25 Nov

rsyslog v7 for ubuntu 12.04 precise

I wanted to take a look at the latest rsyslog stuff but the current ubuntu releases only have v5 package.

So I created an updated ppa for this.

This ppa also has updated packages for libee, libestr, librelp that are needed for the latest rsyslog.

Launchpad link for the ppa.

https://launchpad.net/~tmortensen/+archive/rsyslogv7

 

To use it you can also just use the following commands,

# sudo add-apt-repository ppa:tmortensen/rsyslogv7
# sudo apt-get update && sudo apt-get install rsyslog
 
 
I referenced the debian package to make these.
Many thanks go out to the original debian maintainer for rsyslog.  He did most of the work needed to get these created. 

 

21 Apr

Ubuntu 12.04 Precise: ldap with a server that supports openssl not gnutls ?

If you need to use ldap but your server does not support gnutls and instead it would like to use ssl.

Use the following ppa

https://launchpad.net/~tmortensen/+archive/ppa

Full Install Instructions

Add the ppa and update apt
apt-get install python-software-properties
add-apt-repository ppa:tmortensen/ppa
apt-get update

Install libldap and nslcd

apt-get install ldap-utils nslcd

Setup your config files and you should be set.

/etc/nslcd.conf

/etc/ldap/ldap.conf

For nsswitch change the passwd,group,shadow lines from compat to
/etc/nsswitch.conf

passwd:         files ldap
group:          files ldap
shadow:         files ldap

By default when a user logs in without a home directory you will get an error. To have pam auto create homes on first login.

Edit these two files and add the following line to each:
/etc/pam.d/common-seesion
/etc/pam.d/common-session-noninteractive

session required pam_mkhomedir.so skel=/etc/skel umask=0022

 

You can restrict access by group using ssh.
/etc/ssh/sshd_config

AllowGroups LDAPGroupName localaccount

 

05 Mar

remote syslog via rsyslogs relp module

This is a config for rsyslogd with RELP

I am setting up rsyslog to send all of its logs to a remote log collection server where I will store them on disk.

Later I will talk about how I have used logstash to pull in these files once on the system.

I won’t bother posting the default lines almost all rsyslog config files will have.

I setup some basic udp collectors for legacy devices

$ModLoad imudp
$UDPServerAddress 0.0.0.0
$UDPServerRun 514

Then load the relp module to provide more reliable tcp logging.  I am going to have mine communicate on tcp port 1088

$ModLoad imrelp
$InputRELPServerRun 1088

The other two custom options I have set are for preserving fqdn because I need the full name to differentiate devices in different cities.

$PreserveFQDN on

I also tun off the message reduction to allow the systems I plan to implements better count messages.

$RepeatedMsgReduction off

Now on the client side all I have to do is include the relp module again and forward all messages via *.*

$ModLoad omrelp
*.* :omrelp:remotesyslog.example.org:1088;RSYSLOG_ForwardFormat

I am also using the RSYSLOG_ForwardFormat to preserve the severity and priority when the message is sent.