From faab70e5443a0c01e1e0e00edc30a8c4cd487d17 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Thu, 24 Aug 2023 11:33:58 +0200
Subject: [PATCH] Configuring Rsyslog for RHEL 9.

---
 files/50_rsyslog.conf.el9             | 62 ++++++++++++++++++++++++++
 kickstart/profile.rhel-9.2.develop.ks |  7 ++-
 snippets/tpl.080.rsyslogd-el9.sh      | 63 +++++++++++++++++++++++++++
 3 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 files/50_rsyslog.conf.el9
 create mode 100644 snippets/tpl.080.rsyslogd-el9.sh

diff --git a/files/50_rsyslog.conf.el9 b/files/50_rsyslog.conf.el9
new file mode 100644
index 0000000..70fcc88
--- /dev/null
+++ b/files/50_rsyslog.conf.el9
@@ -0,0 +1,62 @@
+# Initial /etc/rsyslog.d/50_rsyslog.conf for Enterprise Linux 9
+
+$umask 0000
+$ActionQueueFileName queue
+$ActionQueueMaxDiskSpace 1g
+$ActionQueueSaveOnShutdown on
+$ActionQueueType LinkedList
+$ActionResumeRetryCount -1
+$PrivDropToGroup root
+$PrivDropToUser root
+$RepeatedMsgReduction on
+global (
+    parser.escapeControlCharactersOnReceive="on"
+    workDirectory="/var/lib/rsyslog"
+    maxMessageSize="64k"
+  
+)
+module(load="imjournal" 
+          StateFile="imjournal.state"
+          IgnorePreviousMessages="off"
+     
+)
+module(load="immark"
+	interval="300"
+)
+module(load="imuxsock" 
+          SysSock.Use="off"
+          SysSock.FlowControl="on"
+          SysSock.RateLimit.Interval="600"
+          SysSock.RateLimit.Burst="20000"
+     
+)
+module(load="builtin:omfile" 
+          fileOwner="root"
+          fileGroup="root"
+          dirGroup="root"
+          fileCreateMode="0640"
+          dirCreateMode="0755"
+     
+)
+module(load="builtin:omusrmsg" )
+# Everybody gets emergency messages
+*.emerg     :omusrmsg:*
+
+# Log all the mail messages in one place.
+mail.*     -/var/log/maillog
+
+# Log anything (except mail) of level info or higher.
+*.info;mail.none;authpriv.none;cron.none     /var/log/messages
+
+# Log cron stuff
+cron.*     /var/log/cron
+
+# Save boot messages also to boot.log
+local7.*     -/var/log/boot.log
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit     -/var/log/spooler
+
+# The authpriv file has restricted access.
+auth,authpriv.*     /var/log/secure
+
diff --git a/kickstart/profile.rhel-9.2.develop.ks b/kickstart/profile.rhel-9.2.develop.ks
index 5c89531..00d7c9d 100644
--- a/kickstart/profile.rhel-9.2.develop.ks
+++ b/kickstart/profile.rhel-9.2.develop.ks
@@ -66,7 +66,7 @@ logvol  /         --vgname=vgroot --name=root --fstype=xfs  --size=6144
 logvol swap       --vgname=vgroot --name=swap --fstype=swap --size=1024
 logvol  /home     --vgname=vgroot --name=home --fstype=xfs  --size=1024
 logvol  /var      --vgname=vgroot --name=var  --fstype=xfs  --size=4096 --grow
-logvol  /var/log  --vgname=vgroot --name=log  --fstype=xfs  --size=2048
+logvol  /var/log  --vgname=vgroot --name=log  --fstype=xfs  --size=3072
 
 ##########################################
 # Packages
@@ -273,6 +273,11 @@ echo
 echo "Using snippet $this_snippet"
 $SNIPPET($this_snippet)
 
+#set $tweak_rsyslog_snippet = "per_status/" + $SYSTEM_STATUS + "/tpl.080.rsyslogd-el9.sh"
+echo
+echo "Using snippet $tweak_rsyslog_snippet"
+$SNIPPET($tweak_rsyslog_snippet)
+
 #set $this_snippet= "per_status/" + $SYSTEM_STATUS + "/tpl.085.disable-ipv6.sh"
 echo
 echo "Using snippet $this_snippet"
diff --git a/snippets/tpl.080.rsyslogd-el9.sh b/snippets/tpl.080.rsyslogd-el9.sh
new file mode 100644
index 0000000..3367333
--- /dev/null
+++ b/snippets/tpl.080.rsyslogd-el9.sh
@@ -0,0 +1,63 @@
+## !/bin/bash
+#raw
+
+#-----------------------------------------------------------
+set_rsyslogd_el9() {
+
+    echo -e "\e[0Ksection_start:$( date +%s ):ks_set_rsyslogd_el9[collapsed=true]\r\e[0KConfiguring Rsyslogd ..."
+    echo
+    echo "${HASH_LINE}"
+    echo "Calling set_rsyslogd_el9() ..."
+    echo
+    local url_top="${cobbler_url}/${ws_rel_filesdir}/${system_status}/rsyslog.conf"
+    local url_sub="${cobbler_url}/${ws_rel_filesdir}/${system_status}/50_rsyslog.conf.el9"
+
+    echo
+    log "Configuring Rsyslogd."
+
+    echo
+    log "Cleaning /etc/rsyslog.d ..."
+    if [[ -d /etc/rsyslog.d ]] ; then
+        local cfg_file=
+        for cfg_file in /etc/rsyslog.d/*.conf ; do
+            if [[ -f "${cfg_file}" ]] ; then
+                rm -fv "${cfg_file}"
+            fi
+        done
+    else
+        mkdir -pv /etc/rsyslog.d
+    fi
+
+    echo
+    log "Rewriting /etc/rsyslog.conf ..."
+
+    local tmp_file=$( mktemp )
+    wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url_top}" || true
+    if [[ -s "${tmp_file}" ]] ; then
+        cp -p /etc/rsyslog.conf /etc/rsyslog.conf.orig
+        mv -v "${tmp_file}" /etc/rsyslog.conf
+        chmod -v 0644 /etc/rsyslog.conf
+    fi
+    rm -fv "${tmp_file}"
+
+    echo
+    log "Rewriting /etc/rsyslog.d/50_rsyslog.conf ..."
+
+    tmp_file=$( mktemp )
+    wget -O "${tmp_file}" --dns-timeout=2 --connect-timeout=3 --read-timeout=3 "${url_sub}" || true
+    if [[ -s "${tmp_file}" ]] ; then
+        mv -v "${tmp_file}" /etc/rsyslog.d/50_rsyslog.conf
+        chmod -v 0644 /etc/rsyslog.d/50_rsyslog.conf
+    fi
+    rm -fv "${tmp_file}"
+
+    echo
+    ls -l /etc/rsyslog.conf* /etc/rsyslog.d/*
+
+    echo -e "\e[0Ksection_end:$( date +%s ):ks_set_rsyslogd_el9\r\e[0K"
+}
+
+set_rsyslogd_el9
+
+#end raw
+## vim: ts=4 et list
-- 
2.39.5