From a274e28e16f2a5e04ff744b8475b1f6520df269f Mon Sep 17 00:00:00 2001 From: raphanaud Date: Wed, 20 Oct 2021 08:28:32 +0200 Subject: [PATCH 1/3] rsyslog --- syslog/redirectap33.sh | 5 +++-- syslog/rsyslog | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) mode change 100644 => 100755 syslog/redirectap33.sh create mode 100644 syslog/rsyslog diff --git a/syslog/redirectap33.sh b/syslog/redirectap33.sh old mode 100644 new mode 100755 index 24f78c9..d266fcc --- a/syslog/redirectap33.sh +++ b/syslog/redirectap33.sh @@ -1,4 +1,5 @@ #!/bin/bash -iptables -t nat -A PREROUTING -d 10.121.38.33 -p udp --dport 515 -j DNAT --to-port 192.168.0.40:514 -iptables -t nat -A POSTROUTING -d 192.168.0.40 -p udp --dport 515 -j SNAT --to 10.121.38.32 +echo "1" > /proc/sys/net/ipv4/ip_forward +sudo iptables -t nat -A PREROUTING -d 10.121.38.33 -p udp --dport 515 -j DNAT --to-dest 192.168.0.40:514 +sudo iptables -t nat -A POSTROUTING -d 192.168.0.40 -p udp --dport 515 -j SNAT --to 10.121.38.33 diff --git a/syslog/rsyslog b/syslog/rsyslog new file mode 100644 index 0000000..8d521ca --- /dev/null +++ b/syslog/rsyslog @@ -0,0 +1,25 @@ +/var/log/syslog +/var/log/mail.info +/var/log/mail.warn +/var/log/mail.err +/var/log/mail.log +/var/log/daemon.log +/var/log/kern.log +/var/log/auth.log +/var/log/user.log +/var/log/lpr.log +/var/log/cron.log +/var/log/debug +/var/log/messages +{ + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + /usr/lib/rsyslog/rsyslog-rotate + endscript +} From 2371255c5dcd1c5b2bd4e9bdb7cc7f0e661febc5 Mon Sep 17 00:00:00 2001 From: raphanaud Date: Wed, 20 Oct 2021 08:37:22 +0200 Subject: [PATCH 2/3] rsyslog --- syslog/redirectap33.sh | 5 ----- 1 file changed, 5 deletions(-) delete mode 100755 syslog/redirectap33.sh diff --git a/syslog/redirectap33.sh b/syslog/redirectap33.sh deleted file mode 100755 index d266fcc..0000000 --- a/syslog/redirectap33.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -echo "1" > /proc/sys/net/ipv4/ip_forward -sudo iptables -t nat -A PREROUTING -d 10.121.38.33 -p udp --dport 515 -j DNAT --to-dest 192.168.0.40:514 -sudo iptables -t nat -A POSTROUTING -d 192.168.0.40 -p udp --dport 515 -j SNAT --to 10.121.38.33 - From 595798093237bc8e6c9ef0f7f13faae8063c2f99 Mon Sep 17 00:00:00 2001 From: raphanaud Date: Wed, 20 Oct 2021 08:43:40 +0200 Subject: [PATCH 3/3] rsyslog --- syslog/journald.conf | 44 +++++++++++++++++++ syslog/redirectap33.sh | 4 ++ syslog/rsyslog-cli.conf | 93 +++++++++++++++++++++++++++++++++++++++++ syslog/rsyslog.conf | 92 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 233 insertions(+) create mode 100644 syslog/journald.conf create mode 100644 syslog/redirectap33.sh create mode 100644 syslog/rsyslog-cli.conf create mode 100644 syslog/rsyslog.conf diff --git a/syslog/journald.conf b/syslog/journald.conf new file mode 100644 index 0000000..e23ec85 --- /dev/null +++ b/syslog/journald.conf @@ -0,0 +1,44 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=auto +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitIntervalSec=30s +#RateLimitBurst=10000 +#SystemMaxUse= +#SystemKeepFree= +#SystemMaxFileSize= +#SystemMaxFiles=100 +#RuntimeMaxUse= +#RuntimeKeepFree= +#RuntimeMaxFileSize= +#RuntimeMaxFiles=100 +#MaxRetentionSec= +#MaxFileSec=1month +ForwardToSyslog=yes +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg +#LineMax=48K +#ReadKMsg=yes +#Audit=no diff --git a/syslog/redirectap33.sh b/syslog/redirectap33.sh new file mode 100644 index 0000000..24f78c9 --- /dev/null +++ b/syslog/redirectap33.sh @@ -0,0 +1,4 @@ +#!/bin/bash +iptables -t nat -A PREROUTING -d 10.121.38.33 -p udp --dport 515 -j DNAT --to-port 192.168.0.40:514 +iptables -t nat -A POSTROUTING -d 192.168.0.40 -p udp --dport 515 -j SNAT --to 10.121.38.32 + diff --git a/syslog/rsyslog-cli.conf b/syslog/rsyslog-cli.conf new file mode 100644 index 0000000..f7ec4c6 --- /dev/null +++ b/syslog/rsyslog-cli.conf @@ -0,0 +1,93 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +#module(load="imudp") +#input(type="imudp" port="514") + +# provides TCP syslog reception +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* +*.* @192.168.0.40:514 diff --git a/syslog/rsyslog.conf b/syslog/rsyslog.conf new file mode 100644 index 0000000..d3d0755 --- /dev/null +++ b/syslog/rsyslog.conf @@ -0,0 +1,92 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +module(load="imudp") +input(type="imudp" port="514") + +# provides TCP syslog reception +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:*