====== Rsyslog (Soluzioni) ====== ===== Esercizio 1 =====



cat > /etc/rsyslog.d/esercizio-1.conf <<'EOT'

$template tpl01,"/var/log/%timestamp:::date-year%/%programname%/%timestamp:::date-year%-%timestamp:::date-month%-%timestamp:::date-day%.log"
*.*       ?tpl01

EOT

systemctl restart rsyslog

===== Esercizio 2 =====



cat > /etc/rsyslog.d/esercizio-2.conf <<'EOT'

:msg, contains, "importante" /var/log/all-errors

*.err /var/log/all-errors

EOT

systemctl restart rsyslog


logger -p info questo_log

logger -p crit questo_log

logger -p crit importante_questo_log

tail /var/log/all-errors

===== Esercizio 3 ===== Sul server:



cat > /etc/rsyslog.d/esercizio-3.conf <<'EOT'

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$template tplremote,"/var/log/%timestamp:::date-year%/%HOSTNAME%/%programname%/%timestamp:::date-year%-%timestamp:::date-month%-%timestamp:::date-day%.log"
*.*       ?tplremote

EOT

systemctl restart rsyslog


ss -lntup | grep rsyslog

udp    UNCONN     0      0         *:514                   *:*                   users:(("rsyslogd",pid=1139,fd=3))
udp    UNCONN     0      0        :::514                  :::*                   users:(("rsyslogd",pid=1139,fd=4))
tcp    LISTEN     0      25        *:514                   *:*                   users:(("rsyslogd",pid=1139,fd=5))
tcp    LISTEN     0      25       :::514                  :::*                   users:(("rsyslogd",pid=1139,fd=6))

Sul client:



cat > /etc/rsyslog.d/esercizio-3.conf <<'EOT'
*.* @@DESTINAZIONE
EOT
systemctl restart rsyslog

===== Esercizio 4 ===== Su server e client: yum install rsyslog-relp Su server:


cat > /etc/rsyslog.d/esercizio-4.conf <<'EOT'
$ModLoad imrelp              # Load the input module
$InputRELPServerRun 20514    # Set the port to 20514
EOT

systemctl restart rsyslog

Su client:


/bin/rm /etc/rsyslog.d/esercizio-3.conf

cat > /etc/rsyslog.d/esercizio-4.conf <<'EOT'
$ModLoad omrelp
*.* :omrelp:DESTINAZIONE:20514;RSYSLOG_ForwardFormat
EOT

systemctl restart rsyslog

logger -p info prova

su server: systemctl stop rsyslog su client: logger -p info prova_server_spento su server: tail -f /var/log/remote & systemctl start rsyslog su client logger -p info prova_server_acceso ===== Esercizio 5 =====



cat > /tmp/wall-line.sh <<'EOT'
#!/bin/bash
while read line; do
  wall "$line"
done
EOT
chmod +x /tmp/wall-line.sh

cat > /etc/rsyslog.d/esercizio-5.conf <<'EOT'
 
module(load="omprog")
 
if ($msg contains "mondo") then {
  action(type="omprog" binary="/tmp/wall-line.sh")
}
 
EOT