Puppet Class: rsyslog::config

Defined in:
manifests/config.pp

Overview

NOTE: THIS IS A PRIVATE CLASS

Setup RSyslog configuration. Creates /etc/rsyslog.conf and includes all SIMP config subdirectories in /etc/rsyslog.simp.d.

NOTE Any undocumented parameters map directly to their counterparts in the Rsyslog configuration files.

Parameters:

  • umask (String) (defaults to: '0027')

    The umask that should be applied to the running process

  • localhostname (String) (defaults to: $facts['fqdn'])

    The Hostname that should be used on your syslog messages

  • preserve_fqdn (Boolean) (defaults to: true)

    Ensure that the fqdn of the originating host is preserved in all log messages

  • control_character_escape_prefix (String[1,1]) (defaults to: '#')
  • drop_msgs_with_malicious_dns_ptr_records (Enum['off','on']) (defaults to: 'off')
  • escape_control_characters_on_receive (Enum['off','on']) (defaults to: 'on')
  • default_template (String) (defaults to: 'original')

    The default template to use to output to various services

    • The provided template has been designed to work with external parsing tools that require the priority text

    • You can also choose from the following values in order to select from one of the built-in rsyslogd formats.

      • forward -> RSYSLOG_Forward

      • original -> RSYSLOG_FileFormat

      • traditional -> RSYSLOG_TraditionalFileFormat

  • syssock_ignore_timestamp (Boolean) (defaults to: true)
  • syssock_ignore_own_messages (Boolean) (defaults to: true)
  • syssock_use (Boolean) (defaults to: true)
  • syssock_name (Optional[String]) (defaults to: undef)
  • syssock_flow_control (Boolean) (defaults to: false)
  • syssock_use_pid_from_system (Boolean) (defaults to: false)
  • syssock_rate_limit_interval (Stdlib::Compat::Integer) (defaults to: '0')
  • syssock_rate_limit_burst (Stdlib::Compat::Integer) (defaults to: '1000')
  • syssock_rate_limit_severity (Stdlib::Compat::Integer) (defaults to: '5')
  • syssock_use_sys_timestamp (Boolean) (defaults to: true)
  • syssock_annotate (Boolean) (defaults to: false)
  • syssock_parse_trusted (Boolean) (defaults to: false)
  • syssock_unlink (Boolean) (defaults to: true)
  • main_msg_queue_type (Enum['LinkedList','FixedArray']) (defaults to: 'LinkedList')

    The type of queue that will be used

    • It is highly recommended that you leave this as LinkedList unless you really know what you are doing.

  • main_msg_queue_filename (String) (defaults to: 'main_msg_queue')
  • main_msg_queue_max_file_size (Stdlib::Compat::Integer) (defaults to: '5')
  • main_msg_queue_size (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The size of the main (global) message queue

    • By default, the minimum of 1% of physical memory or 1G, based on a 512B message size. The maximum number of messages that may be stored in the memory queue.

  • main_msg_queue_high_watermark (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The point at which the queue will start writing messages to disk as a number of messages

    • By default, 90% of $main_msg_queue_size

  • main_msg_queue_low_watermark (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The point at which the queue will stop writing messages to disk as a number of messages

    • NOTE: This must be lower than $main_msg_queue_high_watermark

    • By default, 70% of $main_msg_queue_size

  • main_msg_queue_discardmark (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The point at which the queue will discard messages

    • By default, 98% of $main_msg_queue_size

  • main_msg_queue_worker_thread_minimum_messages (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The minimum number of messages in the queue before a new thread can be spawned

    • If left empty (the default), will calculate the value based on the following formula: $main_msg_queue_size/(($processorcount - 1)*4)

  • main_msg_queue_worker_threads (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The maximum number of threads to spawn on the system

    • By default, $processorcount - 1

  • main_msg_queue_worker_timeout_thread_shutdown (Stdlib::Compat::Integer) (defaults to: '5000')
  • main_msg_queue_timeout_enqueue (Stdlib::Compat::Integer) (defaults to: '100')
  • main_msg_queue_dequeue_slowdown (Stdlib::Compat::Integer) (defaults to: '0')
  • main_msg_queue_save_on_shutdown (Enum['on','off']) (defaults to: 'on')
  • main_msg_queue_max_disk_space (Optional[Stdlib::Compat::Integer]) (defaults to: undef)

    The maximum amount of disk space to use for the disk queue.

