Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.22.1 < 8.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-rsyslog', '8.1.0'
Learn more about managing modules with a PuppetfileDocumentation
#pupmod-simp-rsyslog
Table of Contents
Overview
pupmod-simp-rsyslog configures and manages RSyslog version 8 as built into either RHEL or CentOS versions 7 and 8.
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
If you find any issues, they can be submitted to our JIRA.
Module Description
This module follows the standard PuppetLabs module style guide with some SIMP-specific configuration items included for managing auditing, firewall rules, logging, SELinux, and TCPWrappers. All of these items are configurable and can be turned on or off as needed for each user environment.
pupmod-simp-rsyslog was designed to be as compatible with RSyslog v8-stable as possible, though the version that comes stock with RHEL or CentOS is slightly dated.
It is possible to use pupmod-simp-rsyslog on its own and configure all rules and settings as you like, but it is recommended that the SIMP Rsyslog Profile be used if possible. By default, this profile will setup security relevant logging rules and manage server/client configurations.
Setup
What pupmod-simp-rsyslog affects
Files managed by pupmod-simp-rsyslog:
- /etc/rsyslog.conf
- /etc/rsyslog.simp.d
In addition to these, the rsyslog::rule::<all>
definitions will create
numbered directories in the $rsyslog_rule_dir
, by default
/etc/rsyslog.simp.d
. These directories are included in alphanumeric order and
using the rsyslog::rule
definition, the user can specify any directory name
they want to impact order.
Services and operations managed or affected by pupmod-simp-rsyslog:
- rsyslogd
- auditd (configurable)
- firewall (configurable)
- NOTE: If firewall management is enabled, and you are using iptables (not
firewalld), then you MUST set
iptables::precise_match: true
in Hiera.
- NOTE: If firewall management is enabled, and you are using iptables (not
firewalld), then you MUST set
- TCPWrappers (configurable)
- SELinux (configurable)
- Logrotate (configurable)
Packages installed by pupmod-simp-rsyslog:
- rsyslog
- rsyslog-gnutls
Setup Requirements
It is strongly recommended that the logging infrastructure be set up in a resilient manner. Failover in RSyslog is tricky and choosing the wrong kind of queuing with failover could mean losing logs. This module attempts to protect you from that, but will allow you to change the queuing mechanism to meet your local requirements.
Beginning with pupmod-simp-rsyslog
Including rsyslog
will install, configure, and start the rsyslog daemon on a
client:
Puppet Code:
include rsyslog
Including rsyslog::server
will additionally configure the system as an Rsyslog
server.
Puppet Code:
include rsyslog::server
Usage
WARNING: The version of rsyslog that is included with EL7 and EL8 systems is not the final stable upstream release. In particular, TLS may only be enabled or disabled globally, not per ruleset or action!
pupmod-simp-rsyslog is meant to be extremely customizable, and as such there is no single best way to use it. For the SIMP specific recommendations on how to use RSyslog (and other modules as well), check out the SIMP profile.
I want standard remote logging on a client
An example of an RSyslog client configuration may look like the following, including possible file names and a simple remote rule to forward all logs on the system.
Hiera Config:
# Send to *all* of these servers!
log_servers:
- 'first.log.server'
- 'second.log.server'
failover_log_servers:
- 'first-failover.log.server'
- 'second-failover.log.server'
Puppet Code:
include rsyslog
I want to send everything to rsyslog from a client
NOTE: Everything must be in the form that would be in the middle of an
if/then
Rainerscript Expression.
For example, if you wanted to filter on the standard priority kern.err
, you
would put prifilt('kern.err')
in your rule
parameter.
This does not hold for a call to rsyslog::rule
since that is the
generic processor for all rules.
Hiera Config:
rsyslog::log_servers:
- 'first.log.server'
- 'second.log.server'
rsyslog::failover_log_servers:
- 'first.log.server'
- 'second.log.server'
Puppet Code:
class my_rsyslog_client {
rsyslog::rule::remote { 'send_the_logs':
rule => 'prifilt(\'*.*\')'
}
}
I want to disable TLS/PKI/Logrotate
Hiera Config:
rsyslog::log_servers:
- 'first.log.server'
- 'second.log.server'
rsyslog::failover_log_servers:
- 'first.log.server'
- 'second.log.server'
rsyslog::enable_tls_logging: false
rsyslog::logrotate: false
rsyslog::pki: false
I want to set up an RSyslog Server
Hiera Config:
rsyslog::log_servers:
- 'first.log.server'
- 'second.log.server'
rsyslog::failover_log_servers:
- 'first.log.server'
- 'second.log.server'
Puppet Code:
class my_rsyslog_server {
include rsyslog::server
rsyslog::template::string { 'store_the_logs':
string => '/var/log/hosts/%HOSTNAME%/everything.log'
}
}
Using the above, all possible logs sent from the client will be stored on the server in a single log file. Obviously, this is not always an effective strategy, but it is at least enough to get started. Further customizations can be built to help manage more logs appropriately. To learn more about how to use the templates and rules, feel free to browse through the code.
While this setup does cover all of the basics, using the SIMP suggested RSyslog profile will setup templates and a large set of default rules to help organize and send logs where possible. Included would also be a comprehensive set of security relevant logs to help filter important information.
I want to set up an Rsyslog Server without logrotate/pki/firewall/tcpwrappers
Hiera Config:
rsyslog::logrotate: false
rsyslog::server::enable_firewall: false
rsyslog::server::enable_selinux: false
rsyslog::server::enable_tcpwrappers: false
Central Log Forwarding
Following on from the first example, you may have an upstream server to which you want to send all logs from your collected hosts.
To do this, you would use a manifest similar to the following on your local log server to forward everything upstream. Note, the use of a custom template. Upstream systems may have their own requirements and this allows you to manipulate the log appropriately prior to forwarding the message along.
Puppet Code:
rsyslog::template::string { 'upstream':
string => 'I Love Logs! %msg%\n'
}
rsyslog::rule::remote { 'upstream':
# Send Everything
rule => 'prifilt(\'*.*\')',
# Use the 'upstream' template defined above
template => 'upstream',
# The Upstream Destination Server
dest => ['upstream.fq.dn'],
require => Rsyslog::Template::String['upstream']
}
Reference
Please refer to the REFERENCE.md.
Limitations
SIMP Puppet modules are generally intended for use on Red Hat Enterprise
Linux and compatible distributions, such as CentOS. Please see the
metadata.json
file for the most up-to-date list of
supported operating systems, Puppet versions, and module dependencies.
By default, pupmod-simp-rsyslog
tries to do the right thing during a failover
scenario and make sure that logs are always stored no matter what the state of
the remote log server(s) is. Be careful if you opt out of the default queuing
strategy for failover as it may cause undesirable results such as lost logs.
Development
Please read our Contribution Guide.
If you find any issues, they can be submitted to our JIRA.
