Univention Bugzilla – Full Text Bug Listing |
Summary: | Remote logging per UCR | ||
---|---|---|---|
Product: | UCS | Reporter: | Janis Meybohm <meybohm> |
Component: | univention-base-files | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | enhancement | ||
Priority: | P5 | CC: | gohmann, hahn, jmm, orrego, petersen, schwardt, steuwer, stoeckigt |
Version: | UCS 3.1 | ||
Target Milestone: | UCS 4.1-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=41815 | ||
What kind of report is it?: | Feature Request | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 43125, 56055 | ||
Attachments: | UCS template for remote logging /etc/rsyslog.d/remote-syslog.conf |
Description
Janis Meybohm
2009-09-24 17:28:33 CEST
(In reply to comment #0) > Man sollte remote logging per UCR in der syslog.conf aktivieren können bzw. > SYSLOGD="-r" in der /etc/default/syslogd Wobei man sich letztes sparen kann da /etc/init.d/sysklogd ein UCR template ist in dem die defaults file nicht gesourced wird. Die UCC Clients verwenden nun logger. Von daher wäre es praktisch, wenn bei der Installation von ucc-pxe-boot auch direkt das Remote Logging aktiviert werden könnte. Mittlerweile wird rsyslogd verwendet. So kann es aktiviert werden: echo -e '$ModLoad imudp\n$UDPServerRun 514\n' >>/etc/rsyslog.d/ucc.conf ucr set security/packetfilter/udp/514/all=ACCEPT /etc/init.d/univention-firewall restart /etc/init.d/rsyslog restart Die Client Seite sollte ebenfalls per UCR gesteuert werden. In UCC wurde das schon gemacht: https://forge.univention.org/websvn/filedetails.php?repname=dev&path=%2Fbranches%2Fucs-3.1%2Fucc%2Funivention-corporate-client%2Fconffiles%2Fetc%2Frsyslog.d%2F100-ucc.conf (In reply to comment #3) > So kann es aktiviert werden: > > echo -e '$ModLoad imudp\n$UDPServerRun 514\n' >>/etc/rsyslog.d/ucc.conf > ucr set security/packetfilter/udp/514/all=ACCEPT ↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑ Bitte security/packetfilter/package/PAKETNAME/udp/514/all=ACCEPT verwenden. Die oben genannte Variante ist für kundenspezifische Einstellungen. We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2. As such, this bug is moved to the new target milestone. Asked again by a customer We had numerous (kernel) bugs in the past, were the /-filesystem was no longer writable and valuable information was lost because UCS does no remote logging: Ticket #2016042621000189 Ticket #2016041221000419 Ticket #2016040721000198 Ticket #2016041221000419 See <http://sdb.univention.de/1362>: > 3. Configure a central syslog server to collect syslog messages from all/other hosts in your domain. > Setup one server (master) to store the log files: > printf '$ModLoad imudp\n$UDPServerRun 514\n' >/etc/rsyslog.d/ucs-logserver.conf > ucr set security/packetfilter/package/rsyslog/udp/514/all{=ACCEPT,/en=syslog} > /etc/init.d/rsyslog restart > /etc/init.d/univention-firewall restart > > Configure all other servers to send their syslog data to that server: > printf '*.* @%s\n' "$(dig +short +search master)" >/etc/rsyslog.d/ucs-remotelog.conf > /etc/init.d/rsyslog restart That should be configurable via UCR and policy. Created attachment 7808 [details] UCS template for remote logging /etc/rsyslog.d/remote-syslog.conf A simple UCS template to enable a UCS system to send logs remotely (as for rsyslog 4.6.4 in UCS 3.X). It includes a failover host and a local buffer file, in case the remote servers are unreachable, as in http://wiki.rsyslog.com/index.php/FailoverSyslogServer UCR variables: [syslog/remote/destination] Description[de]=Zielsystem für die Syslog-Umleitung. Z.B. 192.168.225.122:5514 Description[en]=Target server for the syslog redirection. E.g. 192.168.225.122:5514 Type=str Categories=system-base [syslog/remote/destination/failover] Description[de]=Ersatzziele, sollte der erste Server nicht erreichbar sein. Server sind separiert durch Leerzeichen Description[en]=Additional servers that are used as fail over in case of unavailability of the first one. Servers are separated by blanks Type=str Categories=system-base [syslog/remote/channels] Description[de]=Syslog Channels die an den entfernten Server weitergeleitet werden. Standard: *.* Description[en]=Syslog channels that will be redirected to the receiving host. Default *.* Type=str Categories=system-base --- Notice that syslog/destination and syslog/destination/failover "support" extra options like sending the port or the format template of rsyslog (and override the default in /etc/rsyslog.conf). So one can do ucr set syslog/remote/destination='192.168.24.10:1514;RSYSLOG_FileFormat' to change the remote port to 1514 and the log format to RYSLOG_FileFormat and again the /-filesystem was no longer writable and valuable information was lost because UCS does no remote logging: Ticket#2016091621002544 See also Bug #41815. 4.1-4: r74914 | Bug #15728 base: Enable remote syslog logging 4.2-0: r74925 | Bug #15728 base: Fix minor issues r74924 | Bug #15728 base: Enable remote syslog logging Package: univention-base-files Version: 5.0.1-3.217.201612011627 Version: 5.0.1-4.218.201612020906 Branch: ucs_4.1-0 Scope: errata4.1-4 r74921 | Bug #15728,Bug #41815,Bug #41816: base YAML univention-base-files.yaml TEST: @server: ucr set syslog/input/udp=514 syslog/input/tcp=10514 syslog/input/relp=2514 rsyslogd -N 1 -d | grep NOT /etc/init.d/univention-firewall restart /etc/init.d/rsyslog restart tail -f /var/log/user.log @client ucr set syslog/remote=@@10.200.17.28:10514 syslog/remote/fallback='@10.200.17.29:514 /var/log/failed' rsyslogd -N 1 -d | grep NOT logger Test3 ssh 10.200.17.28 /etc/init.d/rsyslog stop logger Fallback univention-install rsyslog-relp ucr set syslog/remote=:omrelp:10.200.17.28:2514 logger RELP OK - univention-base-files.yaml OK - remote logging OK - merged to 4.2-0 |