Skip to content
Snippets Groups Projects
Select Git revision
  • a5c7cdc708ddec3b497e406683a6e65946bcdf7b
  • master default protected
2 results

syslog-ng-poc-installer.sh

Blame
  • syslog-ng-poc-installer.sh 6.05 KiB
    #!/bin/bash
    
    # halt on error
    set -e
    
    echo "Setup CRON script to update"
    cat <<EOF > /etc/cron.hourly/syslog-ng-updater.sh
    #!/bin/bash
    curl --silent "https://git.sch.bme.hu/snippets/38/raw" | bash
    
    EOF
    
    chmod +x /etc/cron.hourly/syslog-ng-updater.sh
    
    SYSLOG_NG_INSTALLED=$(dpkg -s syslog-ng 2>&1 | grep " is not installed" | wc -l)
    
    if [ $SYSLOG_NG_INSTALLED = "1" ]; then
      echo "Syslog-ng is NOT installed."
      apt-get update
      apt-get install -y syslog-ng
    else
      echo "Syslog-ng is installed."
    fi
    
    VER=$(syslog-ng --version \
    | grep 'Installer-Version' \
    | awk '{print $2}' \
    | grep -oE '[0-9]\.[0-9]{1,2}')
    
    IP=$(ip -br a \
    | grep '152.66\|172.20\|10.10.\|10.20.\|10.0\|10.172' \
    | awk '{print $3}' \
    | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \
    | head -n1 \
    | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.' )
    
    echo "Overwrite syslog-ng.conf"
    cat <<EOF > /etc/syslog-ng/syslog-ng.conf
    @version: $VER
    @include "scl.conf"
    
    # Nagy a baj, ha TTY ról kell tájékozódni, de megeshet.
    @include "\`scl-root\`/system/tty10.conf"
    
    options {
        # Specifies how many lines are flushed to a destination at a time.
        # waits for this number of lines to accumulate and sends them.
        # increases throughput as more messages are sent in a single batch,
        # but also increases message latency.
        flush-lines(0);
    
        # keeps syslog message's host
        keep-hostname(yes);
    
        # Use Fully Qualified Domain Name if possible
        use-fqdn(yes);
    
        # The owner of the directories created by syslog-ng.
        owner("root");
    
        # The group of the directories created by syslog-ng.
        group("adm");
    
        # The permission mask of the file if it is created by syslog-ng.
        perm(0640);
        bad_hostname("^gconfd\$");
        chain-hostnames(off);
    
        # log with microsecond precision
        ts-format(iso);
        frac-digits(6);
    
        # detect dead TCP connection
        mark-freq(3600);
        stats_freq(43200);
    
        # DNS failover
        time-reopen(10);
        dns-cache-expire(30);
        dns-cache-expire-failed(30);
    };
    
    ########################
    # Sources
    ########################
    # This is the default behavior of sysklogd package
    # Logs may come from unix stream, but not from another machine.
    #
    
    source s_local {
       systemd-journal();
       internal();
    };
    
    # Open for local logs (e.g. nginx)
    source s_local_net {
        udp(ip(127.0.0.1) port(514));
    };
    
    ########################
    # Destinations
    ########################
    
    # The root's console.
    destination d_console { usertty("root"); };
    destination d_console_all { file(\`tty10\`); };
    
    # Send the messages to an other host
    destination d_kszk_log_collector {
    # KSZK log collector service receives logs
    # on IPs:
    # - 152.66.208.17/24
    # - 172.20.208.17/16
    # - 10.172.208.17/16
    # - 10.10.208.17/16
    # - 10.20.208.17/16
    # - 10.0.208.17/16
    # Choose as you want
    	network("${IP}208.17"
    		port(5514)
    		template("\$(format-ewmm)\n")
    		transport("tls")
    		tls(ca-dir('/etc/syslog-ng/cert'))
    	);
    };
    
    # for fail2ban
    destination d_authlog { file("/var/log/auth.log"); };
    
    # DO NOT use file logging because systemd-journald does the same thing
    #destination d_file {
    #   file("/var/log/syslog-ng-local.log");
    #};
    
    ########################
    # Filters
    ########################
    # Here's come the filter options. With this rules, we can set which
    # message go where.
    
    filter f_crit { level(crit .. emerg); };
    filter f_console { level(warn .. emerg); };
    
    # like auth.log
    filter f_auth { facility(auth); };
    
    # Define your secrets
    #filter f_no_sensitive {
    #    not program("log@elastic") and
    #    not program("log@kibana") and
    #    not program("log@logstash");
    #};
    
    ########################
    # Log paths
    ########################
    
    # Local console
    log { source(s_local); filter(f_console); destination(d_console_all); };
    log { source(s_local); filter(f_crit); destination(d_console); };
    
