From ba7d2a3c522c4c9a21efa791aa328488f8d24b29 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@profitbricks.com>
Date: Wed, 30 Dec 2015 13:32:23 +0100
Subject: [PATCH] Current state

---
 .etckeeper                                    |  7 ++
 config-archive/etc/logrotate.d/rsyslog        | 74 +++++++++++++++
 .../etc/logrotate.d/rsyslog.dist.new          | 37 ++++++++
 config-archive/etc/rsyslog.conf               | 72 ++++++++++++++
 config-archive/etc/rsyslog.conf.dist.new      | 61 ++++++++++++
 config-archive/etc/rsyslog.d/50-default.conf  | 95 +++++++++++++++++++
 .../etc/rsyslog.d/50-default.conf.dist.new    | 95 +++++++++++++++++++
 7 files changed, 441 insertions(+)
 create mode 100644 config-archive/etc/logrotate.d/rsyslog
 create mode 100644 config-archive/etc/logrotate.d/rsyslog.dist.new
 create mode 100644 config-archive/etc/rsyslog.conf
 create mode 100644 config-archive/etc/rsyslog.conf.dist.new
 create mode 100644 config-archive/etc/rsyslog.d/50-default.conf
 create mode 100644 config-archive/etc/rsyslog.d/50-default.conf.dist.new

diff --git a/.etckeeper b/.etckeeper
index 0fbbaff..30fea6d 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -251,6 +251,8 @@ maybe chmod 0644 'config-archive/etc/locale.gen.dist'
 maybe chmod 0644 'config-archive/etc/logrotate.conf'
 maybe chmod 0644 'config-archive/etc/logrotate.conf.dist.new'
 maybe chmod 0755 'config-archive/etc/logrotate.d'
+maybe chmod 0644 'config-archive/etc/logrotate.d/rsyslog'
+maybe chmod 0644 'config-archive/etc/logrotate.d/rsyslog.dist.new'
 maybe chmod 0644 'config-archive/etc/logrotate.d/syslog-ng'
 maybe chmod 0644 'config-archive/etc/logrotate.d/syslog-ng.dist.new'
 maybe chmod 0755 'config-archive/etc/lvm'
@@ -295,6 +297,11 @@ maybe chmod 0644 'config-archive/etc/rc.conf.4'
 maybe chmod 0644 'config-archive/etc/rc.conf.5'
 maybe chmod 0644 'config-archive/etc/rc.conf.6'
 maybe chmod 0644 'config-archive/etc/rc.conf.dist'
+maybe chmod 0644 'config-archive/etc/rsyslog.conf'
+maybe chmod 0644 'config-archive/etc/rsyslog.conf.dist.new'
+maybe chmod 0755 'config-archive/etc/rsyslog.d'
+maybe chmod 0644 'config-archive/etc/rsyslog.d/50-default.conf'
+maybe chmod 0644 'config-archive/etc/rsyslog.d/50-default.conf.dist.new'
 maybe chmod 0755 'config-archive/etc/salt'
 maybe chmod 0644 'config-archive/etc/salt/master'
 maybe chmod 0644 'config-archive/etc/salt/master.1'
diff --git a/config-archive/etc/logrotate.d/rsyslog b/config-archive/etc/logrotate.d/rsyslog
new file mode 100644
index 0000000..666742f
--- /dev/null
+++ b/config-archive/etc/logrotate.d/rsyslog
@@ -0,0 +1,74 @@
+# Uncomment the following directive if you have re-enabled
+# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
+#/var/log/syslog
+#{
+#	rotate 7
+#	daily
+#	missingok
+#	notifempty
+#	delaycompress
+#	compress
+#	postrotate
+#		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+#	endscript
+#}
+
+#/var/log/auth.log
+#/var/log/cron.log
+#/var/log/daemon.log
+#/var/log/kern.log
+#/var/log/lpr.log
+#/var/log/mail.log
+#/var/log/news.log
+#/var/log/user.log
+#/var/log/debug.log
+#/var/log/messages
+#{
+#	rotate 4
+#	weekly
+#	missingok
+#	notifempty
+#	compress
+#	delaycompress
+#	sharedscripts
+#	postrotate
+#		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+#	endscript
+#}
+
+/var/log/messages /var/log/syslog {
+    daily
+    missingok
+    olddir /var/log/.old
+    size 1024K
+	sharedscripts
+	postrotate
+		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+	endscript
+}
+
+/var/log/syslog.d/*.log {
+    daily
+    missingok
+    olddir /var/log/syslog.d/.old
+    size 1024K
+    maxage 1y
+	sharedscripts
+	postrotate
+		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+	endscript