Reference
Table of Contents
Classes
Public Classes
rsyslog
: Set up Rsyslog 8rsyslog::server
: Sets up the RSyslog server
Private Classes
rsyslog::config
rsyslog::config::logrotate
: Default log rotation for RSyslogrsyslog::install
: Installs the packages necessary for use of RSyslogrsyslog::server::firewall
: Sets up the firewall rules for RSyslog with management bysimp/iptables
rsyslog::server::selinux
: Sets up SELinux for RSyslogrsyslog::server::tcpwrappers
: Sets up TCPWrappers for RSyslog both plain TCP and TCP over TLS as necessaryrsyslog::service
: Manage the RSyslog service
Defined types
rsyslog::rule
: Adds a rulersyslog::rule::console
: Add a rule for writing logs to the consolersyslog::rule::data_source
: Add a rule for collecting logs from files on the systemrsyslog::rule::drop
: Add a rule to drop contentrsyslog::rule::local
: Add a rule targeting writing local system logsrsyslog::rule::other
: Adds an arbitrary rulersyslog::rule::remote
: Adds a rule to send messages to one or more remote systemrsyslog::template::list
: Add a template list to the rsyslog configuration filersyslog::template::plugin
: Add template plugins to the rsyslog configuration file.rsyslog::template::string
: Add template strings to the rsyslog configurationrsyslog::template::subtree
: Add template subtrees to the rsyslog configuration
Data types
Rsyslog::Boolean
: Representation of boolean values that are translated to 'on' and 'off' in Rsyslog configurationRsyslog::Options
: Hash of options to be used for Rsyslog global, legacy global or module configurationRsyslog::QueueType
: Rsyslog Queue Types
Classes
rsyslog
The configuration is particularly slanted toward the issues present in the versions of rsyslog included with Enterprise Linux systems. It should still work on other systems but they may have different/other bugs that have not been addressed.
See rsyslog::config
for additional, detailed configuration.
Parameters
The following parameters are available in the rsyslog
class:
service_name
package_name
tls_package_name
trusted_nets
enable_tls_logging
log_servers
failover_log_servers
queue_spool_directory
rule_dir
tcp_server
tcp_listen_port
tls_tcp_server
tls_tcp_listen_port
udp_server
udp_listen_address
udp_listen_port
read_journald
logrotate
pki
app_pki_external_source
app_pki_dir
service_name
Data type: String
The name of the Rsyslog service; typically rsyslog
Default value: 'rsyslog'
package_name
Data type: String
The name of the Rsyslog package to install; typically rsyslog
Default value: 'rsyslog'
tls_package_name
Data type: String
The name of the Rsyslog package to install TLS utilities; typically rsyslog-gnutls
Default value: "${package_name}-gnutls"
trusted_nets
Data type: Simplib::Netlist
A list of subnets (in CIDR notation) permitted access
- This will be used in conjunction with
simp\iptables
(if enabled) to allow connections from within the given subnets.
Default value: simplib::lookup('simp_options::trusted_nets', {'default_value' => ['127.0.0.1/32'] })
enable_tls_logging
Data type: Boolean
Enable the TLS libraries where applicable
- If enabled, clients will encrypt all log data being sent to the given log
servers. Also, all log servers specified to use TLS (see
rsyslog::server::tls_tcp_server
) will load theimtcp
module and configure it for TLS.
Default value: false
log_servers
Data type: Simplib::Netlist
A list of primary Rsyslog servers
- All nodes in this list will get a copy of all logs if remote logging is enabled.
Default value: simplib::lookup('simp_options::syslog::log_servers', { 'default_value' => [] })
failover_log_servers
Data type: Simplib::Netlist
A list of the failover Rsyslog servers
- This order-dependent list will serve as all of the possible failover
log servers for clients to send to if the servers in
log_servers
are unavailable.
Default value: simplib::lookup('simp_options::syslog::failover_log_servers', { 'default_value' => [] })
queue_spool_directory
Data type: Stdlib::Absolutepath
The path to the directory where Rsyslog should store disk message queues
Default value: '/var/spool/rsyslog'
rule_dir
Data type: Stdlib::Absolutepath
The path at which all managed rules will begin
Default value: '/etc/rsyslog.simp.d'
tcp_server
Data type: Boolean
Make this host listen for TCP
connections
- Ideally, all connections would be
TLS
enabled via$tls_tcp_server
instead. - Only enable this if necessary.
Default value: false
tcp_listen_port
Data type: Simplib::Port
The port upon which to listen for regular TCP
connections
Default value: 514
tls_tcp_server
Data type: Boolean
Make this host listen for TLS
enabled TCP
connections
Default value: false
tls_tcp_listen_port
Data type: Simplib::Port
The port upon which to listen for TLS
enabled TCP
connections
Default value: 6514
udp_server
Data type: Boolean
Make this host listen for UDP
connections
- This really should not be enabled unless you have devices that cannot
speak
TLS
Default value: false
udp_listen_address
Data type: String
The address upon which to listen for UDP
connections
- The default of
127.0.0.1
is set primariliy for supporting Java applications that cannot work with a modern method of logging.
Default value: '127.0.0.1'
udp_listen_port
Data type: Simplib::Port
The port upon which to listen for UDP
connections
Default value: 514
read_journald
Data type: Boolean
Enable the processing of journald
messages natively in Rsyslog
Default value: true
logrotate
Data type: Boolean
Ensure that logrotate
is enabled on this system
- You will need to configure specific logrotate settings via the
logrotate
module.
Default value: simplib::lookup('simp_options::logrotate', {'default_value' => false})
pki
Data type: Variant[Boolean,Enum['simp']]
- If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/rsyslog/x509
- If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/rsyslog/x509
- If false, do not include SIMP's pki module and do not use pki::copy
to manage certs. You will need to appropriately assign a subset of:
- app_pki_dir
- app_pki_key
- app_pki_cert
- app_pki_ca
- app_pki_ca_dir
Default value: simplib::lookup('simp_options::pki', {'default_value' => false})
app_pki_external_source
Data type: String
-
If pki = 'simp' or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.
-
If pki = false, this variable has no effect.
Default value: simplib::lookup('simp_options::pki::source', {'default_value' => '/etc/pki/simp/x509'})
app_pki_dir
Data type: Stdlib::Absolutepath
Basepath of $default_net_stream_driver_ca_file, default_net_stream_driver_cert_file, and $default_net_stream_driver_key_file
Default value: '/etc/pki/simp_apps/rsyslog/x509'
rsyslog::server
This class is designed to configure the externally facing interfaces for a
RSyslog system. If you do not need external connectivity, you should just use
the stock rsyslog
Class.
Parameters
The following parameters are available in the rsyslog::server
class:
enable_firewall
Data type: Boolean
Enable the SIMP firewall rules for RSyslog
Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })
enable_selinux
Data type: Optional[Boolean]
Enable the SIMP SELinux rules for RSyslog
Default value: $facts['selinux_enforced']
enable_tcpwrappers
Data type: Boolean
Enable the SIMP TCPWrapper rules for RSyslog
Default value: simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })
Defined types
rsyslog::rule
This is used by the various rsyslog::rule::*
Defined Types to apply rules
to the system.
Feel free to use this Defined Type to add your own rules but remember that order matters!
In general, the order will be:
-
05 - Data Source Rules
-
06 - Console Rules
-
07 - Drop Rules
-
10 - Remote Rules
-
20 - Other/Miscellaneous Rules
-
99 - Local Rules
-
See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
Examples
Collect All kern.err
Messages
rsyslog::rule { '99_collect_kernel_errors.conf':
rule => "if prifilt('kern.err') then /var/log/kernel_errors.log"
}
Discard All info
Messages
rsyslog::rule::other { '98_discard_info.conf':
rule => "if prifilt('*.info') then stop"
}
Parameters
The following parameters are available in the rsyslog::rule
defined type:
name
Data type: Pattern['^[^/]\S+/\S+\.conf$']
The filename that you will be dropping into place
- WARNING: This must NOT be an absolute path!
content
Data type: String
The exact content of the rule to place in the target file
rsyslog::rule::console
These rules first in priority. In general, the order will be:
-
Data Source Rules
-
Console Rules
-
Drop Rules
-
Remote Rules
-
Other/Miscellaneous Rules
-
Local Rules
-
See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
Examples
Log Emergency Messages to the Console
rsyslog::rule::console { 'emergency_rule':
rule => 'prifilt(\'*.emerg\'),
users => ['*']
}
Parameters
The following parameters are available in the rsyslog::rule::console
defined type:
name
Data type: String
The filename that you will be dropping into place
rule
Data type: String
The Rsyslog EXPRESSION
to filter on
users
Data type: Array[String]
Users to which to send the console messages
rsyslog::rule::data_source
In general, the order will be:
-
Data Source Rules
-
Console Rules
-
Drop Rules
-
Remote Rules
-
Other/Miscellaneous Rules
-
Local Rules
-
See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
The filename that you will be dropping into place.
