cellinfo
/
tftpboot
2
0
Fork 0
Code Issues 2 Pull Requests Releases Activity

Log Management #12

New Issue
Closed
opened 2020-11-19 11:04:33 +01:00 by jegardai · 4 comments
jegardai commented 2020-11-19 11:04:33 +01:00
Owner
Copy Link

Créée le Mon, 04 Sep 2017 18:55:58

  • Don't touch at rsyslogd configuration (as least as possible).
  • Use logrotate to move old log files to a specific directory :
    • /var/log/messages.d
    • /var/log/syslog.d
    • /var/log/kern
    • /var/log/daemon
  • Use a ".d" suffix only for logs that doesn't end with a ".log" ?
  • Add a symlink of the current log file to the directory ? => readability

Advantages :

  • Avoid to modify multiple other configurations (Xymon, Fail2ban,…).
  • This doesn't depend on rsyslog anymore.
Créée le Mon, 04 Sep 2017 18:55:58 * Don't touch at `rsyslogd` configuration (as least as possible). * Use `logrotate` to move old log files to a specific directory : * /var/log/messages.d * /var/log/syslog.d * /var/log/kern * /var/log/daemon * Use a ".d" suffix only for logs that doesn't end with a ".log" ? * Add a symlink of the current log file to the directory ? => readability **Advantages** : * Avoid to modify multiple other configurations (Xymon, Fail2ban,…). * This doesn't depend on `rsyslog` anymore.
jegardai added the
enhancement
 label 2020-11-19 11:04:33 +01:00
jegardai commented 2020-11-19 11:04:55 +01:00
Author
Owner
Copy Link

Ajouté le Tue, 05 Sep 2017 14:48:56

New default rsyslog.conf for Debian Stretch :

#  /etc/rsyslog.conf	Configuration file for rsyslog.
#
#			For more information see
#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*			/var/log/auth.log
*.*;auth,authpriv.none		-/var/log/syslog
#cron.*				/var/log/cron.log
daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info			-/var/log/mail.info
mail.warn			-/var/log/mail.warn
mail.err			/var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none	-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none		-/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg				:omusrmsg:*
Ajouté le Tue, 05 Sep 2017 14:48:56 New default rsyslog.conf for Debian Stretch : ``` sh # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception #module(load="imudp") #input(type="imudp" port="514") # provides TCP syslog reception #module(load="imtcp") #input(type="imtcp" port="514") ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Set the default permissions for all log files. # $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf ############### #### RULES #### ############### # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # # Some "catch-all" log files. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg :omusrmsg:* ```
jegardai commented 2020-11-19 11:05:27 +01:00
Author
Owner
Copy Link

Ajouté le Wed, 06 Sep 2017 11:48:49

Move default Rsyslog conf to two differents files :

Ajouté le Wed, 06 Sep 2017 11:48:49 Move default Rsyslog conf to two differents files : * https://git.ipr.univ-rennes1.fr/cellinfo/tftpboot/commit/019e4b32db037945d480ba667357388dac8fcec3 * https://git.ipr.univ-rennes1.fr/cellinfo/tftpboot/commit/019e4b32db037945d480ba667357388dac8fcec3
jegardai commented 2020-11-19 11:05:51 +01:00
Author
Owner
Copy Link

Ajouté le Wed, 06 Sep 2017 11:50:09

New Logrotate configuration for Rsyslog and ensure to create needed directories :

Ajouté le Wed, 06 Sep 2017 11:50:09 New Logrotate configuration for Rsyslog and ensure to create needed directories : * https://git.ipr.univ-rennes1.fr/cellinfo/tftpboot/commit/019e4b32db037945d480ba667357388dac8fcec3 * https://git.ipr.univ-rennes1.fr/cellinfo/tftpboot/commit/4dfa242d07ed290715c1d5439f910b7fe78603d9
jegardai commented 2020-11-19 11:06:15 +01:00
Author
Owner
Copy Link

Closed with 8c64644a93 and e996af165d

Closed with 8c64644a93da56b8839414aeef8682ce16e88759 and e996af165d198ab7d97a5915189862baadf85d5d
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
v1.0.0
v0.4.1
v0.4.0
v0.3.0
v0.2.2
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
Fun

   
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
Fun
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cellinfo/tftpboot#12
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?