Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/express42/rsyslog

Express 42 rsyslog cookbook
https://github.com/express42/rsyslog

chef cookbooks logging

Last synced: over 1 year ago
JSON representation

Express 42 rsyslog cookbook

Awesome Lists containing this project

README 

          
# Description



Installs and configures rsyslog v7 and v8. Provides LWRP for creating rules.



# Requirements



Rsyslog native package or latest rsyslog stable package from official repository.



## Platform:



* Ubuntu 12.04

* Ubuntu 14.04

* Ubuntu 16.04



# Attributes



* `node['rsyslog']['version']` - Major Rsyslog version. Defaults to `7`

* `node['rsyslog']['modules']['default_modules']` -  Defaults to `"%w(imuxsock imklog)"`.

* `node['rsyslog']['modules']['extra_modules']` -  Defaults to `"[ ... ]"`.

* `node['rsyslog']['preservefqdn']` -  Defaults to `"off"`.

* `node['rsyslog']['global']['ActionFileDefaultTemplate']` -  Defaults to `"RSYSLOG_TraditionalFileFormat"`.

* `node['rsyslog']['global']['RepeatedMsgReduction']` -  Defaults to `"on"`.

* `node['rsyslog']['global']['FileOwner']` -  Defaults to `"syslog"`.

* `node['rsyslog']['global']['FileGroup']` -  Defaults to `"adm"`.

* `node['rsyslog']['global']['FileCreateMode']` -  Defaults to `"0640"`.

* `node['rsyslog']['global']['DirCreateMode']` -  Defaults to `"0755"`.

* `node['rsyslog']['global']['Umask']` -  Defaults to `"0022"`.

* `node['rsyslog']['global']['PrivDropToUser']` -  Defaults to `"syslog"`.

* `node['rsyslog']['global']['PrivDropToGroup']` -  Defaults to `"syslog"`.

* `node['rsyslog']['global']['WorkDirectory']` -  Defaults to `"/var/spool/rsyslog"`.

* `node['rsyslog']['rules']['postfix']['selector']` -  Defaults to `"mail.*"`.

* `node['rsyslog']['rules']['postfix']['action']` -  Defaults to `"/var/spool/rsyslog"`.



# Recipes



* rsyslog::default - Installs and configures rsyslog.

* rsyslog::apt_official_repo - Configures rsyslog official repository.



# Resources

* [rsyslog_rule](#rsyslog_rule)

* [rsyslog_rule_input](#rsyslog_rule_input)

* [rsyslog_template](#rsyslog_template)



# LWRP



## `rule`

Create loging rules for rsyslog

### Parameters



Parameter

Description

Example

Required?

Default



selector

Facilities and priorities from log selectors separated by period(.)

""auth,authpriv.*""

Y

nil



log_action

Where to sent filtered records

"/var/log/mydaemon.log"

Y

nil



priority

Priority loading for generated conf file

15

Y

20



### `rule_input`

Create rules for getting arbitrary log files into rsyslg

### Parameters



Parameter

Description

Example

Required?

Default



prioriy

Priority loading for generated conf file

15

Y

20



filename

Logfile source from which we polling records

"/home/myapp/current/log/production.log"

Y

nil



severity

Severity level

"Error"

N

Info



facility

Group logs by facility

"security"

N

daemon



persist_interval

Interval for polling in ms

"30000"

N

1000



### `template`

Create template to specify the log format 

### Parameters



Parameter

Description

Example

Required?

Default



type

Type of template, list or string is available.

'list'

Y

nil



statement

statement defined to created template

"/var/log/system-%HOSTNAME%.log"

Y

nil



### `action`

Create action to send logs using output modules

### Parameters



Parameter

Description

Example

Required?

Default



type

Type of action.

'omfwd'

Y

nil



rule

Rule for used action

'target="graylog.example.org" port="12201" protocol="udp" template="gelf"'

Y

nil



priority

Priority for created action configuration file

30

N

nil



### `propery_based_filter`

Create filter using property based filter instead BSD style with facility and severity

### Parameters



Parameter

Description

Example

Required?

Default



property

Rsyslog property, see list of all properties on official documentation site. http://www.rsyslog.com/doc/v8-stable/configuration/properties.html

':fromhost'

Y

nil



operator

compare-operations or regex

'contains'

Y

nil



match_string

Matched string in used operator

'firewall: IN='

Е

nil



log_file

Resulted log file

'/var/log/firewall'

Е

nil



# Usage



* Include `recipe[rsyslog]` in node runlist

* Include `recipe[rsyslog::apt_official_repo]` if you need install fresh versions from official repository



## Using rsyslog_rule

If you want to log all message from mail facility:



```

rsyslog_rule 'random-mail-service' do

  priority 15

  selector 'mail.*'

  log_action '-/var/log/mail.log'

end

```



Or if you want to send all messages to remote server:



```

rsyslog_rule 'udp-remote' do

  selector '*.*'

  log_action '@logs.example.com:514'

end

```



## Using rsyslog_rule_input

Before using input rule you need to specify `imfile` module in `extra_modules` attribute.



```

rsyslog_rule_input "unicorn-rails" do

  priority 15

  filename "/home/rocketbank/rocketbank/current/log/production.log"

  severity "error"

end

```



## Using template

Create template for GELF ouput using in rules (need lots of escaping currently)



```

rsyslog_template 'gelf' do

  type 'list'

  statement 'constant(value="{\"version\":\"1.1\",")

  constant(value="\"host\":\"")

  property(name="hostname")

  constant(value="\",\"short_message\":\"")

  property(name="msg" format="json")

  constant(value="\",\"timestamp\":\"")

  property(name="timegenerated" dateformat="unixtimestamp")

  constant(value="\",\"level\":\"")

  property(name="syslogseverity")

  constant(value="\"}")'

end

```



## Using action

Create actions for sending output data to graylog server using GELF protocol



```

rsyslog_action 'gelf_output' do

  type 'omfwd'

  rule 'target="graylog.example.org" port="12201" protocol="udp" template="gelf"'

end

```



Sends data go kafka first, instead logging server



```

rsyslog_action 'kafka_output' do

  type 'omkafka'

  rule 'broker=['kafka01.exampler.org:9092', 'kafka02.exampler.org:9092'] topic="logger" confParam=["compression.codec=snappy"]'

end



```



## Using propery_based_filter

Create propery matching all logs stated with [YII] in syslog and organizing it in separate cron_exceptions logfile



```

rsyslog_property_based_filter 'cron_exceptions' do

  property ':msg'

  operator 'regex'

  match_string '\[YII\].*'

  log_file '-/var/log/cron_exceptions'

end

```



See fixture cookbooks in `tests/fixtures/cookbooks`.



# License and Maintainer



Maintainer:: LLC Express 42 ()



License:: MIT