Examples
Collect Logs From /opt/log/my_app
rsyslog::rule::data_source { 'new_input':
rule => @(EOM)
input(type="imfile"
File="/opt/log/my_app"
StateFile="my_app"
Tag="my_app"
Facility="local6"
Severity="notice"
)
|EOM
}
Parameters
The following parameters are available in the rsyslog::rule::data_source
defined type:
name
Data type: String
The filename that you will be dropping into place
rule
Data type: String
The Rsyslog EXPRESSION
to filter on
rsyslog::rule::drop
In general, the order will be:
-
Data Source Rules
-
Console Rules
-
Drop Rules
-
Remote Rules
-
Other/Miscellanious Rules
-
Local Rules
-
See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
The filename that you will be dropping into place.
Examples
Drop Logs Matching ^.*bad_stuff.*$
rsyslog::rule::drop { 'drop_bad_stuff':
rule => 're_match($msg, '^.*bad_stuff.*$')'
}
Parameters
The following parameters are available in the rsyslog::rule::drop
defined type:
name
Data type: String
The filename that you will be dropping into place
rule
Data type: String
The Rsyslog EXPRESSION
to filter on
rsyslog::rule::local
NOTE: Any option that is not explicitly documented here matches the
ruleset
options in the Rsyslog documentation.
In general, the order will be:
- Data Source Rules
- Console Rules
- Drop Rules
- Remote Rules
- Other/Miscellaneous Rules
- Local Rules
NOTE: Since many of the parameters here may need to be modified on a
case-by-base basis, this defined type uses capabilities presented by the
simplib::dlookup
function to allow for either global overrides or
instance-specific overrides.
Global overrides work the same way as classes
(rsyslog::rule::local::file_create_mode: '0644'
) but will affect all
instances of the defined type that are not specifically overridden as shown
below.
Instance specific overrides preclude the need for a resource collector in
that you can place the follwing in Hiera to affect a single instance named
my_rule
: Rsyslog::Rule::Local[my_rule]::file_create_mode: '0600'
- See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
Examples
Capture OpenLDAP Logs Then Stop Processing
rsyslog::rule::local { 'collect_openldap':
rule => "prifilt('local4.*')",
target_log_file => '/var/log/slapd.log',
stop_processing => true
}
Parameters
The following parameters are available in the rsyslog::rule::local
defined type:
name
rule
target_log_file
stop_processing
dyna_file
template
dyna_file_cache_size
zip_level
very_robust_zip
flush_interval
async_writing
flush_on_tx_end
io_buffer_size
dir_owner
dir_owner_num
dir_group
dir_group_num
file_owner
file_owner_num
file_group
file_group_num
file_create_mode
dir_create_mode
fail_on_chown_failure
create_dirs
sync
sig_provider
cry_provider
queue_validation_log_level
queue_filename
queue_spool_directory
queue_size
queue_dequeue_batch_size
queue_max_disk_space
queue_high_watermark
queue_low_watermark
queue_full_delay_mark
queue_light_delay_mark
queue_discard_mark
queue_discard_severity
queue_checkpoint_interval
queue_sync_queue_files
queue_type
queue_worker_threads
queue_timeout_shutdown
queue_timeout_action_completion
queue_timeout_enqueue
queue_timeout_worker_thread_shutdown
queue_worker_thread_minimum_messages
queue_max_file_size
queue_save_on_shutdown
queue_dequeue_slowdown
queue_dequeue_time_begin
queue_dequeue_time_end
content
name
Data type: String
The filename that you will be dropping into place
rule
Data type: Optional[String[1]]
The Rsyslog EXPRESSION
to filter on
-
NOTE: Do NOT include the leading
if/then
- Correct: ``rule => "prifilt('.')"
- Incorrect:
rule => "if prifilt('*.*') then"
-
This must be set if
$content
is undefined
Default value: undef
target_log_file
Data type: Optional[Stdlib::Absolutepath]
The target log file that omfile will be writing to
- This must be set if
$dyna_file
is undefined
Default value: undef
stop_processing
Data type: Boolean
Do not forward logs to any further ruleset
s after processing this ruleset
Default value: false
dyna_file
Data type: Optional[String[1]]
Set a dynamic
filename using the property replacer rules
-
NOTE: If you make this the filename path itself, a template will automatically be created for you. Otherwise, you must make sure to have a rsyslog template in place and pass the name of the template to this option
-
Rsyslog templates can be created using the
rsyslog::template::*
defined types
Default value: undef
template
Data type: Optional[String[1]]
Default value: undef
dyna_file_cache_size
Data type: Integer[0]
Default value: 10
zip_level
Data type: Integer[0,9]
Default value: 0
very_robust_zip
Data type: Boolean
Default value: true
flush_interval
Data type: Integer[0]
Default value: 0
async_writing
Data type: Boolean
Default value: false
flush_on_tx_end
Data type: Boolean
Default value: true
io_buffer_size
Data type: Optional[Integer[0]]
Default value: undef
dir_owner
Data type: Optional[String[1]]
Default value: undef
dir_owner_num
Data type: Optional[Integer[0]]
Default value: undef
dir_group
Data type: Optional[String[1]]
Default value: undef
dir_group_num
Data type: Optional[Integer[0]]
Default value: undef
file_owner
Data type: Optional[String[1]]
Default value: undef
file_owner_num
Data type: Optional[Integer[0]]
Default value: undef
file_group
Data type: Optional[String[1]]
Default value: undef
file_group_num
Data type: Optional[Integer[0]]
Default value: undef
file_create_mode
Data type: Stdlib::Filemode
Default value: simplib::dlookup('rsyslog::rule::local', 'file_create_mode', $name, { 'default_value' => '0640' })
dir_create_mode
Data type: Stdlib::Filemode
Default value: simplib::dlookup('rsyslog::rule::local', 'dir_create_mode', $name, { 'default_value' => '0750' })
fail_on_chown_failure
Data type: Boolean
Default value: true
create_dirs
Data type: Boolean
Default value: true
sync
Data type: Boolean
Default value: false
sig_provider
Data type: Optional[String[1]]
Default value: undef
cry_provider
Data type: Optional[String[1]]
Default value: undef
queue_validation_log_level
Data type: Simplib::PuppetLogLevel
Default value: simplib::dlookup('rsyslog::rule::local', 'queue_validation_log_level', $name, { 'default_value' => 'warning' })
queue_filename
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
queue_spool_directory
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
queue_size
Data type: Optional[Integer[0]]
Default value: undef
queue_dequeue_batch_size
Data type: Optional[Integer[0]]
Default value: undef
queue_max_disk_space
Data type: Optional[Integer[0]]
Default value: undef
queue_high_watermark
Data type: Optional[Integer[0]]
Default value: undef
queue_low_watermark
Data type: Optional[Integer[0]]
Default value: undef
queue_full_delay_mark
Data type: Optional[Integer[0]]
Default value: undef
queue_light_delay_mark
Data type: Optional[Integer[0]]
Default value: undef
queue_discard_mark
Data type: Optional[Integer[0]]
Default value: undef
queue_discard_severity
Data type: Optional[Integer[0]]
Default value: undef
queue_checkpoint_interval
Data type: Optional[Integer[0]]
Default value: undef
queue_sync_queue_files
Data type: Boolean
Default value: false
queue_type
Data type: Rsyslog::QueueType
Default value: 'Direct'
queue_worker_threads
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_shutdown
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_action_completion
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_enqueue
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_worker_thread_shutdown
Data type: Optional[Integer[0]]
Default value: undef
queue_worker_thread_minimum_messages
Data type: Optional[Integer[0]]
Default value: undef
queue_max_file_size
Data type: Optional[String[1]]
Default value: simplib::dlookup('rsyslog::rule::local', 'queue_max_file_size', $name, { 'default_value' => undef })
queue_save_on_shutdown
Data type: Boolean
Default value: false
queue_dequeue_slowdown
Data type: Optional[Integer[0]]
Default value: undef
queue_dequeue_time_begin
Data type: Optional[Integer[0]]
Default value: undef
queue_dequeue_time_end
Data type: Optional[Integer[0]]
Default value: undef
content
Data type: Optional[String[1]]
the *entire content of the rsyslog::rule
-
If you do not specify this,
$rule
is a required variable -
If you do specify this,
$rule
will be ignored
Default value: undef
rsyslog::rule::other
The main reason to use this is to ensure proper ordering in the stack. If you
want to insert a rule anywhere, use the $rsyslog::rule
Defined Type
In general, the order will be:
- Data Source Rules
- Console Rules
- Drop Rules
- Remote Rules
- Other/Miscellaneous Rules
- Local Rules
fine: rsyslog::rule::other
- See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
The filename that you will be dropping into place.
