voxpupuli / puppet-augeasproviders_syslog Goto Github PK

Augeas-based syslog type and providers for Puppet

License: Apache License 2.0

Shell 2.06% Ruby 97.94%

augeas augeasproviders puppet puppet-module puppet-resources configuration configuration-management configuration-files syslog rsyslog

puppet-augeasproviders_syslog's Introduction

syslog: types/providers for syslog files for Puppet

Features

This module provides new types/providers for Puppet to read and modify syslog config files using the Augeas configuration library.

The advantage of using Augeas over the default Puppet parsedfile implementations is that Augeas will go to great lengths to preserve file formatting and comments, while also failing safely when needed.

This provider will hide all of the Augeas commands etc., you don't need to know anything about Augeas to make use of it.

Requirements

Ensure both Augeas and ruby-augeas 0.3.0+ bindings are installed and working as normal.

See Puppet/Augeas pre-requisites.

Installing

On Puppet 2.7.14+, the module can be installed easily (documentation):

puppet module install herculesteam/augeasproviders_syslog

You may see an error similar to this on Puppet 2.x (#13858):

Error 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type `syslog` at ...

Ensure the module is present in your puppetmaster's own environment (it doesn't have to use it) and that the master has pluginsync enabled. Run the agent on the puppetmaster to cause the custom types to be synced to its local libdir (puppet master --configprint libdir) and then restart the puppetmaster so it loads them.

Compatibility

Puppet versions

Minimum of Puppet 2.7.

Augeas versions

Augeas Versions	0.10.0	1.0.0	1.1.0	1.2.0
PROVIDERS
syslog (augeas)	yes	yes	yes	yes
syslog (rsyslog)	no	yes	yes	yes
rsyslog_filter (augeas)	no	yes	yes	yes

Documentation and examples

Type documentation can be generated with puppet doc -r type or viewed on the Puppet Forge page.

A syslog provider handles basic syslog configs, while an rsyslog provider handles the extended rsyslog config (this requires Augeas 1.0.0).

manage entry

syslog { "my test":
  ensure      => present,
  facility    => "local2",
  level       => "*",
  action_type => "file",
  action      => "/var/log/test.log",
}

manage entry with no file sync

syslog { "cron.*":
  ensure      => present,
  facility    => "cron",
  level       => "*",
  action_type => "file",
  action      => "/var/log/cron",
  no_sync     => true,
}

manage remote hostname entry

syslog { "my test":
  ensure      => present,
  facility    => "local2",
  level       => "*",
  action_type => "hostname",
  action      => "centralserver",
}

manage remote hostname entry with port and protocol

syslog { "my test":
  ensure          => present,
  facility        => "local2",
  level           => "*",
  action_type     => "hostname",
  action_port     => "514",
  action_protocol => "tcp",
  action          => "centralserver",
}

manage user destination entry

syslog { "my test":
  ensure      => present,
  facility    => "local2",
  level       => "*",
  action_type => "user",
  action      => "root",
}

manage program entry

syslog { "my test":
  ensure      => present,
  facility    => "local2",
  level       => "*",
  action_type => "program",
  action      => "/usr/bin/foo",
}

delete entry

syslog { "mail.*":
  ensure      => absent,
  facility    => "mail",
  level       => "*",
  action_type => "file",
  action      => "/var/log/maillog",
}

manage entry in rsyslog

syslog { "my test":
  ensure      => present,
  facility    => "local2",
  level       => "*",
  action_type => "file",
  action      => "/var/log/test.log",
  provider    => "rsyslog",
}

manage entry in another syslog location

syslog { "my test":
  ensure      => present,
  facility    => "local2",
  level       => "*",
  action_type => "file",
  action      => "/var/log/test.log",
  target      => "/etc/mysyslog.conf",
}

Issues

Please file any issues or suggestions on GitHub.

Supported OS

See metadata.json for supported OS versions.

Dependencies

See metadata.json for dependencies.

Puppet

The supported Puppet versions are listed in the metadata.json

REFERENCES

Please see REFERENCE.md for more details.