    • Specified as a digit followed by a unit specifier. For example:

      • 100 -> 100 Bytes

      • 100K -> 100 Kilobytes

      • 100M -> 100 Megabytes

      • 100G -> 100 Gigabytes

      • 100T -> 100 Terabytes

      • 100P -> 100 Petabytes

    • If not specified, will default to $main_msg_queue_size * 1024

  • main_msg_queue_max_file_size (defaults to: '5')

    The maximum file size, in Megabytes, that should be created when buffering to disk.

    • NOTE: It is not recommended to make this excessively large

  • repeated_msg_reduction (Enum['on','off']) (defaults to: 'on')
  • work_directory (Stdlib::Absolutepath) (defaults to: '/var/spool/rsyslog')
  • interval (Stdlib::Compat::Integer) (defaults to: '0')

    The mark interval

  • tls_tcp_max_sessions (Stdlib::Compat::Integer) (defaults to: '200')

    The maximum number of sessions to support

  • tls_input_tcp_server_stream_driver_permitted_peers (Array[String]) (defaults to: ["*.${::domain}"])

    A wildcard-capable Array of domains that should be allowed to talk to the server over TLS

  • default_net_stream_driver_ca_file (Stdlib::Absolutepath) (defaults to: "${::rsyslog::pki_base_dir}/pki/cacerts/cacerts.pem")
  • default_net_stream_driver_cert_file (Stdlib::Absolutepath) (defaults to: "${::rsyslog::pki_base_dir}/pki/public/${::fqdn}.pub")
  • default_net_stream_driver_key_file (Stdlib::Absolutepath) (defaults to: "${::rsyslog::pki_base_dir}/pki/private/${::fqdn}.pem")
  • action_send_stream_driver_mode (Enum['1','0']) (defaults to: $::rsyslog::enable_pki)
  • action_send_stream_driver_auth_mode (Optional[String]) (defaults to: undef)
  • action_send_stream_driver_permitted_peers (Array[String]) (defaults to: $::rsyslog::log_servers)
  • ulimit_max_open_files (Variant[Enum['unlimited'],Stdlib::Compat::Integer]) (defaults to: 'unlimited')

    The maximum open files limit that should be set for the syslog server

    • 1024 is fine for most purposes, but a collection server should bump this way up.

  • host_list (Array[String]) (defaults to: [])

    Hosts that should be logged with their simple hostname

    • See the -l option in rsyslogd(8) for more information

  • domain_list (Array[String]) (defaults to: [])

    Array of domains that should be stripped off before logging

    • See the -s option in rsyslogd(8) for more information

  • suppress_noauth_warn (Boolean) (defaults to: false)

    Suppress warnings due to hosts not in the ACL

    • See the -w option in rsyslogd(8) for more information

  • disable_remote_dns (Boolean) (defaults to: false)

    Disable DNS lookups for remote messages

    • See the -x option in rsyslogd(8) for more information

  • read_journald (Boolean) (defaults to: $::rsyslog::read_journald)

    Enable the forwarding of the systemd journal to syslog

  • include_rsyslog_d (Boolean) (defaults to: false)

    Include all configuration files in the system-standard /etc/rsyslog.d

    • This will place the configuration files after the global configuration but before the SIMP applied configurations.