+}
+
+/var/log/debug.log /var/log/debug /var/log/all /var/log/all.log {
+    daily
+    missingok
+    olddir /var/log/.old
+    size 4M
+    maxage 6m
+	sharedscripts
+	postrotate
+		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+	endscript
+}
+
+
diff --git a/config-archive/etc/logrotate.d/rsyslog.dist.new b/config-archive/etc/logrotate.d/rsyslog.dist.new
new file mode 100644
index 0000000..1eae30e
--- /dev/null
+++ b/config-archive/etc/logrotate.d/rsyslog.dist.new
@@ -0,0 +1,37 @@
+# Uncomment the following directive if you have re-enabled
+# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
+#/var/log/syslog
+#{
+#	rotate 7
+#	daily
+#	missingok
+#	notifempty
+#	delaycompress
+#	compress
+#	postrotate
+#		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+#	endscript
+#}
+
+/var/log/auth.log
+/var/log/cron.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/lpr.log
+/var/log/mail.log
+/var/log/news.log
+/var/log/user.log
+/var/log/debug.log
+/var/log/messages
+{
+	rotate 4
+	weekly
+	missingok
+	notifempty
+	compress
+	delaycompress
+	sharedscripts
+	postrotate
+		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+	endscript
+}
diff --git a/config-archive/etc/rsyslog.conf b/config-archive/etc/rsyslog.conf
new file mode 100644
index 0000000..4de4ccb
--- /dev/null
+++ b/config-archive/etc/rsyslog.conf
@@ -0,0 +1,72 @@
+# /etc/rsyslog.conf
+# 
+# This configuration is based on RainerScript, the new recommended syntax
+# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
+# details.
+# 
+# But if you don't want to learn something new at moment, don't worry: The
+# legacy syntax is still supported.
+# 
+# You may want to use the new RSYSLOG configuration builder to create your
+# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/
+
+# Check config syntax on startup and abort if unclean (default: off)
+$AbortOnUncleanConfig on
+
+
+###############
+### MODULES ###
+###############
+
+# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
+module(load="imuxsock")
+
+# Read messages from the kernel log and submits them to the syslog engine
+module(load="imklog")
+
+# Inject "--MARK--" messages every $Interval (seconds)
+module(load="immark" Interval="3600")
+
+# Read syslog messages from UDP
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# Read syslog messages from TCP
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+module(load="impstats"
+       interval="43200"
+       severity="7"
+       log.syslog="off"
+       /* need to turn log stream logging off! */
+       log.file="/var/log/syslog.d/stats.log")
+
+
+#########################
+### GLOBAL DIRECTIVES ###
+#########################
+
+# Where to place spool and state files
+$WorkDirectory /var/spool/rsyslog
+
+# Reduce repeating messages (default: off)
+#$RepeatedMsgReduction on
+
+# Set defaults for every output file
+$Umask 0022
+
+module(
+	load="builtin:omfile"
+	Template="RSYSLOG_FileFormat"
+	FileCreateMode="0644"
+	DirCreateMode="0755"
+    fileOwnerNum="0"
+    fileGroupNum="0"
+    dirOwnerNum="0"
+    dirGroupNum="0"
+)
+
+
+# Include all conf files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
diff --git a/config-archive/etc/rsyslog.conf.dist.new b/config-archive/etc/rsyslog.conf.dist.new
new file mode 100644
index 0000000..da48459
--- /dev/null
+++ b/config-archive/etc/rsyslog.conf.dist.new
@@ -0,0 +1,61 @@
+# /etc/rsyslog.conf
+# 
+# This configuration is based on RainerScript, the new recommended syntax
+# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
+# details.
+# 
+# But if you don't want to learn something new at moment, don't worry: The
+# legacy syntax is still supported.