Examples
Send All local0
Messages to 1.2.3.4
via TCP
rsyslog::rule::other { 'send_local0_away':
rule => "if prifilt('local0.*') then @@1.2.3.4"
}
Parameters
The following parameters are available in the rsyslog::rule::other
defined type:
name
Data type: String
The filename that you will be dropping into place
rule
Data type: String
The Rsyslog EXPRESSION
to filter on
rsyslog::rule::remote
The rule will include a forwarding ('omfwd') action for each
primary and failover syslog server specified via $dest
and
$failover_log_servers
, respectively.
In general, the order will be:
- Data Source Rules
- Console Rules
- Drop Rules
- Remote Rules
- Other/Miscellaneous Rules
- Local Rules
In general, individual send stream driver settings are properly supported with the Rsyslog 8 EL versions available for CentOS 7 and the Rsyslog 7 EL versions available for CentOS 6. However, for TLS support, you must also configure global Rsyslog parameters as follows:
-
TLS sending and/or receiving requires the global DefaultNetStreamDriver, DefaultNetStreamDriverCAFile, DefaultNetStreamDriverCertFile, and DefaultNetStreamDriverKeyFile parameters to be configure via
rsyslog::config
. -
TLS sending for Rsyslog 7 EL versions requires the global ActionSendStreamDriverMode configuration parameter to be configured via
rsyslog::config
IN ADDITION TO the$stream_driver_mode
.
WARNING
If possible, this module will take pains to prevent adding a target that is equivalent to the current system to prevent syslog loops.
Unfortunately, there is no foolproof method for getting this correct 100% of the time so please take care when setting your destination targets.
WARNING
-
This must be set if
$content
is left empty -
See also
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
- Red Hat Basic Rsyslog Configuration
- https://www.rsyslog.com/doc/v8-stable/rainerscript/expressions.html
- Expressions in Rsyslog
- https://www.rsyslog.com/doc/v8-stable/rainerscript/index.html
- RainerScript Documentation
- https://simp.readthedocs.io/en/stable/user_guide/HOWTO/Central_Log_Collection.html
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/ch-viewing_and_managing_log_files#s1-basic_configuration_of_rsyslog.html
Examples
Send All local0
Messages to 1.2.3.4
via TCP
rsyslog::rule::remote { 'send_local0_away':
rule => "prifilt('local0.*')",
dest => ['1.2.3.4']
}
Parameters
The following parameters are available in the rsyslog::rule::remote
defined type:
name
rule
stop_processing
template
dest
dest_type
failover_log_servers
tcp_framing
zip_level
max_error_messages
compression_mode
compression_stream_flush_on_tx_end
rebind_interval
keep_alive
keep_alive_probes
keep_alive_interval
keep_alive_time
action_resume_interval
action_resume_retry_count
stream_driver
stream_driver_mode
stream_driver_auth_mode
stream_driver_permitted_peers
resend_last_msg_on_reconnect
udp_send_to_all
queue_validation_log_level
queue_filename
queue_spool_directory
queue_size
queue_dequeue_batch_size
queue_max_disk_space
queue_high_watermark
queue_low_watermark
queue_full_delay_mark
queue_light_delay_mark
queue_discard_mark
queue_discard_severity
queue_checkpoint_interval
queue_sync_queue_files
queue_type
queue_worker_threads
queue_timeout_shutdown
queue_timeout_action_completion
queue_timeout_enqueue
queue_timeout_worker_thread_shutdown
queue_worker_thread_minimum_messages
queue_max_file_size
queue_save_on_shutdown
queue_dequeue_slowdown
queue_dequeue_time_begin
queue_dequeue_time_end
content
name
Data type: String
The filename that you will be dropping into place
rule
Data type: Optional[String[1]]
The Rsyslog EXPRESSION
to filter on
-
This should only be the matching part of the expression, the remaining parameters take care of ensuring that the material is properly routed.
-
NOTE: Do NOT include the leading
if/then
- Correct: ``rule => "prifilt('.')"
- Incorrect:
rule => "if prifilt('*.*') then"
Default value: undef
stop_processing
Data type: Boolean
Do not forward logs to any further ruleset
s after processing this ruleset
Default value: false
template
Data type: Optional[String[1]]
The template that should be used to format the content
Default value: undef
dest
Data type: Simplib::Netlist
If filled, logs matching $rule
will be sent to all hosts in this Array.
- WARNING: If using this, do NOT add a destination to your
rule
Default value: []
dest_type
Data type: Enum['tcp','udp','relp']
The destination type for all entries in $dest
- At this time, if you wish to have different types per destination, you
will need to either create a
rsyslog::rule::remote
for each destnation or craft your own ruleset and leave$dest
empty.
Default value: 'tcp'
failover_log_servers
Data type: Simplib::Netlist
The listed systems will be used as failover servers for all logs matching
this rule
- Uses
$dest_type
above
Default value: []
tcp_framing
Data type: Enum['traditional','octet-counted']
Default value: 'traditional'
zip_level
Data type: Integer[0,9]
Default value: 0
max_error_messages
Data type: Integer[0]
Default value: 5
compression_mode
Data type: Enum['none','single','stream:always']
Default value: 'none'
compression_stream_flush_on_tx_end
Data type: Boolean
Default value: true
rebind_interval
Data type: Optional[Integer[0]]
Default value: undef
keep_alive
Data type: Optional[Boolean]
Default value: undef
keep_alive_probes
Data type: Optional[Integer[0]]
Default value: undef
keep_alive_interval
Data type: Optional[Integer[0]]
Default value: undef
keep_alive_time
Data type: Optional[Integer[0]]
Default value: undef
action_resume_interval
Data type: Integer[0]
Default value: 30
action_resume_retry_count
Data type: Integer[-1]
Default value: -
stream_driver
Data type: Optional[String[1]]
-
This is only used to set the StreamDriver directive in the forwarding actions for remote servers if TLS is enabled and
$dest_type
is not UDP. -
Overridden by 'DefaultNetstreamDriver' global stream configuration specified by
rsyslog::config::default_net_stream_driver
.
Default value: undef
stream_driver_mode
Data type: Integer[0]
- This is only used to set the StreamDriverMode directive in the
forwarding actions for remote servers if TLS is enabled and
$dest_type
is not UDP.
