config refactor
diff --git a/README.rst b/README.rst
index 26ba09f..c66fcb2 100644
--- a/README.rst
+++ b/README.rst
@@ -27,11 +27,42 @@
format:
name: TraditionalFormatWithPRI
template: '"%syslogpriority% %syslogfacility% %timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"'
- file:
- owner: root
- group: root
- createmode: 0640
- umask: 0022
+ logfiles:
+ file:
+ -/var/log/syslog:
+ filter: *.*;auth,authpriv.none
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ /var/log/auth.log:
+ filter: auth,authpriv.*
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ -/var/log/kern.log:
+ filter: kern.*
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ -/var/log/mail.log:
+ filter: mail.*
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ /var/log/mail.err:
+ filter: mail.err
+ owner: syslog
+ group: adm
+ createmode: 0640
+ umask: 0022
+ ":omusrmsg:*":
+ filter: *.emerg
+ "|/dev/xconsole":
+ filter: "daemon.*;mail.*; news.err; *.=debug;*.=info;*.=notice;*.=warn":
Read more
diff --git a/rsyslog/common.sls b/rsyslog/common.sls
index 7c3c506..3611194 100644
--- a/rsyslog/common.sls
+++ b/rsyslog/common.sls
@@ -6,7 +6,7 @@
pkg.latest:
- names: {{ server.pkgs }}
-{{ server.configfile }}:
+/etc/rsyslog.conf:
file.managed:
- source: salt://rsyslog/files/rsyslog.conf.{{ grains.os_family }}
- template: jinja
@@ -14,22 +14,29 @@
- require:
- pkg: rsyslog_packages
+/etc/rsyslog.d/10-default.conf:
+ file.managed:
+ - source: salt://rsyslog/files/10-default.conf
+ - template: jinja
+ - mode: 0640
+ - require:
+ - file: /etc/rsyslog.conf
+
rsyslog_service:
service.running:
- enable: true
- name: rsyslog
- watch:
- - file: {{ server.configfile }}
+ - file: /etc/rsyslog.conf
-{% for logfile in server.logfiles %}
-{{ logfile }}:
+{% for output,type in server.output.file.iteritems() %}
+{{ output }}:
file.managed:
- - mode: {{ server.file.createmode }}
+ - mode: "{{ type['createmode'] }}"
- watch:
- - file: {{ server.configfile }}
+ - file: /etc/rsyslog.conf
- watch_in:
- service: rsyslog_service
{% endfor %}
{%- endif %}
-
diff --git a/rsyslog/files/10-default.conf b/rsyslog/files/10-default.conf
new file mode 100644
index 0000000..db5f45b
--- /dev/null
+++ b/rsyslog/files/10-default.conf
@@ -0,0 +1,8 @@
+{%- from "rsyslog/map.jinja" import client,server with context -%}
+{% for output,type in server.output.file.iteritems() %}
+{{ output['filter'] }} {{ name }}
+$FileOwner: {{ output['owner'] }}
+$FileGroup: {{ output['group'] }}
+$FileCreateMode: "{{ output['createmode'] }}"
+$Umask: "{{ output['umask'] }}"
+{% endfor %}
diff --git a/rsyslog/files/rsyslog.conf.Debian b/rsyslog/files/rsyslog.conf.Debian
index 54a66a3..3611f08 100644
--- a/rsyslog/files/rsyslog.conf.Debian
+++ b/rsyslog/files/rsyslog.conf.Debian
@@ -48,18 +48,13 @@
#
# Set the default permissions for all log files.
#
-{% if client.file.owner is defined %}
-$FileOwner {{ client.file.owner }}
-{% endif %}
-{% if client.file.group is defined %}
-$FileGroup {{ client.file.group }}
-{% endif %}
-{% if client.file.createmode is defined %}
-$FileCreateMode {{ client.file.createmode }}
-{% endif %}
-{% if client.file.umask is defined %}
-$Umask {{ client.file.umask }}
-{% endif %}
+{% for name, values in client.logfiles.iteritems() %}
+{{ values['filter'] }} {{ name }}
+$FileOwner: {{ values['owner'] }}
+$FileGroup: {{ values['group'] }}
+$FileCreateMode: "{{ values['createmode'] }}"
+$Umask: "{{ values['umask'] }}"
+{% endfor %}
$DirCreateMode 0755
$PrivDropToUser syslog
diff --git a/rsyslog/map.jinja b/rsyslog/map.jinja
index 4407bf7..7062f42 100644
--- a/rsyslog/map.jinja
+++ b/rsyslog/map.jinja
@@ -4,29 +4,67 @@
- rsyslog
service:
- rsyslogd
- configfile: /etc/rsyslog.conf
- file:
- owner: syslog
- group: adm
- createmode: 0640
- umask: 0022
- logfiles:
- - /var/log/auth.log
- - /var/log/syslog
- - /var/log/kern.log
- - /var/log/mail.log
- - /var/log/mail.err
+ output:
+ file:
+ /var/log/syslog:
+ sync: false
+ filter: "*.*;auth,authpriv.none"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/auth:
+ sync: true
+ filter: "auth,authpriv.*"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/kern:
+ sync: false
+ filter: "kern.*"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/mail.log:
+ sync: false
+ filter: "mail.*"
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ /var/log/mail.err:
+ action: /var/log/mail.err
+ filter: mail.err
+ owner: syslog
+ group: adm
+ createmode: "0640"
+ umask: "0022"
+ enable: true
+ console:
+ wall:
+ action: ":omusrmsg:*"
+ filter: "*.emerg"
+ enable: true
+ xconsole:
+ action: "|/dev/xconsole"
+ filter: "daemon.*;mail.*; news.err; *.=debug;*.=info;*.=notice;*.=warn"
+ enable: true
RedHat:
pkgs:
- rsyslog
service:
- rsyslogd
- configfile: /etc/rsyslog.conf
file:
owner: root
group: root
- createmode: 0640
- umask: 0000
+ createmode: "0640"
+ umask: "0000"
logfiles:
- /var/log/messages
- /var/log/secure