+# 
+# You may want to use the new RSYSLOG configuration builder to create your
+# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/
+
+# Check config syntax on startup and abort if unclean (default: off)
+#$AbortOnUncleanConfig on
+
+
+###############
+### MODULES ###
+###############
+
+# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
+module(load="imuxsock")
+
+# Read messages from the kernel log and submits them to the syslog engine
+module(load="imklog")
+
+# Inject "--MARK--" messages every $Interval (seconds)
+#module(load="immark" Interval="600")
+
+# Read syslog messages from UDP
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# Read syslog messages from TCP
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+#########################
+### GLOBAL DIRECTIVES ###
+#########################
+
+# Where to place spool and state files
+$WorkDirectory /var/spool/rsyslog
+
+# Reduce repeating messages (default: off)
+#$RepeatedMsgReduction on
+
+# Set defaults for every output file
+$Umask 0022
+
+module(
+	load="builtin:omfile"
+	Template="RSYSLOG_TraditionalFileFormat"
+	FileCreateMode="0644"
+	DirCreateMode="0755"
+)
+
+
+# Include all conf files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
diff --git a/config-archive/etc/rsyslog.d/50-default.conf b/config-archive/etc/rsyslog.d/50-default.conf
new file mode 100644
index 0000000..c05ff4c
--- /dev/null
+++ b/config-archive/etc/rsyslog.d/50-default.conf
@@ -0,0 +1,95 @@
+#######################
+### DEFAULT ACTIONS ###
+#######################
+
+#auth,authpriv.* action(
+#	type="omfile"
+#	File="/var/log/auth.log"
+#	FileCreateMode="0600"
+#	FileOwner="root"
+#	FileGroup="adm"
+#	Sync="off"
+#)
+
+#cron.* action(
+#	type="omfile"
+#	File="/var/log/cron.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+#daemon.* action(
+#	type="omfile"
+#	File="/var/log/daemon.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+#kern.* action(
+#	type="omfile"
+#	File="/var/log/kern.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+#lpr.* action(
+#	type="omfile"
+#	File="/var/log/lpr.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+#mail.* action(
+#	type="omfile"
+#	File="/var/log/mail.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+#news.* action(
+#	type="omfile"
+#	File="/var/log/news.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+#user.* action(
+#	type="omfile"
+#	File="/var/log/user.log"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+*.=debug;auth,authpriv,news,mail.none action(
+	type="omfile"
+	File="/var/log/debug.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
+	type="omfile"
+	File="/var/log/messages"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+# Uncomment the following directive to re-enable the
+# deprecated "/var/log/syslog" log file (don't forget to re-enable log
+# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
+#*.*;auth,authpriv.none action(
+#	type="omfile"
+#	File="/var/log/syslog"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+*.emerg action(
+	type="omusrmsg"
+	Users="*"
+	action.execOnlyOnceEveryInterval="10"
+)
+
+# Create an additional socket for the default chroot location
+# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
+input(type="imuxsock" Socket="/var/empty/dev/log")
diff --git a/config-archive/etc/rsyslog.d/50-default.conf.dist.new b/config-archive/etc/rsyslog.d/50-default.conf.dist.new
new file mode 100644
index 0000000..9ae8578
--- /dev/null
+++ b/config-archive/etc/rsyslog.d/50-default.conf.dist.new
@@ -0,0 +1,95 @@
+#######################
+### DEFAULT ACTIONS ###
+#######################
+
+auth,authpriv.* action(
+	type="omfile"
+	File="/var/log/auth.log"
+	FileCreateMode="0600"
+	FileOwner="root"
+	FileGroup="adm"
+	Sync="off"
+)
+
+cron.* action(
+	type="omfile"
+	File="/var/log/cron.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+daemon.* action(
+	type="omfile"
+	File="/var/log/daemon.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+kern.* action(
+	type="omfile"
+	File="/var/log/kern.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+lpr.* action(
+	type="omfile"
+	File="/var/log/lpr.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+mail.* action(
+	type="omfile"
+	File="/var/log/mail.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+news.* action(
+	type="omfile"
+	File="/var/log/news.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+user.* action(
+	type="omfile"
+	File="/var/log/user.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.=debug;auth,authpriv,news,mail.none action(
+	type="omfile"
+	File="/var/log/debug.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
+	type="omfile"
+	File="/var/log/messages"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+# Uncomment the following directive to re-enable the
+# deprecated "/var/log/syslog" log file (don't forget to re-enable log
+# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
+#*.*;auth,authpriv.none action(
+#	type="omfile"
+#	File="/var/log/syslog"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+*.emerg action(
+	type="omusrmsg"
+	Users="*"
+	action.execOnlyOnceEveryInterval="10"
+)
+
+# Create an additional socket for the default chroot location
+# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
+input(type="imuxsock" Socket="/var/empty/dev/log")
-- 
2.39.5