Default value: 1
stream_driver_auth_mode
Data type: String
This is only used to set the StreamDriverAuthMode directive in the
forwarding actions for remote servers if TLS is enabled and
$dest_type
is not UDP.
Default value: 'x509/name'
stream_driver_permitted_peers
Data type: Optional[String[1]]
-
This is only used to set the StreamDriverPermittedPeers directive in the forwarding actions for remote servers if TLS is enabled and
$dest_type
is not UDP. -
If this is set, the value will be used for all forwarding actions for the remote servers in
$dest
and$failover_log_servers
. -
If this is undefined,
-
If ALL of the remote servers in
$dest
and$failover_log_servers
are specified as a hostname variants, the StreamDriverPermittedPeers directive for the forwarding action for each server will be set to that server's hostname. -
If ANY and of the remote servers in
$dest
and$failover_log_servers
is specified as an IP address variant, the StreamDriverPermittedPeers directive for the forwarding action for each server will be set to the domain of the Puppet client. This behavior provides backward compatibility with earlier versions of this module.
-
-
rsyslog expects StreamDriverPermittedPeers to be a comma-separated list of fingerprints (SHA1) and/or names of remote peers, which it will use to match against the certificate presented from the remote server.
Default value: undef
resend_last_msg_on_reconnect
Data type: Boolean
Default value: true
udp_send_to_all
Data type: Boolean
Default value: false
queue_validation_log_level
Data type: Simplib::PuppetLogLevel
Default value: simplib::dlookup('rsyslog::rule::remote', 'queue_validation_log_level', $name, { 'default_value' => 'warning' })
queue_filename
Data type: Optional[String[1]]
Default value: undef
queue_spool_directory
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
queue_size
Data type: Optional[Integer[0]]
Default value: undef
queue_dequeue_batch_size
Data type: Optional[Integer[0]]
Default value: undef
queue_max_disk_space
Data type: Optional[Integer[0]]
Default value: undef
queue_high_watermark
Data type: Optional[Integer[0]]
Default value: undef
queue_low_watermark
Data type: Optional[Integer[0]]
Default value: undef
queue_full_delay_mark
Data type: Optional[Integer[0]]
Default value: undef
queue_light_delay_mark
Data type: Optional[Integer[0]]
Default value: undef
queue_discard_mark
Data type: Optional[Integer[0]]
Default value: undef
queue_discard_severity
Data type: Optional[Integer[0]]
Default value: undef
queue_checkpoint_interval
Data type: Optional[Integer[0]]
Default value: undef
queue_sync_queue_files
Data type: Boolean
Default value: false
queue_type
Data type: Rsyslog::QueueType
Default value: 'LinkedList'
queue_worker_threads
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_shutdown
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_action_completion
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_enqueue
Data type: Optional[Integer[0]]
Default value: undef
queue_timeout_worker_thread_shutdown
Data type: Optional[Integer[0]]
Default value: undef
queue_worker_thread_minimum_messages
Data type: Optional[Integer[0]]
Default value: undef
queue_max_file_size
Data type: Optional[String[1]]
Default value: undef
queue_save_on_shutdown
Data type: Boolean
Default value: true
queue_dequeue_slowdown
Data type: Optional[Integer[0]]
Default value: undef
queue_dequeue_time_begin
Data type: Optional[Integer[0]]
Default value: undef
queue_dequeue_time_end
Data type: Optional[Integer[0]]
Default value: undef
content
Data type: Optional[String[1]]
the *entire content of the rsyslog::rule
-
If you do not specify this,
$rule
is a required variable -
If you do specify this,
$rule
will be ignored
Default value: undef
rsyslog::template::list
RSyslog list templates can contain properties and constants. In order to capture this functionality, we have opted for making a hash of these. The Hash will be ordered as given to the content variable.
Examples
Content Settings
$content_hash = {
'constant' => 'values="Syslog MSG is: \'"',
'property' => 'name="msg"'
}
rsyslog::template::list { 'example_list':
$content => $content_hash
}
### Produces:
template(name="example_list" type="list") {
constant(value="Syslog MSG is: '")
property(name="msg")
}
Parameters
The following parameters are available in the rsyslog::template::list
defined type:
name
Data type: String
The literal name (not path) of the file
that will be written
content
Data type: Hash[String,String,1]
The rsyslog list content that you wish to add to the system, as a Hash
rsyslog::template::plugin
NOTE: Plugins are as-is. This means that you will only supply the plugin name and assume that the plugin has already been loaded by RSyslog.
Examples
Adding the my_plugin
Plugin to the System
rsyslog::template::string { 'example_plugin':
$plugin => 'my_plugin'
}
### Produces:
template(name="example_plugin" type="plugin" plugin="my_plugin")
Parameters
The following parameters are available in the rsyslog::template::plugin
defined type:
name
Data type: String
The literal name of the file
(not the full path) that will be used
plugin
Data type: String
The rsyslog plugin content that you wish to add to the system
- This is provided, without formatting, directly into the target file
rsyslog::template::string
You'll need to write the entire template line due to the complexity of the rsyslog configuration parameters.
Leading spaces will be removed.
Examples
Template String
rsyslog::template::string { 'example':
$content => '/var/log/hosts/%HOSTNAME%/example.log'
}
### Produces:
template(name="example" type="string" string="/var/log/hosts/%HOSTNAME%/example.log")
Parameters
The following parameters are available in the rsyslog::template::string
defined type:
name
Data type: String
The literal name of the file
(not file path) that will be used
string
Data type: String
The rsyslog template string that you wish to add to the system
- This is fed, without formatting, directly into the target file
rsyslog::template::subtree
You'll need to write the entire subtree line due to the complexity of the rsyslog configuration parameters.
Examples
Subtree (From the Official RSyslog Docs)
rsyslog::template::subtree { 'example_subtree':
$variables => ['$!usr!tp12!msg = $msg;', '$!usr!tp12!dataflow = field($msg, 58, 2);'],
$subtree => '$!usr!tp12'
}
### Produces:
set $!usr!tp12!msg = $msg;
set $!usr!tp12!dataflow = field($msg, 58, 2);
template(name="example" type="subtree" subtree="$!usr!tp12")
Parameters
The following parameters are available in the rsyslog::template::subtree
defined type:
name
Data type: String
The literal name of the file
(not a path) that will be used
subtree
Data type: String
The rsyslog subtree content that you wish to add to the system
- This is fed, without formatting, directly into the subtree parameter
variables
Data type: Array[String]
Variables to be set prior to the template being created
Default value: []
Data types
Rsyslog::Boolean
Representation of boolean values that are translated to 'on' and 'off' in Rsyslog configuration
Alias of
Variant[Enum['on','off'], Boolean]
Rsyslog::Options
Hash of options to be used for Rsyslog global, legacy global or module configuration
Alias of
Hash[String, Variant[Numeric,String]]
Rsyslog::QueueType
Rsyslog Queue Types
Alias of
Enum['FixedArray', 'LinkedList', 'Direct', 'Disk']
- Wed Jun 16 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 8.1.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Fri Jan 29 2021 Liz Nemsick lnemsick.simp@gmail.com - 8.0.0
- Removed support for Rsyslog < 8.24.0.
- Rsyslog >= 8.24.0 is used for EL7.4 and later.
- simp/rsyslog 7.6.4 should be used to manage earlier Rsyslog versions.
- Removed support for CentOS 6.