  • enable_default_rules (Boolean) (defaults to: true)


176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
# File 'manifests/config.pp', line 176

class rsyslog::config (
  String                                             $umask                                              = '0027',
  String                                             $localhostname                                      = $facts['fqdn'],
  Boolean                                            $preserve_fqdn                                      = true,
  String[1,1]                                        $control_character_escape_prefix                    = '#',
  Enum['off','on']                                   $drop_msgs_with_malicious_dns_ptr_records           = 'off',
  Enum['off','on']                                   $escape_control_characters_on_receive               = 'on',
  String                                             $default_template                                   = 'original',

  # Parameters for imuxsock with sensible defaults.
  Boolean                                            $syssock_ignore_timestamp                           = true,
  Boolean                                            $syssock_ignore_own_messages                        = true,
  Boolean                                            $syssock_use                                        = true,
  Optional[String]                                   $syssock_name                                       = undef,
  Boolean                                            $syssock_flow_control                               = false,
  Boolean                                            $syssock_use_pid_from_system                        = false,
  Stdlib::Compat::Integer                            $syssock_rate_limit_interval                        = '0',
  Stdlib::Compat::Integer                            $syssock_rate_limit_burst                           = '1000',
  Stdlib::Compat::Integer                            $syssock_rate_limit_severity                        = '5',
  Boolean                                            $syssock_use_sys_timestamp                          = true,
  Boolean                                            $syssock_annotate                                   = false,
  Boolean                                            $syssock_parse_trusted                              = false,
  Boolean                                            $syssock_unlink                                     = true,

  # Main message queue global defaults.
  Enum['LinkedList','FixedArray']                    $main_msg_queue_type                                = 'LinkedList',
  String                                             $main_msg_queue_filename                            = 'main_msg_queue',
  Stdlib::Compat::Integer                            $main_msg_queue_max_file_size                       = '5',
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_size                                = undef,
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_high_watermark                      = undef,
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_low_watermark                       = undef,
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_discardmark                         = undef,
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_worker_thread_minimum_messages      = undef,
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_worker_threads                      = undef,
  Stdlib::Compat::Integer                            $main_msg_queue_worker_timeout_thread_shutdown      = '5000',
  Stdlib::Compat::Integer                            $main_msg_queue_timeout_enqueue                     = '100',
  Stdlib::Compat::Integer                            $main_msg_queue_dequeue_slowdown                    = '0',
  Enum['on','off']                                   $main_msg_queue_save_on_shutdown                    = 'on',
  Optional[Stdlib::Compat::Integer]                  $main_msg_queue_max_disk_space                      = undef,

  Enum['on','off']                                   $repeated_msg_reduction                             = 'on',
  Stdlib::Absolutepath                               $work_directory                                     = '/var/spool/rsyslog',
  Stdlib::Compat::Integer                            $interval                                           = '0',
  Stdlib::Compat::Integer                            $tls_tcp_max_sessions                               = '200',
  Array[String]                                      $tls_input_tcp_server_stream_driver_permitted_peers = ["*.${::domain}"],

  Stdlib::Absolutepath                               $default_net_stream_driver_ca_file                  = "${::rsyslog::pki_base_dir}/pki/cacerts/cacerts.pem",
  Stdlib::Absolutepath                               $default_net_stream_driver_cert_file                = "${::rsyslog::pki_base_dir}/pki/public/${::fqdn}.pub",
  Stdlib::Absolutepath                               $default_net_stream_driver_key_file                 = "${::rsyslog::pki_base_dir}/pki/private/${::fqdn}.pem",

  Enum['1','0']                                      $action_send_stream_driver_mode                     = $::rsyslog::enable_pki ? { true => '1', default => '0' },
  Optional[String]                                   $action_send_stream_driver_auth_mode                = undef,
  Array[String]                                      $action_send_stream_driver_permitted_peers          = $::rsyslog::log_servers,

  Variant[Enum['unlimited'],Stdlib::Compat::Integer] $ulimit_max_open_files                              = 'unlimited',
  Array[String]                                      $host_list                                          = [],
  Array[String]                                      $domain_list                                        = [],
  Boolean                                            $suppress_noauth_warn                               = false,
  Boolean                                            $disable_remote_dns                                 = false,
  Boolean                                            $enable_default_rules                               = true,
  Boolean                                            $read_journald                                      = $::rsyslog::read_journald,
  Boolean                                            $include_rsyslog_d                                  = false
) {
  assert_private()

