Skip to content
Snippets Groups Projects
Verified Commit a5c7cdc7 authored by Robotka István Adrián's avatar Robotka István Adrián
Browse files

add syslog-ng-poc-installer.sh

parents
Branches
No related tags found
No related merge requests found
#!/bin/bash
# halt on error
set -e
echo "Setup CRON script to update"
cat <<EOF > /etc/cron.hourly/syslog-ng-updater.sh
#!/bin/bash
curl --silent "https://git.sch.bme.hu/snippets/38/raw" | bash
EOF
chmod +x /etc/cron.hourly/syslog-ng-updater.sh
SYSLOG_NG_INSTALLED=$(dpkg -s syslog-ng 2>&1 | grep " is not installed" | wc -l)
if [ $SYSLOG_NG_INSTALLED = "1" ]; then
echo "Syslog-ng is NOT installed."
apt-get update
apt-get install -y syslog-ng
else
echo "Syslog-ng is installed."
fi
VER=$(syslog-ng --version \
| grep 'Installer-Version' \
| awk '{print $2}' \
| grep -oE '[0-9]\.[0-9]{1,2}')
IP=$(ip -br a \
| grep '152.66\|172.20\|10.10.\|10.20.\|10.0\|10.172' \
| awk '{print $3}' \
| grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' \
| head -n1 \
| grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.' )
echo "Overwrite syslog-ng.conf"
cat <<EOF > /etc/syslog-ng/syslog-ng.conf
@version: $VER
@include "scl.conf"
# Nagy a baj, ha TTY ról kell tájékozódni, de megeshet.
@include "\`scl-root\`/system/tty10.conf"
options {
# Specifies how many lines are flushed to a destination at a time.
# waits for this number of lines to accumulate and sends them.
# increases throughput as more messages are sent in a single batch,
# but also increases message latency.
flush-lines(0);
# keeps syslog message's host
keep-hostname(yes);
# Use Fully Qualified Domain Name if possible
use-fqdn(yes);
# The owner of the directories created by syslog-ng.
owner("root");
# The group of the directories created by syslog-ng.
group("adm");
# The permission mask of the file if it is created by syslog-ng.
perm(0640);
bad_hostname("^gconfd\$");
chain-hostnames(off);
# log with microsecond precision
ts-format(iso);
frac-digits(6);
# detect dead TCP connection
mark-freq(3600);
stats_freq(43200);
# DNS failover
time-reopen(10);
dns-cache-expire(30);
dns-cache-expire-failed(30);
};
########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_local {
systemd-journal();
internal();
};
# Open for local logs (e.g. nginx)
source s_local_net {
udp(ip(127.0.0.1) port(514));
};
########################
# Destinations
########################
# The root's console.
destination d_console { usertty("root"); };
destination d_console_all { file(\`tty10\`); };
# Send the messages to an other host
destination d_kszk_log_collector {
# KSZK log collector service receives logs
# on IPs:
# - 152.66.208.17/24
# - 172.20.208.17/16
# - 10.172.208.17/16
# - 10.10.208.17/16
# - 10.20.208.17/16
# - 10.0.208.17/16
# Choose as you want
network("${IP}208.17"
port(5514)
template("\$(format-ewmm)\n")
transport("tls")
tls(ca-dir('/etc/syslog-ng/cert'))
);
};
# for fail2ban
destination d_authlog { file("/var/log/auth.log"); };
# DO NOT use file logging because systemd-journald does the same thing
#destination d_file {
# file("/var/log/syslog-ng-local.log");
#};
########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_crit { level(crit .. emerg); };
filter f_console { level(warn .. emerg); };
# like auth.log
filter f_auth { facility(auth); };
# Define your secrets
#filter f_no_sensitive {
# not program("log@elastic") and
# not program("log@kibana") and
# not program("log@logstash");
#};
########################
# Log paths
########################
# Local console
log { source(s_local); filter(f_console); destination(d_console_all); };
log { source(s_local); filter(f_crit); destination(d_console); };
# make auth.log
log { source(s_local); filter(f_auth); destination(d_authlog); };
# Remote log collector (KSZK)
log {
source(s_local);
source(s_local_net);
# filter(f_no_sensitive);
destination(d_kszk_log_collector);
