Merge pull request #1 from elemoine/rework
Rework of the rsyslog formula
diff --git a/_modules/rsyslog_util.py b/_modules/rsyslog_util.py
new file mode 100644
index 0000000..d58a1c4
--- /dev/null
+++ b/_modules/rsyslog_util.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+
+import os
+
+
+def syslog_file_match(output):
+ """
+ Return patterns to be used in logstreamer file_match config params.
+
+ For example the function may return this dict:
+
+ {
+ "/var/log": "kern\.log|auth\.log|syslog|mail\.log|mail\.err"
+ }
+ """
+ file_match = {}
+ for name, config in output.get('file', {}).items():
+ if not config.get('enabled', False):
+ continue
+ logdir = os.path.dirname(name)
+ pattern = os.path.basename(name).replace('.', '\.')
+ if logdir in file_match:
+ file_match[logdir] = file_match[logdir] + '|' + pattern
+ else:
+ file_match[logdir] = pattern
+ return file_match
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index c86acaf..d2dcf1d 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -1,5 +1,7 @@
applications:
- rsyslog
+classes:
+- service.rsyslog.support
parameters:
rsyslog:
client:
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
new file mode 100644
index 0000000..05eaa61
--- /dev/null
+++ b/metadata/service/support.yml
@@ -0,0 +1,13 @@
+parameters:
+ rsyslog:
+ _support:
+ collectd:
+ enabled: false
+ heka:
+ enabled: true
+ sensu:
+ enabled: false
+ sphinx:
+ enabled: false
+ grafana:
+ enabled: false
diff --git a/rsyslog/common.sls b/rsyslog/common.sls
index 1fdadd4..3cbb2ac 100644
--- a/rsyslog/common.sls
+++ b/rsyslog/common.sls
@@ -14,14 +14,10 @@
- require:
- pkg: rsyslog_packages
-/etc/rsyslog.d:
- file.directory:
- - mode: 0755
+/etc/rsyslog.d/50-default.conf:
+ file.absent:
- require:
- - pkg: rsyslog_packages
- {% if global.purge_rsyslog_d is defined and global.purge_rsyslog_d == true %}
- - clean: true
- {% endif %}
+ - pkgs: rsyslog_packages
rsyslog_service:
service.running:
diff --git a/rsyslog/files/rsyslog.default.conf b/rsyslog/files/rsyslog.default.conf
index e1237a5..edc2fca 100644
--- a/rsyslog/files/rsyslog.default.conf
+++ b/rsyslog/files/rsyslog.default.conf
@@ -33,14 +33,14 @@
$IncludeConfig {{ global.rsyslog_d }}/*.conf
{% if global.format is defined -%}
-$template {{ global.format.name }},{{ global.format.template }}
+$Template {{ global.format.name }}, "{{ global.format.template }}"
$ActionFileDefaultTemplate {{ global.format.name }}
{% else -%}
$template RSYSLOG_TraditionalFileFormat
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
{% endif -%}
-{% for name,config in global.output.file.iteritems() -%}
+{% for name,config in global.output.file.iteritems() if config.get('enabled', False) %}
{% if config.owner is defined -%}
$FileOwner {{ config['owner'] }}
{% endif -%}
@@ -54,16 +54,16 @@
$Umask {{ config['umask'] }}
{% endif -%}
{{ config['filter'] }} {% if config.sync == true %}-{% endif %}{{ name }}
-{% endfor %}
+{% endfor -%}
-{% if global.output.console is defined -%}
-{% for name,config in global.output.console.iteritems() -%}
+{% if global.output.console is defined %}
+{% for name,config in global.output.console.iteritems() if config.get('enabled', False) -%}
{{ config['filter'] }} {{ config['action'] }}
-{% endfor %}
+{% endfor -%}
{% endif -%}
-{% if global.output.remote is defined -%}
-{% for name,config in global.output.remote.iteritems() -%}
+{% if global.output.remote is defined %}
+{% for name,config in global.output.remote.iteritems() if config.get('enabled', False) -%}
{{ config['filter'] }} {{ config['action'] }}
-{% endfor %}
-{% endif %}
+{% endfor -%}
+{% endif -%}
diff --git a/rsyslog/files/sensu.conf b/rsyslog/files/sensu.conf
deleted file mode 100644
index 2d58191..0000000
--- a/rsyslog/files/sensu.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-local_rsyslog_proc:
- command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -C rsyslogd -u syslog -c 1:1"
- interval: 60
- occurrences: 1
- subscribers:
- - local-rsyslog-server
diff --git a/rsyslog/map.jinja b/rsyslog/map.jinja
index 7d4b18d..a322661 100644
--- a/rsyslog/map.jinja
+++ b/rsyslog/map.jinja
@@ -10,7 +10,6 @@
preserve_fqdn: false