  $_tcp_server = pick($::rsyslog::tcp_server, false)
  $_tls_tcp_server = pick($::rsyslog::tls_tcp_server, false)
  $_tcp_listen_port = pick($::rsyslog::tcp_listen_port, '514')
  $_tls_tcp_listen_port = pick($::rsyslog::tls_tcp_listen_port, '6514')
  $_udp_server = pick($::rsyslog::udp_server, false)
  $_udp_listen_port = pick($::rsyslog::udp_listen_port, '514')
  $_enable_tls_logging = pick($::rsyslog::enable_tls_logging, false)

  if $read_journald and member($facts['init_systems'], 'systemd') {
    $_read_journald = true
  }
  else {
    $_read_journald = false
  }

  # set the driver auth_mode based on the mode
  if empty( $action_send_stream_driver_auth_mode ) {
    $_action_send_stream_driver_auth_mode = $action_send_stream_driver_mode ? {
      '0'     => 'anon',
      default => 'x509/name'
    }
  } else {
    $_action_send_stream_driver_auth_mode = $action_send_stream_driver_auth_mode
  }

  $_default_template = $default_template ? {
    'traditional' => 'RSYSLOG_TraditionalFormat',
    'original'    => 'RSYSLOG_FileFormat',
    'forward'     => 'RSYSLOG_ForwardFormat',
    default       => $default_template
  }

  # This is where the custom rules will go. They will be purged if not managed!
  file { $::rsyslog::rule_dir:
    ensure  => 'directory',
    owner   => 'root',
    group   => 'root',
    recurse => true,
    purge   => true,
    force   => true,
    mode    => '0750'
  }

  file { '/etc/rsyslog.d':
    ensure => 'directory',
    owner  => 'root',
    group  => 'root',
    mode   => '0755'
  }

  file { '/etc/rsyslog.d/README_SIMP.conf':
    ensure  => 'file',
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => '# Place ".conf" files that rsyslog should process independently of SIMP into this directory.\n'
  }

  file { '/var/spool/rsyslog':
    ensure => 'directory',
    owner  => 'root',
    group  => 'root',
    mode   => '0700'
  }

  if $enable_default_rules {
    rsyslog::rule { '99_simp_local/ZZ_default.conf':
      content => file("${module_name}/config/rsyslog.default")
    }
  }

  file { '/etc/rsyslog.conf':
    ensure  => 'present',
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
    content => "\$IncludeConfig ${::rsyslog::rule_dir}/*.conf"
  }

  file { '/etc/sysconfig/rsyslog':
    owner   => 'root',
    group   => 'root',
    mode    => '0640',
    content => template("${module_name}/sysconfig.erb")
  }

  rsyslog::rule { '00_simp_pre_logging/global.conf':
    content => template("${module_name}/config/pre_logging.conf.erb")
  }

  rsyslog::rule { '09_failover_hack/failover_hack.conf':
    # lint:ignore:variable_scope
    content => @(EOM)
      # For failover to be defined and parse properly, we must place it somewhere
      # after the first rule is defined. Therefore, we are creating this noop rule.

      if $syslogfacility == 'local0' and $msg startswith 'placeholder_rule' then continue
      |EOM
    # lint:endignore
  }

  if $include_rsyslog_d {
    rsyslog::rule { '15_include_default_rsyslog/include_default_rsyslog.conf':
      content => '$IncludeConfig /etc/rsyslog.d/'
    }
  }

  rsyslog::template::string { 'defaultTemplate':
    string => $_default_template
  }

  # Set the maximum number of open files in the init script.
  init_ulimit { 'mod_open_files_rsyslog':
    target => 'rsyslog',
    item   => 'max_open_files',
    value  => $ulimit_max_open_files
  }
}