- Added ability to set the default template used for forwarding
rsyslog::config::default_forward_template
- Added parameters to allow additional configuration of the rsyslog modules
and main queue already managed by this Puppet module:
rsyslog::config::extra_global_params
rsyslog::config::extra_legacy_globals
rsyslog::config::extra_imjournal_mod_params
rsyslog::config::extra_imklog_mod_params
rsyslog::config::extra_imptcp_mod_params
rsyslog::config::extra_imtcp_mod_params
rsyslog::config::extra_imudp_mod_params
rsyslog::config::extra_imuxsock_mod_params
rsyslog::config::extra_main_queue_params
- Added 'Direct' and 'Disk' to allowed main message queue types.
- Removed a deprecated/unused parameters
rsyslog::config::action_send_stream_driver_permitted_peers
rsyslog::config::interval
rsyslog::config::main_msg_queue_worker_timeout_thread_shutdown
- Removed parameters only relevant to Rsyslog < 8.6.0
rsyslog::config::host_list
rsyslog::config::domain_list
- Deprecated parameters that corresponded to obsolete legacy globals
and provided more appropriately-named replacements.
- Use of old parameters will result in a compilation warning messages.
- The replacement parameter is listed in each warning message.
- Affected parameters:
rsyslog::config::action_send_stream_driver_mode
=>rsyslog::config::imtcp_stream_driver_mode
rsyslog::config::action_send_stream_driver_auth_mode
=>rsyslog::config::imtcp_stream_driver_auth_mode
rsyslog::config::disable_remote_dns
=>rsyslog::config::net_enable_dns
rsyslog::config::suppress_noauth_warn
=>rsyslog::config::net_permit_acl_warning
- Deprecated
rsyslog::config::default_template
and provided a more appropriately named replacement,rsyslog::config::default_file_template
- Use of old parameter will result in a compilation warning message.
- Fixed a bug in which the rsyslog service would start without any errors but
fail to log when
rsyslog::config::default_template
was set to 'traditional'. That value did not map to a valid Rsyslog built-in template. - Fixed a bug where the
net.permitACLWarning
global was set incorrectly. - Removed non-functioning, unused Rsyslog::Template['defaultTemplate'] resource.
- Internally, updated some of the legacy Rsyslog configuration to Rainer script
format.
- Load the imjournal module and set its state file using
load()
. - Set the
omfile
's default template in itsload()
statement. - Use the
global()
configuration object for the following:- localHostname
- defaultNetstreamDriverCertFile
- defaultNetstreamDriver
- defaultNetstreamDriverCAFile
- defaultNetstreamDriverKeyFile
- Load the imjournal module and set its state file using
- Wed Oct 28 2020 Trevor Vaughan tvaughan@onyxpoint.com - 7.6.4-0
- Fixed the default security collection string for firewalld rules
- Removed the
filter_
rules that were present for an old (and broken) version of the simp_firewalld module. - Fixed the README and replaced 'iptables' references with 'firewall' where appropriate
- Tue Jun 30 2020 Trevor Vaughan tvaughan@onyxpoint.com - 7.6.3-0
- Update REFERENCE.md
- Mon Jun 22 2020 Kendall Moore kendall.moore@onyxpoint.com - 7.6.2-0
- Add support for KeepAlive variables for imtcp and omfwd actions
- Tue May 26 2020 Kendall Moore kendall.moore@onyxpoint.com - 7.6.1-0
- Change local rule defined type to use the same package defaults for action queues that are in the remote rule defined type
- Wed Apr 15 2020 Kendall Moore kendall.moore@onyxpoint.com - 7.6.0-0
- Change remote rule defined type to use package defaults for action queues
- Mon Feb 03 2020 Trevor Vaughan tvaughan@onyxpoint.com - 7.6.0-0
- Add a default rule to log packets dropped by firewalld to /var/log/firewall.log
- Add /var/log/firewall.log to SIMP's 'syslog' logrotate rule
- Move iptables, logrotate, pki, and tcpwrappers to optional dependencies
- Cleaned up puppet strings support
- Removed params pattern and migrated to data in modules
- Fri Jan 10 2020 Liz Nemsick lnemsick.simp@gmail.com - 7.6.0-0
- Added EL8 support
- Wed Oct 16 2019 Adam Yohrling adam.yohrling@onyxpoint.com - 7.5.1-0
- Added logrotate::rule options to rsyslog::conf::logrotate class
- Wed Oct 16 2019 Kendall Moore kendall.moore@onyxpoint.com - 7.5.1-0
- Fixed a bug where including rsyslog.d parsed more than just .conf files
- Thu Jun 06 2019 Steven Pritchard steven.pritchard@onypoint.com - 7.5.0-0
- Add v2 compliance_markup data
- Mon Apr 15 2019 Trevor Vaughan tvaughan@onyxpoint.com - 7.4.0-0
- Set rsyslog::rule::local::file_create_mode to 0640 by default
- Allow the following to be set directly via Hiera using simplib::dlookup:
- rsyslog::rule::local::file_create_mode
- rsyslog::rule::local::dir_create_mode
- rsyslog::rule::local::queue_max_file_size
- Tue Mar 26 2019 Joseph Sharkey shark.bruhaha@gmail.com - 7.4.0-0
- Updated dependencies to use camptocamp/systemd
- Mon Mar 04 2019 Liz Nemsick lnemsick.simp@gmail.com - 7.3.1-0
- Expanded the upper limit of the stdlib Puppet module version
- Updated a URL in the README.md
- Thu Oct 11 2018 Nick Miller nick.miller@onyxpoint.com - 7.3.0-0
- Changed rsyslog::install::ensure from 'latest' to 'installed'
- It will also respect
simp_options::package_ensure
- It will also respect
- Mon Oct 08 2018 Jeanne Greulich jeanne.greulich@onyxpoint.com - 7.3.0-0
- Added logic to properly handle rsyslogd parameters for V8.6 and later as documented in CentOS 7.5 Release notes. These include moving -x and -w options to global.conf and issuing deprecation warning for -l and -s options.
- Fri Oct 05 2018 Trevor Vaughan tvaughan@onyxpoint.com - 7.3.0-0
- Fixed a bug in the systemd override file for rsyslog
- Added fact for version of rsyslogd
- Updated templates to use RainerScript rsyslogd v8 and later
- Fixed the MainMsgQueueDiscardMark and MainMsgQueueWorkerThreads parameters
- Wed Oct 03 2018 Liz Nemsick lnemsick.simp@gmail.com - 7.3.0-0
- Update range of simp/systemd to allow version with Hiera 5
- Tue Sep 11 2018 Nicholas Markowski nicholas.markowski@onyxpoint.com - 7.3.0-0
- Updated $app_pki_external_source to accept any string. This matches the functionality of pki::copy.
- Thu Aug 30 2018 Jeanne Greulich jeanne.greulich@onyxpoint.com 7.3.0-0
- Updated rsyslog::rule::remote to select a more intelligent default
for StreamDriverPermittedPeers, when TLS is enabled. This improvement
fixes the bug in which forwarding of logs to servers in different domains
was not possible with the stream_driver_permitted_peers default. Now,
rsyslog::rule::remote::stream_driver_permitted_peers defaults to 'undef',
instead of the domain of the Puppet client, and has the following default
behavior:
- When all of the remote servers are specified with hostname variants, the StreamDriverPermittedPeers directive for the forwarding action for each server will be set to that server's hostname.
- If any of the remote servers is specified as an IP address variant, the StreamDriverPermittedPeers directive for the forwarding action for each server will be set to the domain of the Puppet client.
- Fri Aug 24 2018 Trevor Vaughan tvaughan@onyxpoint.com - 7.3.0-0
- Updated the tests to no longer reference sudosh as our custom test since we are moving away from using it and it could cause confusion.
- Fri Aug 17 2018 Liz Nemsick lnemsick.simp@gmail.com - 7.2.0-0
- Fixed a bug in which removal of a rsyslog::rule from the catalog did not cause the rsyslog service to restart, when other rules corresponding to files in the same rsyslog configuration subdirectory were present.
