author | Rich Burridge <rich.burridge@oracle.com> |
Fri, 07 Apr 2017 10:04:47 -0700 | |
changeset 7848 | 75d3cd4c779b |
parent 6308 | d320b29c637e |
permissions | -rw-r--r-- |
6307
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
1 |
# check version |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
2 |
/usr/lib/rsyslog/rsyslogd -v |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
3 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
4 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
5 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
6 |
# test that rsyslog does not contain our workspace path but rather relative paths |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
7 |
/usr/lib/rsyslog/rsyslogd -d -n 2>&1 | grep ': source file' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
8 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
9 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
10 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
11 |
# Check that GSS support is compiled in. The two functions should be seen: |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
12 |
nm /usr/lib/rsyslog/lmnet.so |grep AllowedSenders_GSS |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
13 |
[104] | 2097184| 8|OBJT |GLOB |0 |25 |pAllowedSenders_GSS |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
14 |
[80] | 2097176| 8|OBJT |LOCL |0 |25 |pLastAllowedSenders_GSS |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
15 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
16 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
17 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
18 |
# Install prerequirements for testing |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
19 |
pkg install database/mysql-57 database/mysql-57/client |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
20 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
21 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
22 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
23 |
# Disable native syslog, enable rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
24 |
svcadm disable system/system-log:default |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
25 |
sleep 5 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
26 |
svcadm enable system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
27 |
sleep 5 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
28 |
svcs -x |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
29 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
30 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
31 |
|
6308
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
32 |
======================= Create /etc/rsyslog.d/filegroup ======================== |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
33 |
$FileGroup openldap |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
34 |
*.* /var/tmp/openldap |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
35 |
$ResetConfigVariables |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
36 |
================================================================================ |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
37 |
rm -f /var/tmp/openldap |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
38 |
svcadm restart system/system-log:rsyslog |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
39 |
logger -p error "openldap" |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
40 |
ls -l /var/tmp/openldap |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
41 |
-rw-r--r-- 1 root openldap 2873 Jun 22 10:36 /var/tmp/openldap |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
42 |
# Make sure that the new file has 'openldap' group |
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
43 |
|
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
44 |
|
d320b29c637e
23002702 rsyslogd $FileGroup directive broken due to restrictive privilege in start metho
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
6307
diff
changeset
|
45 |
|
6307
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
46 |
# Logging a message should appear in dmesg and /var/adm/messages |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
47 |
logger -p error "Message 1" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
48 |
dmesg | tail # should contain '2016-06-10T07:53:00+00:00 S12-99 root: [ID 702911 user.error] Message 1' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
49 |
tail /var/adm/messages |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
50 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
51 |
======================== Create /etc/rsyslog.d/by_mail ========================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
52 |
module(load="ommail") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
53 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
54 |
template (name="mailBody" type="string" string="RSYSLOG Alert\\r\\nmsg='%msg%'") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
55 |
template (name="mailSubject" type="string" string="send by mail on %hostname%") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
56 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
57 |
if $msg contains "send" then { |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
58 |
action(type="ommail" server="localhost" port="25" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
59 |
mailfrom="rsyslog@localhost" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
60 |
mailto="root@localhost" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
61 |
subject.template="mailSubject" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
62 |
body.enable="on" # !!!!! should not be needed - see 23584223 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
63 |
action.execonlyonceeveryinterval="0") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
64 |
} |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
65 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
66 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
67 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
68 |
yes 'd' | mail > /dev/null # delete mail messages |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
69 |
logger -p error "Message 2 - send" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
70 |
mail -p # should contain our "Message 2 - send" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
71 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
72 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
73 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
74 |
====================== Create /etc/rsyslog.d/follow_file ======================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
75 |
module(load="imfile" mode="polling" PollingInterval="1") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
76 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
77 |
input(type="imfile" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
78 |
file="/var/tmp/file_to_follow" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
79 |
tag="foobar" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
80 |
severity="error" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
81 |
facility="local7") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
82 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
83 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
84 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
85 |
echo $"line created in a file\nand a second line" > /var/tmp/file_to_follow |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
86 |
dmesg | tail |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
87 |
#2016-06-10T09:14:20.481340+00:00 S12-99 foobar line created in a file |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
88 |
#2016-06-10T09:14:20.481355+00:00 S12-99 foobar and a second line |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
89 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
90 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
91 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
92 |
======================= Create file /etc/rsyslog.d/stats ======================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
93 |
module( |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
94 |
load="impstats" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
95 |
interval="10" # how often to generate stats |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
96 |
resetCounters="on" # to get deltas (e.g. # of messages submitted in the last 10 seconds) |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
97 |
log.file="/tmp/stats" # file to write those stats to |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
98 |
log.syslog="off" # don't send stats through the normal processing pipeline. More on that in a bit |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
99 |
) |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
100 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
101 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
