Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
Syslog collector
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Robotka István Adrián
Syslog collector
Commits
a5c7cdc7
Verified
Commit
a5c7cdc7
authored
4 years ago
by
Robotka István Adrián
Browse files
Options
Downloads
Patches
Plain Diff
add syslog-ng-poc-installer.sh
parents
Branches
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
syslog-ng-poc-installer.sh
+219
-0
219 additions, 0 deletions
syslog-ng-poc-installer.sh
with
219 additions
and
0 deletions
syslog-ng-poc-installer.sh
0 → 100755
+
219
−
0
View file @
a5c7cdc7
#!/bin/bash
# halt on error
set
-e
echo
"Setup CRON script to update"
cat
<<
EOF
> /etc/cron.hourly/syslog-ng-updater.sh
#!/bin/bash
curl --silent "https://git.sch.bme.hu/snippets/38/raw" | bash
EOF
chmod
+x /etc/cron.hourly/syslog-ng-updater.sh
SYSLOG_NG_INSTALLED
=
$(
dpkg
-s
syslog-ng 2>&1 |
grep
" is not installed"
|
wc
-l
)
if
[
$SYSLOG_NG_INSTALLED
=
"1"
]
;
then
echo
"Syslog-ng is NOT installed."
apt-get update
apt-get
install
-y
syslog-ng
else
echo
"Syslog-ng is installed."
fi
VER
=
$(
syslog-ng
--version
\
|
grep
'Installer-Version'
\
|
awk
'{print $2}'
\
|
grep
-oE
'[0-9]\.[0-9]{1,2}'
)
IP
=
$(
ip
-br
a
\
|
grep
'152.66\|172.20\|10.10.\|10.20.\|10.0\|10.172'
\
|
awk
'{print $3}'
\
|
grep
-oE
'[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
\
|
head
-n1
\
|
grep
-oE
'[0-9]{1,3}\.[0-9]{1,3}\.'
)
echo
"Overwrite syslog-ng.conf"
cat
<<
EOF
> /etc/syslog-ng/syslog-ng.conf
@version:
$VER
@include "scl.conf"
# Nagy a baj, ha TTY ról kell tájékozódni, de megeshet.
@include "
\`
scl-root
\`
/system/tty10.conf"
options {
# Specifies how many lines are flushed to a destination at a time.
# waits for this number of lines to accumulate and sends them.
# increases throughput as more messages are sent in a single batch,
# but also increases message latency.
flush-lines(0);
# keeps syslog message's host
keep-hostname(yes);
# Use Fully Qualified Domain Name if possible
use-fqdn(yes);
# The owner of the directories created by syslog-ng.
owner("root");
# The group of the directories created by syslog-ng.
group("adm");
# The permission mask of the file if it is created by syslog-ng.
perm(0640);
bad_hostname("^gconfd
\$
");
chain-hostnames(off);
# log with microsecond precision
ts-format(iso);
frac-digits(6);
# detect dead TCP connection
mark-freq(3600);
stats_freq(43200);
# DNS failover
time-reopen(10);
dns-cache-expire(30);
dns-cache-expire-failed(30);
};
########################
# Sources
########################
# This is the default behavior of sysklogd package
# Logs may come from unix stream, but not from another machine.
#
source s_local {
systemd-journal();
internal();
};
# Open for local logs (e.g. nginx)
source s_local_net {
udp(ip(127.0.0.1) port(514));
};
########################
# Destinations
########################
# The root's console.
destination d_console { usertty("root"); };
destination d_console_all { file(
\`
tty10
\`
); };
# Send the messages to an other host
destination d_kszk_log_collector {
# KSZK log collector service receives logs
# on IPs:
# - 152.66.208.17/24
# - 172.20.208.17/16
# - 10.172.208.17/16
# - 10.10.208.17/16
# - 10.20.208.17/16
# - 10.0.208.17/16
# Choose as you want
network("
${
IP
}
208.17"
port(5514)
template("
\$
(format-ewmm)
\n
")
transport("tls")
tls(ca-dir('/etc/syslog-ng/cert'))
);
};
# for fail2ban
destination d_authlog { file("/var/log/auth.log"); };
# DO NOT use file logging because systemd-journald does the same thing
#destination d_file {
# file("/var/log/syslog-ng-local.log");
#};
########################
# Filters
########################
# Here's come the filter options. With this rules, we can set which
# message go where.
filter f_crit { level(crit .. emerg); };
filter f_console { level(warn .. emerg); };
# like auth.log
filter f_auth { facility(auth); };
# Define your secrets
#filter f_no_sensitive {
# not program("log@elastic") and
# not program("log@kibana") and
# not program("log@logstash");
#};
########################
# Log paths
########################
# Local console
log { source(s_local); filter(f_console); destination(d_console_all); };
log { source(s_local); filter(f_crit); destination(d_console); };
# make auth.log
log { source(s_local); filter(f_auth); destination(d_authlog); };
# Remote log collector (KSZK)
log {
source(s_local);
source(s_local_net);
# filter(f_no_sensitive);
destination(d_kszk_log_collector);