- Fri Aug 10 2018 Liz Nemsick lnemsick.simp@gmail.com - 7.2.0-0
- Reinstated ActionSendStreamDriverMode directive into the global configuration when sending TLS-encrypted messages for Rsyslog 7 version, only. The sending of TLS-encrypted messages for CentOS 6 will not work otherwise.
- Mon Jul 30 2018 ralph-wright ralph.wright@onyxpoint.com - 7.2.0-0
- Remove all ActionSendStreamDriver* directives from the global configuration, to allow individual actions to control their specific stream settings. This change was required to allow a host which is itself a syslog server to receive TLS-encrypted data, but forward these messages to a different remote syslog server as unencrypted data.
- Fri Jul 13 2018 Trevor Vaughan tvaughan@onyxpoint.com - 7.2.0-0
- Add support for Puppet5 and OEL
- Update acceptance tests to use environment variables
- Thu Jun 28 2018 Nick Miller nick.miller@onyxpoint.com - 7.1.3-0
- Update docs
- Update ci assets
- Tue May 22 2018 Liz Nemsick lnemsick.simp@gmail.com - 7.1.2-0
- Add a systemd rsyslog.service override file that fixes a service ordering problem present with older versions of rsyslog. The override ensures the network.target and network-online.target units are added to the 'Wants' and 'After' lists for the rsyslog.service.
- Fri Mar 16 2018 Philippe Muller philippe.muller@gmail.com - 7.1.1-0
- Fixed several cases where literal '\n' was contained in file output
- Mon Jul 31 2017 Liz Nemsick lnemsick.simp@gmail.com - 7.1.0-0
- Add ability to specify full rule content for rsyslog::rule::local and rsyslog::rule::remote defined types.
- Fixed bug in which ioBufferSize parameter was listed twice in the rsyslog rule generated by rsyslog::rule::local.
- Fri May 26 2017 Liz Nemsick lnemsick.simp@gmail.com - 7.0.3-0
- Fixed bug in which default iptables rsyslog rule did not work with rsyslog version 7.4.7. Some versions of rsyslog include the ' ' separator in the message payload, which impacts the startswith rule.
- Fixed bug whereby puppetserver log messages were not being collected in puppetserver-specific logs.
- Update puppet requirement in metadata.json
- Wed Apr 19 2017 Nick Markowski nmarkowski@keywcorp.com - 7.0.3-0
- rsyslog::server::enable_selinux now optional, for robustness
- Updated logrotate to use new lastaction API
- Tue Mar 28 2017 Nick Miller nick.miller@onyxpoint.com - 7.0.2-0
- rsyslog::server now uses the state of selinux on the system instead of simp_options
- Thu Mar 23 2017 Jeanne Greulich jeanne.greulich@onyxpoint.com - 7.0.2-0
- Updated path for systemctl
- Thu Feb 09 2017 Jeanne Greulich jeanne.greulich@onyxpoint.com - 7.0.1-0
- Updated path for service to /sbin/service
- Tue Feb 07 2017 Jeanne Greulich jeanne.greulich@onyxpoint.com - 7.0.0-0
- Updated expression in logrotate for lastaction to evaluate correctly
- Wed Jan 11 2017 Nick Markowski nmarkowski@keywcorp.com - 7.0.0-0
- Updated pki to use new scheme
- Application certs now managed in /etc/pki/simp_apps/rsyslog/x509
- Added trailing newline to drop rules
- Sun Dec 11 2016 Trevor Vaughan tvaughan@onyxpoint.com - 7.0.0-0
- Update to Puppet 4 compatibility
- Added strong typing
- Wed Nov 23 2016 Jeanne Greulich jgreulich.simp@onyxpoint.com - 6.0.0-0
- update requirement versions
- Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 6.0.0-0
- Minor cleanup
- Wed Nov 16 2016 Liz Nemsick lnemsick.simp@gmail.com - 6.0.0-0
- Updated iptables dependency version
- Thu Nov 03 2016 Nick Miller nick.miller@onyxpoint.com - 6.0.0-0
- Added a feature to read journald, enabled by defauly on systems with systemd.
- Updated to use compliance mapper v2.0.0
- Mon Sep 26 2016 Liz Nemsick lnemsick.simp@gmail.com - 5.1.1-0
- Fix a bug in which rules no longer managed by the module were not removed from the system.
- Mon Mar 21 2016 Trevor Vaughan tvaughan@onyxpoint.com - 5.1.0-0
- Migrated to Semantic Versioning 2.0
- Fixed a bug where the ability to use custom templates was omitted from the remote logging rules.
- Ensure that all components of the module are pulled onto the system via the RPM.
- Added support for the global $LocalHostName variable and set it to $::fqdn by default.
- Updated RPM requirements
- Sat Mar 19 2016 Trevor Vaughan tvaughan@onyxpoint.comm - 5.0.1-0
- Migrated use_simp_pki to a global catalyst.
- Thu Feb 25 2016 Ralph Wright ralph.wright@onyxpoint.com - 5.0.0-2
- Added compliance function support
- Mon Nov 09 2015 Chris Tessmer chris.tessmer@onypoint.com - 5.0.0-1
- migration to simplib and simpcat (lib/ only)
- Tue Jul 21 2015 Kendall Moore kmoore@keywcorp.com - 5.0.0-0
- Support RSyslog versions >= 7
- Remove legacy style RainerScript where possible
- Use new style SIMP puppet module layout
- Thu Feb 19 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-13
- Migrated to the new 'simp' environment.
- Fri Jan 16 2015 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-12
- Changed puppet-server requirement to puppet
- Sat Dec 06 2014 Chris Tessmer <chris.tessmer@onyxpoint.com - 4.1.0-11
- backported host_is_me protection from 4.0.X fixes
- Wed Nov 19 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-10
- This is a relatively large update to the rsyslog module that (hopefully) fixes the last vestiges of the issues seen with multi-server failover and native TLS encryption.
- The main change is that we no longer support using stunnel but, instead, rely on native Rsyslog encryption for all actions.
- Message throttling is now off by default. This is a site-specific need and we just can't guess correctly.
- Mon Nov 03 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-9
- The lastaction restart of rsyslog in logrotate was changed to use the 'service' command for RHEL7 compatibility.
- Tue Oct 07 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-8
- Ensure that MainMsgQueueSize is always > 0
- Ensure that the number of threads is always > 0
- Mon Sep 29 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-7
- Changed MainMsgQueueOnlyWhenPreviousIsSuspended and MainMsgQueueFileDefaultTemplate to be applied to the ActionQueue.
- Tue Sep 02 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-6
- Updated all instances of ActionQueue to MainMsgQueue in the global configuration. This makes the global disk queueing work as expected.
- Tue Jun 24 2014 Nick Markowski nmarkowski@keywcorp.com - 4.1.0-5
- Changed all checksums to sha256 instead of md5 in an effort to enable FIPS.
- Fri May 16 2014 Kendall Moore kmoore@keywcorp.com - 4.1.0-4
- Removed all stock classes and corresponding spec tests so they can be ported to the simp module.
- Tue May 13 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-4
- Updated to support most queueing options as applied to the default action queue.
- Sun May 04 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-3
- Ensure that all managed rsyslog configurations are written to /etc/rsyslog.d/puppet_managed and that unmanaged rules are selectively purged.
- Added an rsyslog::stock class which properly multiplexes between the local and server stock classes.
- Updated spec tests
- Wed Apr 09 2014 Kendall Moore kmoore@keywcorp.com - 4.1.0-2
- Refactored manifests for puppet 3 and hiera compatibility.
- Added spec tests.
