Logging

Installation

apt install rsyslog

Konfiguation

Inhalt von 50-default.conf in dem Verzeichnis /etc/rsyslog.d/.

# This file is managed by Salt, do not edit.

#  Default rules for rsyslog.
#
#          For more information see rsyslog.conf(5) and /etc/rsyslog.conf

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*            /var/log/auth.log
*.*;auth,authpriv,daemon,local5,local6.none     -/var/log/syslog # Added ;local6.none (Blackhole)
#cron.*                /var/log/cron.log
daemon.*          -/var/log/daemon.log
kern.*             -/var/log/kern.log
#lpr.*             -/var/log/lpr.log
mail.*             -/var/log/mail.log
#user.*                -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info         -/var/log/mail.info
#mail.warn         -/var/log/mail.warn
mail.err           /var/log/mail.err

#
# Logging for INN news system.
#
news.crit          /var/log/news/news.crit
news.err           /var/log/news/news.err
news.notice            -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
#*.=debug;\
#  auth,authpriv.none;\
#  news.none;mail.none -/var/log/debug
#*.=info;*.=notice;*.=warn;\
#  auth,authpriv.none;\
#  cron,daemon.none;\
#  mail,news.none      -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                                :omusrmsg:*

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#  news.=crit;news.=err;news.=notice;\
#  *.=debug;*.=info;\
#  *.=notice;*.=warn   /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
   news.err;\
   *.=debug;*.=info;\
   *.=notice;*.=warn   |/dev/xconsole

Wir legen uns auf eine Log Facility fest, deren Ziel ein schwarzes Loch ist.

Folgende Zeile:

*.*;auth,authpriv.none       -/var/log/syslog

wird zu:

*.*;auth,authpriv.none;local6.none   -/var/log/syslog

Anlegen der „Blackhole Logging Facility“: local6 in dem Ordner /etc/rsyslog.d/ in der Datei 99-blackhole.conf.

local6.*     /dev/null

Salt State File

rsyslog.sls

# Logging

{% set syslog = salt['grains.filter_by']({
  'Debian': {'pkg': 'rsyslog', 'srv': 'rsyslog'}
}, default='Debian') %}

{{ syslog.pkg }}:
  pkg.installed:
    - name: {{ syslog.pkg }}
  service.running:
    - name: {{ syslog.srv }}
    - enable: True
    - watch:
      - file: /etc/rsyslog.d/50-default.conf

/etc/rsyslog.d/50-default.conf:
  file.managed:
    - name: /etc/rsyslog.d/50-default.conf
    - source: salt://gateway/etc/rsyslog.d/50-default.conf

/etc/rsyslog.d/99-blackhole.conf:
  file.managed:
    - name: /etc/rsyslog.d/99-blackhole.conf
    - contents: |
        # This file is managed by Salt, do not edit.
        local6.*	/dev/null
        local5.*	/dev/null