102 |
rm -f /tmp/stats |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
103 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
104 |
sleep 15 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
105 |
cat /tmp/stats # The file should be there and contain some stats |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
106 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
107 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
108 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
109 |
======================== Create file /etc/rsyslog.d/tcp ======================== |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
110 |
module(load="imtcp") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
111 |
input(type="imtcp" port="6666" address="127.0.0.1") |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
112 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
113 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
114 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
115 |
echo '<89>xxxxxxxxxxxx' | nc localhost 6666 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
116 |
dmesg | tail # message xxxx should be visible |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
117 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
118 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
119 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
120 |
MYSQL_TEST_DATADIR=/var/tmp/mysql |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
121 |
MYSQL_VERSION=5.7 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
122 |
MYSQL_BINDIR=/usr/mysql/$MYSQL_VERSION/bin |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
123 |
MYSQL_TEST_USER=root |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
124 |
MYSQL_TEST_PASSWORD=new-password |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
125 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
126 |
pkill -9 mysqld |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
127 |
rm -rf "$MYSQL_TEST_DATADIR" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
128 |
mkdir "$MYSQL_TEST_DATADIR" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
129 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
130 |
"$MYSQL_BINDIR/mysqld" --datadir="$MYSQL_TEST_DATADIR" \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
131 |
--basedir=/usr/mysql/$MYSQL_VERSION --initialize-insecure |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
132 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
133 |
# Run the daemon in background. |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
134 |
# --gdb makes it possible to terminate mysqld via Ctrl+C |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
135 |
"$MYSQL_BINDIR/mysqld" \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
136 |
--skip-networking \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
137 |
-u $MYSQL_TEST_USER \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
138 |
--datadir="$MYSQL_TEST_DATADIR" \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
139 |
--pid-file="$MYSQL_TEST_DATADIR"/pid \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
140 |
--user=root \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
141 |
--gdb & |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
142 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
143 |
sleep 10 # wait for db to come up |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
144 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
145 |
"$MYSQL_BINDIR/mysqladmin" \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
146 |
-u "$MYSQL_TEST_USER" \ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
147 |
password "$MYSQL_TEST_PASSWORD" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
148 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
149 |
echo "CREATE DATABASE Syslog; |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
150 |
USE Syslog; |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
151 |
CREATE TABLE SystemEvents |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
152 |
( |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
153 |
ID int unsigned not null auto_increment primary key, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
154 |
CustomerID bigint, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
155 |
ReceivedAt datetime NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
156 |
DeviceReportedTime datetime NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
157 |
Facility smallint NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
158 |
Priority smallint NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
159 |
FromHost varchar(60) NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
160 |
Message text, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
161 |
NTSeverity int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
162 |
Importance int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
163 |
EventSource varchar(60), |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
164 |
EventUser varchar(60) NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
165 |
EventCategory int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
166 |
EventID int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
167 |
EventBinaryData text NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
168 |
MaxAvailable int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
169 |
CurrUsage int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
170 |
MinUsage int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
171 |
MaxUsage int NULL, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
172 |
InfoUnitID int NULL , |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
173 |
SysLogTag varchar(60), |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
174 |
EventLogType varchar(60), |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
175 |
GenericFileName VarChar(60), |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
176 |
SystemID int NULL |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
177 |
); |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
178 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
179 |
CREATE TABLE SystemEventsProperties |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
180 |
( |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
181 |
ID int unsigned not null auto_increment primary key, |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
182 |
SystemEventID int NULL , |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
183 |
ParamName varchar(255) NULL , |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
184 |
ParamValue text NULL |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
185 |
); |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
186 |
" | mysql --user="$MYSQL_TEST_USER" --password="$MYSQL_TEST_PASSWORD" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
187 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
188 |
========================= Create /etc/rsyslog.d/mysql ========================== |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
189 |
$ModLoad ommysql.so |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
190 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
191 |
if $msg contains 'mysql' then :ommysql:localhost,Syslog,root,new-password |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
192 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
193 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
194 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
195 |
logger -p error "no database" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
196 |
logger -p info "mysql database" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
197 |
echo "select Message from SystemEvents" | mysql --user="$MYSQL_TEST_USER" --password="$MYSQL_TEST_PASSWORD" -D Syslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
198 |
# The table should contain "mysql database" entry |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
199 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
200 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
201 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
202 |
============================= Create /var/tmp/a.py ============================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
203 |
import socket |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
204 |
sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
205 |
sock.bind('/tmp/socksample') |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
206 |
while True: |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
207 |
print('!!! ' + sock.recv(4096)) |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
208 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
209 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
210 |
========================= Create /etc/rsyslog.d/socket ========================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
211 |
$ModLoad omuxsock |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