- Tue Apr 01 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-1
- Changed all calls to stunnel::stunnel_add to stunnel:add.
- Removed the default size in rsyslog::stock::log_server since it conflicts with the default weekly rotation.
- Updated the default log format to be the Rsyslog default.
- Discovered a bug when enabling SELinux on both the client and server and moved the port for the log client to handle the SELinux rules.
- Added an stunnel rule for rsyslog that listens on the registered syslog-tls port.
- Flipped the singleton defines over to classes.
- Ensure that Stunnel traffic listens on all interfaces by default.
- Disabled the listeners on the log_local stock class since it is unnecessary and was interfering with Logstash.
- Added the ability to modify the rate limiting settings in rsyslog::global.
- Moved the include statement in the global conf template to after the definition of the default message template so that items in rsyslog.d can use it directly.
- Thu Feb 20 2014 Nick Markowski nmarkowski@keywcorp.com - 4.1.0-0
- Moved log forwarder rule (stock/log_server/forward.pp) from /etc/rsyslog.conf to /etc/rsyslog.d/remote.conf
- Wed Feb 12 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.1.0-0
- Converted all string booleans to booleans
- Fixed all lint errors
- Thu Jan 02 2014 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.0-13
- Ensure that only the cron.hourly logrotate script exists if using the stock::log_server class.
- Fri Nov 01 2013 Trevor Vaughan tvaughan@onyxpoint.com - 4.0.0-12
- Added support to the stock server class for audispd.
- Mon Oct 07 2013 Kendall Moore kmoore@keywcorp.com - 4.0.0-11
- Updated all erb templates to properly scope variables.
- Thu Sep 19 2013 Nick Markowski nmarkowski@keywcorp.com - 4.0.0-10
- Allowed default syslog logrotate missingok
- Thu Jan 31 2013 Maintenance 4.0.0-9
- Created a Cucumber test to setup an rsyslog server from the rsyslog module.
- Wed Nov 28 2012 Maintenance 4.0.0-8
- Updated the global config to turn $PreserveFQDN on by default.
- Mon Oct 22 2012 Maintenance 4.0.0-7
- Added compat level for 5 by default.
- Updated the stock rules to dump slapd audit logs to their own file.
- Fri Aug 10 2012 Maintenance 4.0.0-6
- Update to set max open files ulimit to unlimited using the new init_ulimit type.
- Added some options to the stock server class to ensure that collected logs are reasonably rotated and stored.
- Tue Jul 24 2012 Maintenance 4.0.0-5
- Fix all instances of 'IPT:' instead of "IPT:"
- Wed Apr 11 2012 Maintenance 4.0.0-4
- Fixed bug regarding stunnel module.
- Moved mit-tests to /usr/share/simp...
- Updated pp files to better meet Puppet's recommended style guide.
- Fri Mar 02 2012 Maintenance 4.0.0-3
- Updated to ensure that sudosh output goes to its own log file.
- Improved test stubs.
- Tue Jan 17 2012 Maintenance 4.0.0-2
- Added a rule to allow all syslog connections past tcpwrappers. I know this isn't least privilege, but it's already being checked in two different places.
- Fri Dec 23 2011 Maintenance 4.0.0-1
- Updated the spec file to not require a separate file list.
- Changed all instances of 'ipaddress' to 'primary_ipaddress'.
- Mon Nov 07 2011 Maintenance 4.0.0-0
- Fixed call to rsyslog restart for RHEL6.
- Mon Oct 10 2011 Maintenance 2.0.0-3
- Updated to put quotes around everything that need it in a comparison statement so that puppet > 2.5 doesn't explode with an undef error.
- Tue Mar 29 2011 Maintenance - 2.0.0-2
- The 'onlyif' statement in concat_build was fixed to properly use /usr/bin/test.
- Modified the rsyslog rules to take apache into account.
- Fri Feb 11 2011 Maintenance - 2.0.0-1
- Changed all instances of defined(Class['foo']) to defined('foo') per the directions from the Puppet mailing list.
- Removed 'daemon.log' references which will make logrotate stop trying to rotate it and fail.
- Updated rsyslog::stock::log_server iptables rule
- Updated to use concat_build and concat_fragment types
- Tue Jan 11 2011 Maintenance 2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
- Renamed puppet logs
- Fri Oct 29 2010 Maintenance - 1.0-3
- Replaced redundant rules with '& ~' which should improve performance.
- Moved the remote rsyslog security log rule into an 'if' that ensures that it is only activated when proper.
- Changed the module to call add_conf since those are loaded before the rest of the drop rules. Puppetmaster logs will now again flow to the remote log server.
- Tue Oct 26 2010 Maintenance - 1.0-2
- Converting all spec files to check for directories prior to copy.
- Thu Aug 05 2010 Maintenance 1.0-1
- rsyslog::log_server::allow was missing a '$' on the rhs of the udpServerAddress.
- Thu Jun 10 2010 Maintenance 1.0-0
- Removed data going to daemon.log by default. It was redundant with /var/log/messages.
- Full configuration of the daemon via /etc/sysconfig is now possible. Compatibility mode defaults to '3'.
- Added a new default log format with the priority included. Also provide for the capability to choose from one of the built-in rsyslog templates.
- Moved rsyslog::log_local and rsyslog::log_server to rsyslog::stock::log_local and rsyslog::stock::log_server respectively.
- Doc update and Code refactor.
- Fixed the default template by adding a '$' to the template entries.
- Wed May 12 2010 Maintenance 0.1-23
- Added a segment to remove the i386 version of rsyslog if you're on an x86_64 system.
- Mon May 10 2010 Maintenance 0.1-22
- Now split puppet/puppetmaster logs into their own files on both the server and the client
- Tue Apr 27 2010 Maintenance 0.1-21
- Made the system require rsyslog.$architecture instead of rsyslog
- Fixed a bug in the rsyslog::server::allow define that would not let you properly set the udpServerAddress. It is now set to '0.0.0.0' by default.
- Wed Mar 17 2010 Maintenance 0.1-20
- Fixed a bug in the default server ruleset that was using '' instead of '.*'.
- Thu Jan 14 2010 Maintenance 0.1-19
- Allow users to set the maximum number of open files when configuring the rsyslog globals.
- Wed Jan 06 2010 Maintenance 0.1-18
- Now fork off iptables logs to /var/log/iptables.log.
- Added a logrotate rule for rotating the iptables log file.
- Wed Dec 30 2009 Maintenance 0.1-17
- Fixed a bug that did not allow the proper raising of max TCP sessions in rsyslog.
- Tue Dec 15 2009 Maintenance 0.1-16
- Fixed a bug that resulted in the daemon.log file not being rotated.
- Now ensure that the rsyslog server default configuration actually listens on all external ports by default instead of binding to localhost.
- Log server class now properly checks for ":IPT" instead of " :IPT"
- Log server class now sets lastaction instead of postrotate
- Wed Nov 04 2009 Maintenance 0.1-15
- Now call the new logrotate module to set up the log rotation job.
- Thu Oct 08 2009 Maintenance 0.1-14
- Modified the default 'secure' configurations to use verify = 2 by default.
- Tue Oct 06 2009 Maintenance 0.1-13
- Added a 'fail safe' mode to rsyslog so that it will never get an empty config file.
- Added pupmod-stunnel as a requirement.
Dependencies
- camptocamp/systemd (>= 2.2.0 < 3.0.0)
- puppetlabs/stdlib (>= 6.6.0 < 8.0.0)
- simp/simplib (>= 3.12.0 < 5.0.0)
pupmod-simp-rsyslog - A Puppet Module for managing Rsyslog -- Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law. The US Government retains the right to pursue copyright protections outside of the United States. The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls. --- Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.