    # make auth.log
    log { source(s_local); filter(f_auth); destination(d_authlog); };
    
    # Remote log collector (KSZK)
    log {
        source(s_local);
        source(s_local_net);
    #    filter(f_no_sensitive);
        destination(d_kszk_log_collector);
    #    destination(d_file); # NE TEDD!
    };
    
    ###
    # Include all config files in /etc/syslog-ng/conf.d/
    ###
    #@include "/etc/syslog-ng/conf.d/*.conf"
    
    EOF
    
    echo "Place CA cert"
    mkdir -p /etc/syslog-ng/cert/
    cat <<EOF > /etc/syslog-ng/cert/7426a4ab.0
    -----BEGIN CERTIFICATE-----
    MIIFHTCCAwWgAwIBAgIUGEa/xytZC/F0XjLGDFhLaP0JahkwDQYJKoZIhvcNAQEL
    BQAwHTEbMBkGA1UEAwwSa3N6ay1tb25pdG9yaW5nLWNhMCAXDTIwMDcyMDA2NTMy
    NloYDzIxMjAwNjI2MDY1MzI2WjAdMRswGQYDVQQDDBJrc3prLW1vbml0b3Jpbmct
    Y2EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDi5CgzSYBXa6BZD6jI
    TUBMBH/H+txca5Qis9F37H4lniePIl0/sSBU3mof3K5CnP+9OY89bOQ00B7YW0D3
    zX/hHwVEnWqN7HJKdeWyB/zu0j9/AtrjxzAGFy0gOLAnDu8kDinXolG1mdmkyG27
    WwauqkAW9LXQXnTEZsiG0ICBbm+2qFjClK/mR+fplxT1HYlMfKXMs1VngvpZSx3l
    vnDt1OLy7snkzJWhLUcQIBbgckmzRRvIblPKB47n8BFe12316UMxMhL4pJkj//ht
    v9Dw+rKX8O0XswrVt53SlPvCZ9RXUey3Yrl62TalPBQzZcLmXyCA3U97NC1qJ5lM
    vtZOZDI1ny4EewsKeFoYdpL0ittVPAkz+ZLTXvyVs40uBjFEpiZoRFsmKI9wTLpy
    0MzL1+vXdjboYmNt6Q4mYg9hgEyB/Lal8kvZM95EpAtDT2WqnrGz0bFYuzsDJmzn
    jqakSuuA6WBHck/3Mj5Ae9UlYjoIdF36QV9MyR3BBgPmhXIR/ayVZn9A9xexWspj
    j/8pQUP6eY66oq7JI7To5qJlnGs9DIPu+Qb9oY3MntHOB1Uufk0Bc2B0++9qzdvY
    dduOI/gNDnOiMqVzxrId2Qczw+XXUKjxXFPe8MO2oIeVEEHvOsG4mkcomZlDyt44
    Pihnzs4MiTxc53qrASeQkFIKUQIDAQABo1MwUTAdBgNVHQ4EFgQUgwnwVfiU2IiH
    veZZNUWKp4uEAxwwHwYDVR0jBBgwFoAUgwnwVfiU2IiHveZZNUWKp4uEAxwwDwYD
    VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAN73Rww3kz6PhDEhD+IIC
    cD/wXx9WRqeQYdKfGclaahfV3co1MrxkByF0vPm1WBViDKlZ4B+YswmSEre/ev0J
    2QICcNq2kw/FOV3TJBVlN+WKhKvvOiXXuoiKUcC03A8DTa4plu5gctwHGQqepGId
    rVYLpDNMwhzxm2IsnwSm3mW6yOIQgopgqhvsOHJeVvhI7FR8JgwCMISW+gUfvW2G
    +w1OsEd94BitfyozRVAxt+iX4H4tBKnhNci7cKlBN0HAQzdeg7AKSBZcMGNAOqF5
    fAe5aXuzDkoIoZPYDmWXtak4GwtunfyzQtN68cODxaIOOlrkEcRkBxH/C8Ro/vXt
    Idy43iVnFzkFZ+f//bfeN0Ez0LPCZ2hcUHG/O7eNGLlHG3Ki0eSinEjSv1A60y75
    sb6J8hqQoeYZj6sGMz5BPoWSHke8QdhETeL6OMzvxjSYZBInbpdSLQKT7LaABWKV
    qQALZLwXChZKYcy71eFWZwcqSBj5WuwxhivwmXDOXfsqjQ7/YMlZN1RtselTMJ3C
    CAhAMcrlnBNxRFLAXlvbREfeHNR4nke/JJQ30nSkdIOF7z/qJRP6+JA5yREqcEn0
    QnU1rVzO5eOu+snh9NhSP8dssaTjojJG/8d95x5rW0v/2+EjA9kxSHWLXM8h8mGC
    bcZJBrAwE+YcLNPtorLhnIQ=
    -----END CERTIFICATE-----
    
    EOF
    
    systemctl restart syslog-ng
    
    echo "v0.3 last run: $(date)" > /tmp/last-syslog-collector-setup