212 |
$OMUxSockSocket /tmp/socksample |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
213 |
*.* :omuxsock: |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
214 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
215 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
216 |
rm -f /tmp/socksample |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
217 |
python /var/tmp/a.py & |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
218 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
219 |
logger -p info test |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
220 |
# there should be output like !!! <14>Jun 13 20:05:56 S12-99 root: [ID 702911 user.info] test |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
221 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
222 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
223 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
224 |
rm /etc/rsyslog.d/* |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
225 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
226 |
========================= Create /etc/rsyslog.d/server ========================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
227 |
$ModLoad imudp |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
228 |
$UDPServerRun 5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
229 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
230 |
svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
231 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
232 |
Lines denoted by '!!!' means that they apply to second (client) machine. |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
233 |
Replace A.B.C.D by ip of server machine |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
234 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
235 |
!!! ================ On second machine create /etc/rsyslog.d/client ================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
236 |
!!! *.* @A.B.C.D:5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
237 |
!!! ================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
238 |
!!! # Disable native syslog, enable rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
239 |
!!! svcadm disable system/system-log:default |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
240 |
!!! sleep 5 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
241 |
!!! svcadm enable system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
242 |
!!! sleep 5 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
243 |
!!! svcs -x |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
244 |
!!! |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
245 |
!!! svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
246 |
!!! logger -p error 'udp log' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
247 |
!!! |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
248 |
!!! # Server should have the log |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
249 |
!!! dmest | tail |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
250 |
!!! 2016-06-18T23:22:56+00:00 S12-101 root: [ID 702911 user.error] udp log |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
251 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
252 |
dmesg | tail # shoudl show 'udp log' message |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
253 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
254 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
255 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
256 |
========================= Modify /etc/rsyslog.d/server ========================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
257 |
$ModLoad imtcp |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
258 |
$InputTCPServerRun 5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
259 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
260 |
snoop -d net0 -x 0 port 5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
261 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
262 |
!!! =============== On second machine replace /etc/rsyslog.d/client ================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
263 |
!!! *.* @@A.B.C.D:5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
264 |
!!! ================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
265 |
!!! svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
266 |
!!! logger -p error 'tcp log' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
267 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
268 |
# Make sure snoop shows the 'tcp log' message in plain |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
269 |
dmesg | tail # should show 'tcp log' message |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
270 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
271 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
272 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
273 |
========================= Modify /etc/rsyslog.d/server ========================= |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
274 |
$DefaultNetstreamDriver gtls |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
275 |
$DefaultNetstreamDriverCAFile /etc/rsyslog.cert/ca-cert.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
276 |
$DefaultNetstreamDriverCertFile /etc/rsyslog.cert/server-cert.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
277 |
$DefaultNetstreamDriverKeyFile /etc/rsyslog.cert/server-key.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
278 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
279 |
$ModLoad imtcp |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
280 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
281 |
$InputTCPServerStreamDriverMode 1 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
282 |
$InputTCPServerStreamDriverAuthMode anon |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
283 |
$InputTCPServerRun 5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
284 |
================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
285 |
mkdir -p /etc/rsyslog.cert |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
286 |
cd /etc/rsyslog.cert |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
287 |
SUBJ='/CN=server.cz.oracle.com/O=Oracle Corporation/OU=Solaris RPE/C=CZ/ST=Czech republic/L=Prague/emailAddress=root@localhost' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
288 |
openssl genrsa 2048 > ca-key.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
289 |
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj "$SUBJ" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
290 |
SUBJ='/CN=client.cz.oracle.com/O=Oracle Corporation/OU=Solaris RPE/C=CZ/ST=Czech republic/L=Prague/emailAddress=root@localhost' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
291 |
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj "$SUBJ" |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
292 |
openssl rsa -in server-key.pem -out server-key.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
293 |
openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
294 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
295 |
snoop -d net0 -x 0 port 5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
296 |
# This should show no plain text message once we send it in next paragraph |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
297 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
298 |
!!! =============== On second machine replace /etc/rsyslog.d/client ================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
299 |
!!! $DefaultNetstreamDriverCAFile /etc/rsyslog.cert/ca-cert.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
300 |
!!! $DefaultNetstreamDriver gtls |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
301 |
!!! $ActionSendStreamDriverMode 1 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
302 |
!!! $ActionSendStreamDriverAuthMode anon |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
303 |
!!! |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
304 |
!!! *.* @@A.B.C.D:5822 |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
305 |
!!! ================================================================================ |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
306 |
!!! mkdir -p /etc/rsyslog.cert |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
307 |
!!! scp A.B.C.D:/etc/rsyslog.cert/ca-cert.pem /etc/rsyslog.cert/ca-cert.pem |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
308 |
!!! svcadm restart system/system-log:rsyslog |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
309 |
!!! logger -p error 'encrypted tcp log' |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
310 |
|
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
311 |
# Make sure snoop SHOWS NO 'encrypted tcp log' message in plain |
1cafac19362d
23060892 Provide all plugins for rsyslog
Vladimir Marek <Vladimir.Marek@oracle.com>
parents:
diff
changeset
|
312 |
dmesg | tail # should show 'encrypted tcp log' message |