From c8ed25a704fe0c41cfd035f07c817d82ce047d33 Mon Sep 17 00:00:00 2001
From: Benjamin Graillot <graillot@crans.org>
Date: Sun, 3 Jan 2021 10:46:23 +0100
Subject: [PATCH] [rsyslog-server] tealc is the rsyslog server

---
 plays/logs.yml                                | 14 +++++++----
 roles/rsyslog-server/tasks/main.yml           | 24 +++++++++++++++++++
 .../templates/rsyslog.d/30-cablage.conf.j2    | 22 +++++++++++++++++
 .../rsyslog.d/52-listen_relp.conf.j2          |  4 ++++
 .../rsyslog.d/53-listen_switches.conf.j2      |  8 +++++++
 5 files changed, 67 insertions(+), 5 deletions(-)
 create mode 100644 roles/rsyslog-server/tasks/main.yml
 create mode 100644 roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
 create mode 100644 roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
 create mode 100644 roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2

diff --git a/plays/logs.yml b/plays/logs.yml
index 77cc27b0..8891c32b 100755
--- a/plays/logs.yml
+++ b/plays/logs.yml
@@ -1,11 +1,15 @@
 #!/usr/bin/env ansible-playbook
 ---
-# thot is the log server.
-# Servers need to send their logs to thot.
+# tealc is the log server.
+# Servers need to send their logs to tealc.
 
-# Send logs to thot
-- hosts: server,!thot.adm.crans.org
+# Send logs to tealc
+- hosts: server,!tealc.adm.crans.org
   vars:
     rsyslog:
-      server: thot.adm.crans.org
+      server: 172.16.10.1
   roles: ["rsyslog-client"]
+
+- hosts: tealc.adm.crans.org
+  roles:
+    - rsyslog-server
diff --git a/roles/rsyslog-server/tasks/main.yml b/roles/rsyslog-server/tasks/main.yml
new file mode 100644
index 00000000..5d99654a
--- /dev/null
+++ b/roles/rsyslog-server/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Deploy rsyslog cablage config
+  template:
+    src: rsyslog.d/30-cablage.conf.j2
+    dest: /etc/rsyslog.d/30-cablage.conf
+    mode: 0640
+    owner: root
+    group: root
+
+- name: Deploy rsyslog listen relp config
+  template:
+    src: rsyslog.d/52-listen_relp.conf.j2
+    dest: /etc/rsyslog.d/52-listen_relp.conf
+    mode: 0640
+    owner: root
+    group: root
+
+- name: Deploy rsyslog listen switches config
+  template:
+    src: rsyslog.d/53-listen_switches.conf.j2
+    dest: /etc/rsyslog.d/53-listen_switches.conf
+    mode: 0640
+    owner: root
+    group: root
diff --git a/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
new file mode 100644
index 00000000..7d1c9f44
--- /dev/null
+++ b/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
@@ -0,0 +1,22 @@
+{{ ansible_header | comment }}
+
+# Logs des switches
+
+if $fromhost-ip startswith '172.16.33.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
+
+# Logs des bornes
+
+## Dropbear est atteint de logorhÃ©e, une partie de ses logs ne sont pas vitaux
+if $programname contains "dropbear" and $msg contains "Exit before auth: Exited normally" then ~
+if $programname contains "dropbear" and re_match($msg, "Child connection from (127.0.0.1|::1|10.231.148.102)") then ~
+if $programname contains "dropbear" and re_match($msg, "Pubkey auth succeeded .* from 10.231.148.102") then ~
+if $programname contains "dropbear" and re_match($msg, "Exit \\(.*\\): Disconnect received") then ~
+
+if $fromhost-ip startswith '172.16.34.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
+
+# Logs RADIUS
+if $programname contains 'freeradius' then /pool/logs/tealc/cablage/global.log
+if $programname contains 'radiusd' then /pool/logs/tealc/cablage/global.log
+
+# Logs DHCP
+if $programname contains 'dhcpd' then /pool/logs/tealc/cablage/global.log
diff --git a/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
new file mode 100644
index 00000000..589ae3b9
--- /dev/null
+++ b/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
@@ -0,0 +1,4 @@
+{{ ansible_header | comment }}
+
+$ModLoad imrelp
+$InputRELPServerRun 20514
diff --git a/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2 b/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
new file mode 100644
index 00000000..26bb5344
--- /dev/null
+++ b/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
@@ -0,0 +1,8 @@
+{{ ansible_header | comment }}
+
+# RÃ©ception en udp: pour les switchs seulement
+# et les bornes wifi
+$ModLoad imudp
+$UDPServerRun 514
+
+$AllowedSender UDP, 127.0.0.1, *.adm.crans.org, 172.16.10.0/24, *.infra.crans.org, 172.16.33.0/24, 172.16.34.0/24
-- 
GitLab