1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
# puppet-rsyslog [![Build Status](https://secure.travis-ci.org/saz/puppet-rsyslog.png)](https://travis-ci.org/saz/puppet-rsyslog)
Manage rsyslog client and server via Puppet
## REQUIREMENTS
* Puppet >=2.6 if using parameterized classes
* Currently supports Ubuntu >=11.04 & Debian running rsyslog >=4.5
## USAGE
### Client
#### Using default values
```
class { 'rsyslog::client': }
```
#### Variables and default values
```
class { 'rsyslog::client':
log_remote => true,
spool_size => '1g',
remote_type => 'tcp',
remote_forward_format => 'RSYSLOG_ForwardFormat',
log_local => false,
log_auth_local => false,
custom_config => undef,
custom_params => undef,
server => 'log',
port => '514',
remote_servers => false,
ssl_ca => undef,
log_templates => false,
actionfiletemplate => false
}
```
for read from file
```
rsyslog::imfile { 'my-imfile':
file_name => '/some/file',
file_tag => 'mytag',
file_facility => 'myfacility',
}
```
#### Defining custom logging templates
The `log_templates` parameter can be used to set up custom logging templates, which can be used for local and/or remote logging. More detail on template formats can be found in the [rsyslog documentation](http://www.rsyslog.com/doc/rsyslog_conf_templates.html).
The following examples sets up a custom logging template as per [RFC3164fmt](https://www.ietf.org/rfc/rfc3164.txt):
```puppet
class{'rsyslog::client':
log_templates => [
{
name => 'RFC3164fmt',
template => '<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%',
},
]
}
```
#### Logging to multiple remote servers
The `remote_servers` parameter can be used to set up logging to multiple remote servers which are supplied as a list of key value pairs for each remote. There is an example configuration provided in `./test/multiple_hosts.pp`
Using the `remote_servers` parameter over-rides the other remote sever parameters, and they will not be used in the client configuration file:
* `log_remote`
* `remote_type`
* `server`
* `port`
The following example sets up three remote logging hosts for the client:
```puppet
class{'rsyslog::client':
remote_servers => [
{
host => 'logs.example.org',
},
{
port => '55514',
},
{
host => 'logs.somewhere.com',
port => '555',
pattern => '*.log',
protocol => 'tcp',
format => 'RFC3164fmt',
},
]
}
```
Each host has the following parameters:
* *host*: Sets the address or hostname of the remote logging server. Defaults to `localhost`
* *port*: Sets the port the host is listening on. Defaults to `514`
* *pattern*: Sets the pattern to match logs. Defaults to `*.*`
* *protocol*: Sets the protocol. Only recognises TCP and UDP. Defaults to UDP
* *format*: Sets the log format. Defaults to not specifying log format, which defaults to the format set by `ActionFileDefaultTemplate` in the client configuration.
#### Logging to a MySQL or PostgreSQL database
Events can also be logged to a MySQL or PostgreSQL database. The database needs to be deployed separately, either locally or remotely. Schema are available from the `rsyslog` source:
* [MySQL schema](http://git.adiscon.com/?p=rsyslog.git;a=blob_plain;f=plugins/ommysql/createDB.sql)
* [PostgreSQL schema](http://git.adiscon.com/?p=rsyslog.git;a=blob_plain;f=plugins/ompgsql/createDB.sql)
Declare the following to configure the connection:
````
class { 'rsyslog::database':
backend => 'mysql',
server => 'localhost',
database => 'Syslog',
username => 'rsyslog',
password => 'secret',
}
````
### Server
#### Using default values
```
class { 'rsyslog::server': }
```
#### Variables and default values
```
class { 'rsyslog::server':
enable_tcp => true,
enable_udp => true,
enable_onefile => false,
server_dir => '/srv/log/',
custom_config => undef,
high_precision_timestamps => false,
}
```
Both can be installed at the same time.
## PARAMETERS
The following lists all the class parameters this module accepts.
RSYSLOG::SERVER CLASS PARAMETERS VALUES DESCRIPTION
-------------------------------------------------------------------
enable_tcp true,false Enable TCP listener. Defaults to true.
enable_udp true,false Enable UDP listener. Defaults to true.
enable_onefile true,false Only one logfile per remote host. Defaults to false.
server_dir STRING Folder where logs will be stored on the server. Defaults to '/srv/log/'
custom_config STRING Specify your own template to use for server config. Defaults to undef. Example usage: custom_config => 'rsyslog/my_config.erb'
high_precision_timestamps true,false Whether or not to use high precision timestamps.
remote_servers HASH Provides a hash of multiple remote logging servers. Check documentation.
RSYSLOG::CLIENT CLASS PARAMETERS VALUES DESCRIPTION
-------------------------------------------------------------------
log_remote true,false Log Remotely. Defaults to true.
spool_size STRING Max size for disk queue if remote server failed. Defaults to '1g'.
remote_type 'tcp','udp' Which protocol to use when logging remotely. Defaults to 'tcp'.
remote_forward_format STRING Which forward format for remote servers should be used. Only used if remote_servers is false.
log_local true,false Log locally. Defaults to false.
log_auth_local true,false Just log auth facility locally. Defaults to false.
custom_config STRING Specify your own template to use for client config. Defaults to undef. Example usage: custom_config => 'rsyslog/my_config.erb
custom_params TODO TODO
server STRING Rsyslog server to log to. Will be used in the client configuration file. Only used, if remote_servers is false.
port '514' Remote server port. Only used if remote_servers is false.
remote_servers Array of hashes Array of hashes with remote servers. See documentation above. Defaults to false.
ssl_ca STRING SSL CA file location. Defaults to undef.
log_templates HASH Provides a has defining custom logging templates using the `$template` configuration parameter.
actionfiletemplate STRING If set this defines the `ActionFileDefaultTemplate` which sets the default logging format for remote and local logging.
RSYSLOG::DATABASE CLASS PARAMETERS VALUES DESCRIPTION
-------------------------------------------------------------------
backend 'mysql','pgsql' Database backend (MySQL or PostgreSQL).
server STRING Database server.
database STRING Database name.
username STRING Database username.
password STRING Database password.
### Other notes
Due to a missing feature in current RELP versions (InputRELPServerBindRuleset option),
remote logging is using TCP. You can switch between TCP and UDP. As soon as there is
a new RELP version which supports setting Rulesets, I will add support for relp back.
By default, rsyslog::server will strip numbers from hostnames. This means the logs of
multiple servers with the same non-numerical name will be aggregrated in a single
directory. i.e. www01 www02 and www02 would all log to the www directory.
To log each host to a seperate directory, set the custom_config parameter to
'rsyslog/server-hostname.conf.erb'
|