Contributing

Please report bugs and feature request using GitHub issue tracker.

For pull requests, it is very much appreciated to check your Puppet manifest with puppet-lint to follow the recommended Puppet style guidelines from the Puppet Labs style guide.

Transfer Notice

This plugin was originally authored by Hercules Team. The maintainer preferred that Puppet Community take ownership of the module for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here instead of Hercules Team.

puppet-augeasproviders_syslog's People

Contributors

Stargazers

Watchers

Forkers

dsi-ville-noumea trevor-viljoen flyinbutrs zilchms statenspensjonskasse

puppet-augeasproviders_syslog's Issues

Can this be updated to work on Puppet 4.10

Using Puppet agent 4.10, the augeas errors out with:
Could not evaluate: Failed to save Augeas tree to file. See debug logs for details.

The exact same manifest works for 3.8.6

module isn't compatible with solaris syslog

Hi,

Could you add support for Solaris syslog configuration, please?
I assume current module doesn't like this constructs:

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *
)

when trying to apply this resource:

syslog { 'local0':
  ensure      => present,
  facility    => 'local0',
  level       => 'info',
  action_type => 'file',
  action      => '/var/log/local0.log',
  target      => '/etc/syslog.conf',
  provider    => 'augeas',
}

I get an error:

Error: /Stage[main]/Main/Syslog[local0]: Could not evaluate: Augeas didn't load /etc/syslog.conf with Syslog.lns: Get did not match entire input (line:24, character:0)

Thank you

Could not evaluate: Augeas didn't load /etc/rsyslog.conf with Rsyslog.lns

I'm using Debian 7 and have this error with default augeas Debian packages :

Could not evaluate: Augeas didn't load /etc/rsyslog.conf with Rsyslog.lns

Package versions :
augeas-lenses 0.10.0-1
libaugeas-ruby 0.4.1-1.1
libaugeas-ruby1.9.1 0.4.1-1.1
libaugeas0 0.10.0-1

If I upgrade to wheezy-backports packages :
augeas-lenses 1.2.0-0.2+deb8u1bpo70+1
libaugeas-ruby 0.5.0-2bpo70+1
libaugeas-ruby1.9.1 0.5.0-2bpo70+1
libaugeas0 1.2.0-0.2+deb8u1bpo70+1
ruby-augeas 0.5.0-2~bpo70+1

I have this error message :

err: /Stage[main]/Syslog::Central_server/Syslog[central server]/ensure: change from absent to present failed: Could not set 'present on ensure: Failed to save Augeas tree to file. See debug logs for details. at /etc/puppet/environments/production/modules/syslog/manifests/central_server.pp:27

Also, I have other augeas errors related to other puppet modules.

Content of central_server.pp :

class syslog::central_server {

  syslog { "central server":
    ensure      => present,
    facility    => "local2",
    level       => "*",
    action_type => "hostname",
    action      => "myserver.local",
    provider    => "rsyslog",
  }

}

I don't know how to solve and if it's related to your code. Maybe just a Debian problem..
Any help would be greatly appreciated.

thank you.

Renewing Puppet Forge Approved Status

Hey hercules-team,

Here at puppetlabs, we are currently going through all of our Approved modules on the Puppet Forge. We have some feedback for your module if you would be interested in retaining the approved status. If you are keen on keeping your approved status please ensure you respond as soon as you possibly can.

Many Thanks,
The Puppet Approvals Committee.

syslog-ng

Any chance of you all extending this for syslog-ng? Below is a slightly redacted version of what our config file on our central log server looks like just for reference.