# destination(d_file); # NE TEDD!
};
###
# Include all config files in /etc/syslog-ng/conf.d/
###
#@include "/etc/syslog-ng/conf.d/*.conf"
EOF
echo "Place CA cert"
mkdir -p /etc/syslog-ng/cert/
cat <<EOF > /etc/syslog-ng/cert/7426a4ab.0
-----BEGIN CERTIFICATE-----
MIIFHTCCAwWgAwIBAgIUGEa/xytZC/F0XjLGDFhLaP0JahkwDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSa3N6ay1tb25pdG9yaW5nLWNhMCAXDTIwMDcyMDA2NTMy
NloYDzIxMjAwNjI2MDY1MzI2WjAdMRswGQYDVQQDDBJrc3prLW1vbml0b3Jpbmct
Y2EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDi5CgzSYBXa6BZD6jI
TUBMBH/H+txca5Qis9F37H4lniePIl0/sSBU3mof3K5CnP+9OY89bOQ00B7YW0D3
zX/hHwVEnWqN7HJKdeWyB/zu0j9/AtrjxzAGFy0gOLAnDu8kDinXolG1mdmkyG27
WwauqkAW9LXQXnTEZsiG0ICBbm+2qFjClK/mR+fplxT1HYlMfKXMs1VngvpZSx3l
vnDt1OLy7snkzJWhLUcQIBbgckmzRRvIblPKB47n8BFe12316UMxMhL4pJkj//ht
v9Dw+rKX8O0XswrVt53SlPvCZ9RXUey3Yrl62TalPBQzZcLmXyCA3U97NC1qJ5lM
vtZOZDI1ny4EewsKeFoYdpL0ittVPAkz+ZLTXvyVs40uBjFEpiZoRFsmKI9wTLpy
0MzL1+vXdjboYmNt6Q4mYg9hgEyB/Lal8kvZM95EpAtDT2WqnrGz0bFYuzsDJmzn
jqakSuuA6WBHck/3Mj5Ae9UlYjoIdF36QV9MyR3BBgPmhXIR/ayVZn9A9xexWspj
j/8pQUP6eY66oq7JI7To5qJlnGs9DIPu+Qb9oY3MntHOB1Uufk0Bc2B0++9qzdvY
dduOI/gNDnOiMqVzxrId2Qczw+XXUKjxXFPe8MO2oIeVEEHvOsG4mkcomZlDyt44
Pihnzs4MiTxc53qrASeQkFIKUQIDAQABo1MwUTAdBgNVHQ4EFgQUgwnwVfiU2IiH
veZZNUWKp4uEAxwwHwYDVR0jBBgwFoAUgwnwVfiU2IiHveZZNUWKp4uEAxwwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAN73Rww3kz6PhDEhD+IIC
cD/wXx9WRqeQYdKfGclaahfV3co1MrxkByF0vPm1WBViDKlZ4B+YswmSEre/ev0J
2QICcNq2kw/FOV3TJBVlN+WKhKvvOiXXuoiKUcC03A8DTa4plu5gctwHGQqepGId
rVYLpDNMwhzxm2IsnwSm3mW6yOIQgopgqhvsOHJeVvhI7FR8JgwCMISW+gUfvW2G
+w1OsEd94BitfyozRVAxt+iX4H4tBKnhNci7cKlBN0HAQzdeg7AKSBZcMGNAOqF5
fAe5aXuzDkoIoZPYDmWXtak4GwtunfyzQtN68cODxaIOOlrkEcRkBxH/C8Ro/vXt
Idy43iVnFzkFZ+f//bfeN0Ez0LPCZ2hcUHG/O7eNGLlHG3Ki0eSinEjSv1A60y75
sb6J8hqQoeYZj6sGMz5BPoWSHke8QdhETeL6OMzvxjSYZBInbpdSLQKT7LaABWKV
qQALZLwXChZKYcy71eFWZwcqSBj5WuwxhivwmXDOXfsqjQ7/YMlZN1RtselTMJ3C
CAhAMcrlnBNxRFLAXlvbREfeHNR4nke/JJQ30nSkdIOF7z/qJRP6+JA5yREqcEn0
QnU1rVzO5eOu+snh9NhSP8dssaTjojJG/8d95x5rW0v/2+EjA9kxSHWLXM8h8mGC
bcZJBrAwE+YcLNPtorLhnIQ=
-----END CERTIFICATE-----
EOF
systemctl restart syslog-ng
echo "v0.3 last run: $(date)" > /tmp/last-syslog-collector-setup
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment