Manage rsyslog client and server via Puppet
- Puppet >=2.6 if using parameterized classes
- Currently supports Ubuntu >=11.04 & Debian running rsyslog >=4.5
class { 'rsyslog::client': }
class { 'rsyslog::client':
log_remote => true,
spool_size => '1g',
remote_type => 'tcp',
remote_forward_format => 'RSYSLOG_ForwardFormat',
log_local => false,
log_auth_local => false,
custom_config => undef,
custom_params => undef,
server => 'log',
port => '514',
remote_servers => false,
ssl_ca => undef,
log_templates => false,
actionfiletemplate => false
}
for read from file
rsyslog::imfile { 'my-imfile':
file_name => '/some/file',
file_tag => 'mytag',
file_facility => 'myfacility',
}
The log_templates parameter can be used to set up custom logging templates, which can be used for local and/or remote logging. More detail on template formats can be found in the rsyslog documentation.
The following examples sets up a custom logging template as per RFC3164fmt:
class{'rsyslog::client':
log_templates => [
{
name => 'RFC3164fmt',
template => '<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%',
},
]
}The remote_servers parameter can be used to set up logging to multiple remote servers which are supplied as a list of key value pairs for each remote. There is an example configuration provided in ./test/multiple_hosts.pp
Using the remote_servers parameter over-rides the other remote sever parameters, and they will not be used in the client configuration file:
log_remoteremote_typeserverport
The following example sets up three remote logging hosts for the client:
class{'rsyslog::client':
remote_servers => [
{
host => 'logs.example.org',
},
{
port => '55514',
},
{
host => 'logs.somewhere.com',
port => '555',
pattern => '*.log',
protocol => 'tcp',
format => 'RFC3164fmt',
},
]
}Each host has the following parameters:
- host: Sets the address or hostname of the remote logging server. Defaults to
localhost - port: Sets the port the host is listening on. Defaults to
514 - pattern: Sets the pattern to match logs. Defaults to
*.* - protocol: Sets the protocol. Only recognises TCP and UDP. Defaults to UDP
- format: Sets the log format. Defaults to not specifying log format, which defaults to the format set by
ActionFileDefaultTemplatein the client configuration.
Events can also be logged to a MySQL or PostgreSQL database. The database needs to be deployed separately, either locally or remotely. Schema are available from the rsyslog source:
Declare the following to configure the connection:
class { 'rsyslog::database':
backend => 'mysql',
server => 'localhost',
database => 'Syslog',
username => 'rsyslog',
password => 'secret',
}
class { 'rsyslog::server': }
class { 'rsyslog::server':
enable_tcp => true,
enable_udp => true,
enable_onefile => false,
server_dir => '/srv/log/',
custom_config => undef,
high_precision_timestamps => false,
}
Both can be installed at the same time.
The following lists all the class parameters this module accepts.
RSYSLOG::SERVER CLASS PARAMETERS VALUES DESCRIPTION
-------------------------------------------------------------------
enable_tcp true,false Enable TCP listener. Defaults to true.
enable_udp true,false Enable UDP listener. Defaults to true.
enable_onefile true,false Only one logfile per remote host. Defaults to false.
server_dir STRING Folder where logs will be stored on the server. Defaults to '/srv/log/'
custom_config STRING Specify your own template to use for server config. Defaults to undef. Example usage: custom_config => 'rsyslog/my_config.erb'
high_precision_timestamps true,false Whether or not to use high precision timestamps.
remote_servers HASH Provides a hash of multiple remote logging servers. Check documentation.
RSYSLOG::CLIENT CLASS PARAMETERS VALUES DESCRIPTION
-------------------------------------------------------------------
log_remote true,false Log Remotely. Defaults to true.
spool_size STRING Max size for disk queue if remote server failed. Defaults to '1g'.
remote_type 'tcp','udp' Which protocol to use when logging remotely. Defaults to 'tcp'.
remote_forward_format STRING Which forward format for remote servers should be used. Only used if remote_servers is false.
log_local true,false Log locally. Defaults to false.
log_auth_local true,false Just log auth facility locally. Defaults to false.
custom_config STRING Specify your own template to use for client config. Defaults to undef. Example usage: custom_config => 'rsyslog/my_config.erb'
custom_params TODO TODO
server STRING Rsyslog server to log to. Will be used in the client configuration file. Only used, if remote_servers is false.
port '514' Remote server port. Only used if remote_servers is false.
remote_servers Array of hashes Array of hashes with remote servers. See documentation above. Defaults to false.
ssl_ca STRING SSL CA file location. Defaults to undef.
log_templates HASH Provides a has defining custom logging templates using the `$template` configuration parameter.
actionfiletemplate STRING If set this defines the `ActionFileDefaultTemplate` which sets the default logging format for remote and local logging.
RSYSLOG::DATABASE CLASS PARAMETERS VALUES DESCRIPTION
-------------------------------------------------------------------
backend 'mysql','pgsql' Database backend (MySQL or PostgreSQL).
server STRING Database server.
database STRING Database name.
username STRING Database username.
password STRING Database password.
Due to a missing feature in current RELP versions (InputRELPServerBindRuleset option), remote logging is using TCP. You can switch between TCP and UDP. As soon as there is a new RELP version which supports setting Rulesets, I will add support for relp back.
By default, rsyslog::server will strip numbers from hostnames. This means the logs of multiple servers with the same non-numerical name will be aggregrated in a single directory. i.e. www01 www02 and www02 would all log to the www directory.
To log each host to a seperate directory, set the custom_config parameter to 'rsyslog/server-hostname.conf.erb'
If any of the following parameters are set to false, then the module will not
manage the respective package:
gnutls_package_name
relp_package_name
rsyslog_package_name
This can be used when using the adiscon PPA repository, that has merged rsyslog-gnutls with the main rsyslog package.