non_kernel_facility: true
msg_reduction: true
- purge_rsyslog_d: true
manage_file_perms: true
perm_dir: "0755"
run_user: syslog
@@ -19,6 +18,9 @@
modules:
- imuxsock
- imklog
+ format:
+ name: Rfc3164Log
+ template: '<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n'
output:
file:
/var/log/syslog:
@@ -28,23 +30,23 @@
group: adm
createmode: "0640"
umask: "0022"
- enable: true
- /var/log/auth:
+ enabled: true
+ /var/log/auth.log:
sync: true
filter: "auth,authpriv.*"
owner: syslog
group: adm
createmode: "0640"
umask: "0022"
- enable: true
- /var/log/kern:
+ enabled: true
+ /var/log/kern.log:
sync: false
filter: "kern.*"
owner: syslog
group: adm
createmode: "0640"
umask: "0022"
- enable: true
+ enabled: true
/var/log/mail.log:
sync: false
filter: "mail.*"
@@ -52,7 +54,7 @@
group: adm
createmode: "0640"
umask: "0022"
- enable: true
+ enabled: true
/var/log/mail.err:
sync: false
action: /var/log/mail.err
@@ -61,21 +63,21 @@
group: adm
createmode: "0640"
umask: "0022"
- enable: true
+ enabled: true
console:
wall:
action: ":omusrmsg:*"
filter: "*.emerg"
- enable: true
+ enabled: true
xconsole:
action: "|/dev/xconsole"
filter: "daemon.*;mail.*;news.err;*.=debug;*.=info;*.=notice;*.=warn"
- enable: true
+ enabled: false
remote:
somehost.domain:
action: "@@remote-host:514"
filter: "*.*"
- enable: false
+ enabled: false
RedHat:
pkgs:
- rsyslog
@@ -95,6 +97,9 @@
modules:
- imjournal
- imuxsock
+ format:
+ name: Rfc3164Log
+ template: '<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\n'
output:
file:
/var/log/messages:
@@ -104,41 +109,41 @@
group: root
createmode: "0600"
umask: "0000"
- enable: true
+ enabled: true
/var/log/secure:
sync: true
filter: "authpriv.*"
owner: root
group: root
createmode: "0600"
- enable: true
+ enabled: true
/var/log/maillog:
sync: true
filter: "mail.*"
owner: root
group: root
createmode: "0600"
- enable: true
+ enabled: true
/var/log/cron:
sync: true
filter: "cron.*"
owner: root
group: root
createmode: "0600"
- enable: true
+ enabled: true
/var/log/spooler:
sync: true
filter: "uucp,news.crit"
owner: root
group: root
createmode: "0600"
- enable: true
+ enabled: true
/var/log/boot.log:
sync: false
filter: "local7.*"
owner: root
group: root
createmode: "0600"
- enable: true
+ enabled: true
{%- endload %}
{%- set global = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('rsyslog:client')) %}
diff --git a/rsyslog/meta/heka.yml b/rsyslog/meta/heka.yml
new file mode 100644
index 0000000..899b624
--- /dev/null
+++ b/rsyslog/meta/heka.yml
@@ -0,0 +1,47 @@
+{%- from "rsyslog/map.jinja" import global with context %}
+log_collector:
+ decoder:
+ syslog:
+ engine: sandbox
+ module_file: /usr/share/lma_collector/decoders/generic_syslog.lua
+ module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules
+ adjust_timezone: true
+ config:
+ {%- if global.format is defined %}
+ syslog_pattern: '{{ global.format.template }}'
+ fallback_syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n'
+ {%- else %}
+ syslog_pattern: '%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n'
+ {%- endif %}
+ input:
+ {%- set file_match = salt['rsyslog_util.syslog_file_match'](global.output) %}
+ {%- if file_match|length > 0 %}
+ {%- for logdir, pattern in file_match.iteritems() %}
+ syslog{{ logdir.replace('/', '_') }}:
+ engine: logstreamer
+ log_directory: "{{ logdir }}"
+ file_match: '(?P<Service>{{ pattern }})'
+ differentiator: [ 'system.', 'Service' ]
+ decoder: "syslog_decoder"
+ splitter: "TokenSplitter"
+ {%- endfor %}
+ {%- endif %}
+ syslog_haproxy:
+ engine: logstreamer
+ log_directory: "/var/log"
+ file_match: 'haproxy\.log'
+ differentiator: [ 'system.', 'haproxy' ]
+ decoder: "syslog_decoder"
+ splitter: "TokenSplitter"
+ filter:
+ hdd_errors:
+ engine: sandbox
+ module_file: /usr/share/lma_collector/filters/hdd_errors_counter.lua
+ module_dir: /usr/share/lma_collector/common;/usr/share/heka/lua_modules
+ preserve_data: false
+ message_matcher: "Type == 'log' && Logger == 'system.kern'"
+ ticker_interval: 10
+ config:
+ grace_interval: 10
+ patterns: "/error%s.+([sv]d[a-z][a-z]?)%d?/ /([sv]d[a-z][a-z]?)%d?.+%serror/"
+ hostname: '{{ grains.host }}'