[genebean@myLogServer ~]$ cat /etc/syslog-ng/syslog-ng.conf
@version:3.2

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
        perm (0640);
        group (logs);
        dir_group (logs);
        dir_perm (0750);

        flush_lines (1);
        time_reopen (10);
        log_fifo_size (4096);
#       long_hostnames (on);
        keep_hostname(no);
        chain_hostnames(no);
        stats_freq(3600);

        use_dns (yes);
        use_fqdn (yes);
        create_dirs (yes);
#       keep_hostname (yes);
};

source s_sys {
        file ("/proc/kmsg" program_override("kernel: "));
        unix-stream ("/dev/log");
        internal();
        # udp(ip(0.0.0.0) port(514));
};

source udpnet {
        udp();
};

destination smaug {
        udp("smaug.example.edu" template("<166>$DATE $HOST $MSGHDR$MSG\n") template_escape(no));
};

destination audiblemeh {
        udp("160.10.38.9");
};
destination local_sys {
        file("/remotelogs/servers/$HOST/$DAY/syslog.$HOUR");
};

destination remote_sys {
        file("/remotelogs/servers/$HOST/$DAY/syslog.$HOUR");
};

destination d_dhcpd {
        file("/remotelogs/filters/dhcpd/$DAY/dhcpd.$HOUR");
};

destination d_maconport {
        file("/remotelogs/filters/maconport/$DAY/maconport.$HOUR");
};

destination d_EAP_SUCCESS {
        file("/remotelogs/filters/EAP_SUCCESS/$DAY/EAP_SUCCESS.$HOUR");
};

destination d_usg_kdev {
        file("/remotelogs/filters/usg_kdev/$DAY/usg_kdev.$HOUR");
};

destination d_usg_xprod {
        file("/remotelogs/filters/usg_xprod/$DAY/usg_xprod.$HOUR");
};

destination d_fail2ban {
        file("/remotelogs/filters/fail2ban/$DAY/fail2ban.$HOUR");
};

filter f_maconport {
         message("added on port");
};

filter f_EAP_SUCCESS {
        message("DOT11-6-EAP_SUCCESS");
};

filter f_dhcpd {
        program("dhcpd");
};

filter f_usg_kdev {
        message("10.24.136.16[0-3]");
};

filter f_usg_xprod {
        message("10\.24\.96\.([7-9][0-9]|1(0[0-9]|1[0-8]))");
};

filter f_fail2ban.actions {
        program("fail2ban.actions");
};

log {
        source(s_sys);
        destination(local_sys);
};

# hosts
log {
        source(udpnet);
        destination(remote_sys);
};

# filtered logs
#
# filtered dhcpd
log {
        source(udpnet);
        filter(f_dhcpd);
        destination(d_dhcpd);
        destination(smaug);
};

log {
        source(udpnet);
        filter(f_EAP_SUCCESS);
        destination(d_EAP_SUCCESS);
};

log {
        source(udpnet);
        filter(f_EAP_SUCCESS);
        destination(audiblemeh);
};

log {
        source(udpnet);
        filter(f_maconport);
        destination(d_maconport);
};

log {
        source(udpnet);
        filter(f_usg_kdev);
        destination(d_usg_kdev);
};

log {
        source(udpnet);
        filter(f_usg_xprod);
        destination(d_usg_xprod);
};

log {
        source(udpnet);
        filter(f_fail2ban.actions);
        destination(d_fail2ban);
};

Is the 'augeas' submodule needed?

Hi All,

I noticed that some of the augeasproviders_* modules checkout 'augeas' as submodule, is this required?
The augeas repository pulls in .gnulib which is rather large, especially if it gets pulled in a few times.

Augeas didn't load /etc/rsyslog.conf with Rsyslog.lns from /var/lib/puppet/lib/augeas/lenses: Get did not match entire input (line:40, character:0)

I am getting errors on ubuntu 14.04 LTS trying to edit rsyslog...

augtool> ls /augeas/files/etc/rsyslog.conf/error/
pos = 966
line = 40
char = 0
lens = /usr/share/augeas/lenses/dist/rsyslog.aug:45.10-.57:
message = Get did not match entire input

The line that it's choking on is this:

*.* @@127.0.0.1:1514;RSYSLOG_FileFormat

With context:

# Filter duplicated messages
$RepeatedMsgReduction on
*.* @@127.0.0.1:1514;RSYSLOG_FileFormat

Any ideas? ~~To my knowledge, this is a package default file.~~

EDIT: This line is not stock, it's added for according to Alertlogic's documentation, which lists exactly that line.