Puppet Class: rsyslog

Defined in:
manifests/init.pp

Summary

Set up Rsyslog 7/8

Overview

The configuration is particularly slanted toward the issues present in the versions of rsyslog included with Enterprise Linux systems. It should still work on other systems but they may have different/other bugs that have not been addressed.

Parameters:

  • service_name (String)

    The name of the Rsyslog service; typically “rsyslog“

  • package_name (String)

    The name of the Rsyslog package to install; typically “rsyslog“

  • tls_package_name (String) (defaults to: "${package_name}-gnutls")

    The name of the Rsyslog package to install TLS utilities; typically “rsyslog-gnutls“

  • trusted_nets (Simplib::Netlist) (defaults to: simplib::lookup('simp_options::trusted_nets', {'default_value' => ['127.0.0.1/32'] }))

    A whitelist of subnets (in CIDR notation) permitted access

    • This will be used in conjunction with IPTables (if enabled) to allow connections from within the given subnets.

  • enable_tls_logging (Boolean) (defaults to: false)

    Enable the TLS libraries where applicable

    • If enabled, clients will encrypt all log data being sent to the given log servers. Also, all log servers specified to use TLS (see “rsyslog::server::tls_tcp_server“) will load the “imtcp“ libraries and set the necessary global “NetStreamDriver“ information.

  • log_servers (Simplib::Netlist) (defaults to: simplib::lookup('simp_options::syslog::log_servers', { 'default_value' => [] }))

    A list of primary Rsyslog servers

    • All nodes in this list will get a copy of all logs if remote logging is enabled.

  • failover_log_servers (Simplib::Netlist) (defaults to: simplib::lookup('simp_options::syslog::failover_log_servers', { 'default_value' => [] }))

    A list of the failover Rsyslog servers

    • This order-dependent list will serve as all of the possible failover log servers for clients to send to if the servers in “log_servers“ are unavailable.

  • queue_spool_directory (Stdlib::Absolutepath) (defaults to: '/var/spool/rsyslog')

    The path to the directory where Rsyslog should store disk message queues

  • rule_dir (Stdlib::Absolutepath) (defaults to: '/etc/rsyslog.simp.d')

    The path at which all managed rules will begin

  • tcp_server (Boolean) (defaults to: false)

    Make this host listen for “TCP“ connections

    • Ideally, all connections would be “TLS“ enabled. Only enable this if necessary.

  • tcp_listen_port (Simplib::Port) (defaults to: 514)

    The port upon which to listen for regular “TCP“ connections

  • tls_tcp_server (Boolean) (defaults to: false)

    Make this host listen for “TLS“ enabled “TCP“ connections

  • tls_tcp_listen_port (Simplib::Port) (defaults to: 6514)

    The port upon which to listen for “TLS“ enabled “TCP“ connections

  • udp_server (Boolean) (defaults to: false)

    Make this host listend for “UDP“ connections

    • This really should not be enabled unless you have devices that cannot speak “TLS“

  • udp_listen_address (String) (defaults to: '127.0.0.1')

    The address upon which to listen for “UDP“ connections

    • The default of “127.0.0.1“ is set primariliy for supporting Java applications that cannot work with a modern method of logging.

  • udp_listen_port (Simplib::Port) (defaults to: 514)

    The port upon which to listen for “UDP“ connections

  • read_journald (Boolean)

    Enable the processing of “journald“ messages natively in Rsyslog

  • logrotate (Boolean) (defaults to: simplib::lookup('simp_options::logrotate', {'default_value' => false}))

    Ensure that “logrotate“ is enabled on this system

    • You will need to configure specific logrotate settings via the

    “logrotate“ module.

  • pki (Variant[Boolean,Enum['simp']]) (defaults to: simplib::lookup('simp_options::pki', {'default_value' => false}))

    • If ‘simp’, include SIMP’s pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/rsyslog/x509

    • If true, do not include SIMP’s pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/rsyslog/x509

    • If false, do not include SIMP’s pki module and do not use pki::copy to manage certs. You will need to appropriately assign a subset of:

      • app_pki_dir

      • app_pki_key

      • app_pki_cert

      • app_pki_ca

      • app_pki_ca_dir

  • app_pki_external_source (String) (defaults to: simplib::lookup('simp_options::pki::source', {'default_value' => '/etc/pki/simp/x509'}))

    • If pki = ‘simp’ or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.

    • If pki = false, this variable has no effect.

  • app_pki_dir (Stdlib::Absolutepath) (defaults to: '/etc/pki/simp_apps/rsyslog/x509')

    Basepath of $default_net_stream_driver_ca_file, default_net_stream_driver_cert_file, and $default_net_stream_driver_key_file

Author:



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 
# File 'manifests/init.pp', line 114

class rsyslog (
  String                        $service_name, # In module data
  String                        $package_name, # In module data
  Boolean                       $read_journald, # In module data
  String                        $tls_package_name        = "${package_name}-gnutls",
  Simplib::Netlist              $trusted_nets            = simplib::lookup('simp_options::trusted_nets', {'default_value'                  => ['127.0.0.1/32'] }),
  Boolean                       $enable_tls_logging      = false,
  Simplib::Netlist              $log_servers             = simplib::lookup('simp_options::syslog::log_servers', { 'default_value'          => [] }),
  Simplib::Netlist              $failover_log_servers    = simplib::lookup('simp_options::syslog::failover_log_servers', { 'default_value' => [] }),
  Stdlib::Absolutepath          $queue_spool_directory   = '/var/spool/rsyslog',
  Stdlib::Absolutepath          $rule_dir                = '/etc/rsyslog.simp.d',
  Boolean                       $tcp_server              = false,
  Simplib::Port                 $tcp_listen_port         = 514,
  Boolean                       $tls_tcp_server          = false,
  Simplib::Port                 $tls_tcp_listen_port     = 6514,
  Boolean                       $udp_server              = false,
  String                        $udp_listen_address      = '127.0.0.1',
  Simplib::Port                 $udp_listen_port         = 514,
  Boolean                       $logrotate               = simplib::lookup('simp_options::logrotate', {'default_value'                     => false}),
  Variant[Boolean,Enum['simp']] $pki                     = simplib::lookup('simp_options::pki', {'default_value'                           => false}),
  String                        $app_pki_external_source = simplib::lookup('simp_options::pki::source', {'default_value'                   => '/etc/pki/simp/x509'}),
  Stdlib::Absolutepath          $app_pki_dir             = '/etc/pki/simp_apps/rsyslog/x509'
) {

  contain 'rsyslog::install'
  contain 'rsyslog::config'
  contain 'rsyslog::service'

  # lint:ignore:arrow_on_right_operand_line
  Class['rsyslog::install'] ->
  Class['rsyslog::config'] ~>
  Class['rsyslog::service']
  # lint:endignore

  if $logrotate {
    contain 'rsyslog::config::logrotate'
    Class['rsyslog::service'] -> Class['rsyslog::config::logrotate']
  }
}