====== Rsyslog (Soluzioni) ======
===== Esercizio 1 =====
cat > /etc/rsyslog.d/esercizio-1.conf <<'EOT'
$template tpl01,"/var/log/%timestamp:::date-year%/%programname%/%timestamp:::date-year%-%timestamp:::date-month%-%timestamp:::date-day%.log"
*.* ?tpl01
EOT
systemctl restart rsyslog
===== Esercizio 2 =====
cat > /etc/rsyslog.d/esercizio-2.conf <<'EOT'
:msg, contains, "importante" /var/log/all-errors
*.err /var/log/all-errors
EOT
systemctl restart rsyslog
logger -p info questo_log
logger -p crit questo_log
logger -p crit importante_questo_log
tail /var/log/all-errors
===== Esercizio 3 =====
Sul server:
cat > /etc/rsyslog.d/esercizio-3.conf <<'EOT'
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
$template tplremote,"/var/log/%timestamp:::date-year%/%HOSTNAME%/%programname%/%timestamp:::date-year%-%timestamp:::date-month%-%timestamp:::date-day%.log"
*.* ?tplremote
EOT
systemctl restart rsyslog
ss -lntup | grep rsyslog
udp UNCONN 0 0 *:514 *:* users:(("rsyslogd",pid=1139,fd=3))
udp UNCONN 0 0 :::514 :::* users:(("rsyslogd",pid=1139,fd=4))
tcp LISTEN 0 25 *:514 *:* users:(("rsyslogd",pid=1139,fd=5))
tcp LISTEN 0 25 :::514 :::* users:(("rsyslogd",pid=1139,fd=6))
Sul client:
cat > /etc/rsyslog.d/esercizio-3.conf <<'EOT'
*.* @@DESTINAZIONE
EOT
systemctl restart rsyslog
===== Esercizio 4 =====
Su server e client:
yum install rsyslog-relp
Su server:
cat > /etc/rsyslog.d/esercizio-4.conf <<'EOT'
$ModLoad imrelp # Load the input module
$InputRELPServerRun 20514 # Set the port to 20514
EOT
systemctl restart rsyslog
Su client:
/bin/rm /etc/rsyslog.d/esercizio-3.conf
cat > /etc/rsyslog.d/esercizio-4.conf <<'EOT'
$ModLoad omrelp
*.* :omrelp:DESTINAZIONE:20514;RSYSLOG_ForwardFormat
EOT
systemctl restart rsyslog
logger -p info prova
su server:
systemctl stop rsyslog
su client:
logger -p info prova_server_spento
su server:
tail -f /var/log/remote &
systemctl start rsyslog
su client
logger -p info prova_server_acceso
===== Esercizio 5 =====
cat > /tmp/wall-line.sh <<'EOT'
#!/bin/bash
while read line; do
wall "$line"
done
EOT
chmod +x /tmp/wall-line.sh
cat > /etc/rsyslog.d/esercizio-5.conf <<'EOT'
module(load="omprog")
if ($msg contains "mondo") then {
action(type="omprog" binary="/tmp/wall-line.sh")
}
EOT