600") # workaround for https://github.com/rsyslog/rsyslog/issues/5375', + '#$ModLoad imklog # provides kernel logging support (previously done by rklogd)', + '$ModLoad immark # provides --MARK-- message capability', ] $omit_local_logging = true $im_journal_ratelimit_interval = '600' @@ -151,7 +171,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $omit_local_logging = false $im_journal_ratelimit_interval = undef @@ -200,7 +220,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $omit_local_logging = false $im_journal_ratelimit_interval = undef @@ -232,7 +252,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $service_hasrestart = true $service_hasstatus = true @@ -268,7 +288,7 @@ $modules = [ '$ModLoad imuxsock # provides support for local system logging', '$ModLoad imklog # provides kernel logging support (previously done by rklogd)', - '#$ModLoad immark # provides --MARK-- message capability', + '$ModLoad immark # provides --MARK-- message capability', ] $service_hasrestart = true $service_hasstatus = true diff --git a/manifests/server.pp b/manifests/server.pp index a90c0e7d..45ad0796 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -48,6 +48,8 @@ $enable_tcp = true, $enable_udp = true, $enable_relp = true, + $custom_templates = [], + $custom_rules = [], $remote_ruleset_tcp = true, $remote_ruleset_udp = true, $remote_ruleset_relp = true, diff --git a/templates/client/config.conf.erb b/templates/client/config.conf.erb index f4afabea..ebe4176f 100644 --- a/templates/client/config.conf.erb +++ b/templates/client/config.conf.erb @@ -6,6 +6,13 @@ $ActionQueueSaveOnShutdown on # save messages to disk on shutdown <% if scope.lookupvar('rsyslog::client::spool_timeoutenqueue') -%> $ActionQueueTimeoutEnqueue <%= scope.lookupvar('rsyslog::client::spool_timeoutenqueue') -%> # time to wait before discarding on full spool <% end -%> +$ActionQueueSize <%= scope.lookupvar('rsyslog::client::spool_queuesize') %> # Maximum number of entries waiting in queue +<% if scope.lookupvar('rsyslog::client::spool_discardmark') -%> +$ActionQueueDiscardMark <%= scope.lookupvar('rsyslog::client::spool_discardmark') %> # Start discarding messages after NUM msgs in queue +<% end -%> +<% if scope.lookupvar('rsyslog::client::spool_discardseverity') -%> +$ActionQueueDiscardSeverity <%= scope.lookupvar('rsyslog::client::spool_discardseverity') %> # Which messages to discard when watermark is hit +<% end -%> $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinety retries if host is down <% if scope.lookupvar('rsyslog::client::log_templates') and ! scope.lookupvar('rsyslog::client::log_templates').empty?-%> diff --git a/templates/rsyslog.conf.erb b/templates/rsyslog.conf.erb index 10333e37..ccd0fae5 100644 --- a/templates/rsyslog.conf.erb +++ b/templates/rsyslog.conf.erb @@ -28,7 +28,7 @@ $MaxMessageSize <%= scope.lookupvar('rsyslog::max_message_size') %> # # Set rate limit for messages received. -# +# <%- if @system_log_rate_limit_interval -%> $SystemLogRateLimitInterval <%= scope.lookupvar('rsyslog::system_log_rate_limit_interval') %> <%- end -%> diff --git a/templates/server-default.conf.erb b/templates/server-default.conf.erb index 3afdebaf..9dc977b9 100644 --- a/templates/server-default.conf.erb +++ b/templates/server-default.conf.erb @@ -42,9 +42,18 @@ $Template auditFormat,"%msg%\n" <% else -%> # Template -$Template dynAllMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>messages" - +$Template dynAllMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%FROMHOST:R,ERE,1,DFLT:[^.]*\.([^.]*)\.--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>/%FROMHOST%/%PROGRAMNAME%.log" +<% if scope.lookupvar('rsyslog::server::custom_templates') -%> +<% scope.lookupvar('rsyslog::server::custom_templates').each do |template| -%> +$Template <%= template %> +<% end -%> +<% end -%> # Rules +<% if scope.lookupvar('rsyslog::server::custom_rules') -%> +<% scope.lookupvar('rsyslog::server::custom_rules').each do |rule| -%> +<%= rule %> +<% end -%> +<% end -%> *.* -?dynAllMessages <% end -%> <% end -%>