# destination(d_file); # NE TEDD!
};
###
# Include all config files in /etc/syslog-ng/conf.d/
###
#@include "/etc/syslog-ng/conf.d/*.conf"
EOF
echo
"Place CA cert"
mkdir
-p
/etc/syslog-ng/cert/
cat
<<
EOF
> /etc/syslog-ng/cert/7426a4ab.0
-----BEGIN CERTIFICATE-----
MIIFHTCCAwWgAwIBAgIUGEa/xytZC/F0XjLGDFhLaP0JahkwDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSa3N6ay1tb25pdG9yaW5nLWNhMCAXDTIwMDcyMDA2NTMy
NloYDzIxMjAwNjI2MDY1MzI2WjAdMRswGQYDVQQDDBJrc3prLW1vbml0b3Jpbmct
Y2EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDi5CgzSYBXa6BZD6jI
TUBMBH/H+txca5Qis9F37H4lniePIl0/sSBU3mof3K5CnP+9OY89bOQ00B7YW0D3
zX/hHwVEnWqN7HJKdeWyB/zu0j9/AtrjxzAGFy0gOLAnDu8kDinXolG1mdmkyG27
WwauqkAW9LXQXnTEZsiG0ICBbm+2qFjClK/mR+fplxT1HYlMfKXMs1VngvpZSx3l
vnDt1OLy7snkzJWhLUcQIBbgckmzRRvIblPKB47n8BFe12316UMxMhL4pJkj//ht
v9Dw+rKX8O0XswrVt53SlPvCZ9RXUey3Yrl62TalPBQzZcLmXyCA3U97NC1qJ5lM
vtZOZDI1ny4EewsKeFoYdpL0ittVPAkz+ZLTXvyVs40uBjFEpiZoRFsmKI9wTLpy
0MzL1+vXdjboYmNt6Q4mYg9hgEyB/Lal8kvZM95EpAtDT2WqnrGz0bFYuzsDJmzn
jqakSuuA6WBHck/3Mj5Ae9UlYjoIdF36QV9MyR3BBgPmhXIR/ayVZn9A9xexWspj
j/8pQUP6eY66oq7JI7To5qJlnGs9DIPu+Qb9oY3MntHOB1Uufk0Bc2B0++9qzdvY
dduOI/gNDnOiMqVzxrId2Qczw+XXUKjxXFPe8MO2oIeVEEHvOsG4mkcomZlDyt44
Pihnzs4MiTxc53qrASeQkFIKUQIDAQABo1MwUTAdBgNVHQ4EFgQUgwnwVfiU2IiH
veZZNUWKp4uEAxwwHwYDVR0jBBgwFoAUgwnwVfiU2IiHveZZNUWKp4uEAxwwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAN73Rww3kz6PhDEhD+IIC
cD/wXx9WRqeQYdKfGclaahfV3co1MrxkByF0vPm1WBViDKlZ4B+YswmSEre/ev0J
2QICcNq2kw/FOV3TJBVlN+WKhKvvOiXXuoiKUcC03A8DTa4plu5gctwHGQqepGId
rVYLpDNMwhzxm2IsnwSm3mW6yOIQgopgqhvsOHJeVvhI7FR8JgwCMISW+gUfvW2G
+w1OsEd94BitfyozRVAxt+iX4H4tBKnhNci7cKlBN0HAQzdeg7AKSBZcMGNAOqF5
fAe5aXuzDkoIoZPYDmWXtak4GwtunfyzQtN68cODxaIOOlrkEcRkBxH/C8Ro/vXt
Idy43iVnFzkFZ+f//bfeN0Ez0LPCZ2hcUHG/O7eNGLlHG3Ki0eSinEjSv1A60y75
sb6J8hqQoeYZj6sGMz5BPoWSHke8QdhETeL6OMzvxjSYZBInbpdSLQKT7LaABWKV
qQALZLwXChZKYcy71eFWZwcqSBj5WuwxhivwmXDOXfsqjQ7/YMlZN1RtselTMJ3C
CAhAMcrlnBNxRFLAXlvbREfeHNR4nke/JJQ30nSkdIOF7z/qJRP6+JA5yREqcEn0
QnU1rVzO5eOu+snh9NhSP8dssaTjojJG/8d95x5rW0v/2+EjA9kxSHWLXM8h8mGC
bcZJBrAwE+YcLNPtorLhnIQ=
-----END CERTIFICATE-----
EOF
systemctl restart syslog-ng
echo
"v0.3 last run:
$(
date
)
"
>
/tmp/last-syslog-collector-setup
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment