parent
282e99c2a7
commit
16100cf94c
@ -0,0 +1,63 @@
|
||||
# Configuration rsyslog pour utiliser avec un Splunk Forwarder a copier dans /etc/rsyslog.d
|
||||
|
||||
#--------------------------Modules-----------------------------
|
||||
|
||||
$ModLoad imudp
|
||||
$ModLoad imtcp
|
||||
|
||||
#--------------------------Protocoles--------------------------
|
||||
|
||||
$UDPServerRun 514
|
||||
$UDPServerRun 5140
|
||||
$InputTCPServerRun 514
|
||||
|
||||
#--------------------------Folder------------------------------
|
||||
|
||||
$DirCreateMode 0755
|
||||
$FileCreateMode 0640
|
||||
$DirOwner splunk
|
||||
$DirGroup splunk
|
||||
$FileOwner splunk
|
||||
$FileGroup splunk
|
||||
|
||||
$RuleSet RSYSLOG_DefaultRuleSet
|
||||
|
||||
#--------------------------Templates---------------------------
|
||||
|
||||
#Template Cisco
|
||||
#$template ciscoasa,"/var/rsyslog/%$myhostname%/ciscoasa/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||
|
||||
#Template Fortigate
|
||||
$template fortigate,"/var/rsyslog/%$myhostname%/fortigate/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||
|
||||
#Template Esxi
|
||||
$template esxi,"/var/rsyslog/%$myhostname%/esxi/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||
|
||||
#Template Linux
|
||||
$template linux,"/var/rsyslog/%$myhostname%/linux/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||
|
||||
#Template Switch
|
||||
#$template switch,"/var/rsyslog/%$myhostname%/switch/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||
|
||||
# Catch All
|
||||
$template catchother,"/var/rsyslog/%$myhostname%/catchother/%$YEAR%-%$MONTH%-%$DAY%/%HOSTNAME%/%syslogfacility-text%.log"
|
||||
|
||||
#-------------------------Filtres------------------------------
|
||||
|
||||
if $msg contains_i ' devid="FG' then -?fortigate
|
||||
& stop
|
||||
|
||||
if $hostname contains_i 'srvesx' then -?esxi
|
||||
& stop
|
||||
|
||||
if $hostname contains_i 'svl' then -?linux
|
||||
& stop
|
||||
|
||||
#if $hostname contains 'SWI' then -?switch
|
||||
#& stop
|
||||
|
||||
#if $syslogtag contains '%ASA' then -?ciscoasa
|
||||
#& stop
|
||||
|
||||
if $fromhost != $$myhostname then -?catchother
|
||||
& stop
|
||||
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: "Deploy Conf Rsyslog for Splunk UF/HF Linux"
|
||||
become: yes
|
||||
hosts: splunk_uf_Linux
|
||||
tasks:
|
||||
- name: Deploy_Uf_LIN
|
||||
include_tasks: roles/splunk_deploy_uf/tasks/Deploy_Confrsyslog-to-hf-uf.yml
|
||||
@ -0,0 +1,8 @@
|
||||
- name: Copier la configuration Rsyslog
|
||||
become: yes
|
||||
become_user: "{{ privileged_user }}"
|
||||
copy:
|
||||
src: "{{ playbook_dir }}/Config_Rsyslog/01-Splunk_Forwarder.conf"
|
||||
dest: /etc/rsyslog.d/
|
||||
owner: root
|
||||
group: root
|
||||
Loading…
Reference in new issue