Puppet users - Sep 2008 - Setting up a syslog-ng server with puppet?

Anyone have any recipes for this? Also logrotate bits would help.

-- 
- Brian Gupta

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On 9/22/2008 2:30 PM, Brian Gupta wrote:
> Anyone have any recipes for this? Also logrotate bits would help.
I just leave logrotate on the defaults. But for syslog-ng (edited down 
to the relevant bits):
> node "syslog.cae.tntech.edu" {
>     include baseclass
>     $syslogtype = ''server''
>     include cae-host
> }
> class cae-host {
>     include syslog-ng
> }
All other nodes that include cae-host don''t set $syslogtype explicitly,
so they end up with the default settings suitable for a client.

syslog-ng.pp:
> class syslog-ng {
>   package { syslog-ng: ensure => installed }
>   file { syslog-ngconf:
>     path => $operatingsystem ? {
>       default => "/etc/syslog-ng/syslog-ng.conf"
>     },
>     owner => root, group => root, mode => 644,
>     source => $syslogtype ? {
>         server  =>
"puppet:///files/apps/syslog-ng/syslog-ng.conf.server",
>         client  =>
"puppet:///files/apps/syslog-ng/syslog-ng.conf",
>         default =>
"puppet:///files/apps/syslog-ng/syslog-ng.conf",
>     },
>     require => Package[syslog-ng]
>   }
>   service { syslog-ng:
>     ensure => running,
>     enable => true,
>     subscribe => [Package[syslog-ng], File[syslog-ngconf]]
>   }
>   file { bzipoldlogs:
>     path => $operatingsystem ? {
>       default => "/usr/local/sbin/bzipoldlogs"
>     },
>     owner   => root, group => root, mode => 700,
>     source  => "puppet:///files/apps/syslog-ng/bzipoldlogs",
>     ensure  => $syslogtype ? {
>         server  => present,
>         client  => absent,
>         default => absent
>     },
>     require => Package[syslog-ng]
>   }
>   cron { bzipoldlogs:
>       command => "/usr/local/sbin/bzipoldlogs",
>       user    => root,
>       hour    => 0,
>       minute  => 5,
>       ensure  => $syslogtype ? {
>           server  => present,
>           client  => absent,
>           default => absent
>       }
>   }
>   file { mklogcheckfiles:
>     path => $operatingsystem ? {
>       default => "/usr/local/sbin/mklogcheckfiles"
>     },
>     owner   => root, group => root, mode => 700,
>     source  =>
"puppet:///files/apps/syslog-ng/mklogcheckfiles",
>     ensure  => $syslogtype ? {
>         server  => present,
>         client  => absent,
>         default => absent
>     },
>     require => Package[syslog-ng]
>   }
>   cron { mklogcheckfiles:
>       command => "/usr/local/sbin/mklogcheckfiles",
>       user    => root,
>       hour    => 0,
>       minute  => 4,
>       ensure  => $syslogtype ? {
>           server  => present,
>           client  => absent,
>           default => absent
>       }
>   }
> }
bzipoldlogs:
> #!/bin/sh
> for name in `find /var/log/HOSTS ! -name "*bz2" -type f ! -path
"*/\`/bin/date +%Y/%m/%d\`/*" -print`; do
>     if [ -f ${name}.bz2 ]; then
>         n=1
>         while [ -f ${name}-${n}.bz2 ]; do
>             n=`expr ${n} + 1`
>         done
>         mv ${name} ${name}-${n}
>         bzip2 ${name}-${n}
>     else
>         bzip2 ${name}
>     fi
> done
mklogcheckfiles:
> #!/bin/sh
> LOGCHECKFILE=/etc/logcheck/logcheck.logfiles
> cat > ${LOGCHECKFILE} <<EOF
> # these files will be checked by logcheck
> # This has been tuned towards a default syslog install
> /var/log/syslog
> /var/log/auth.log
> EOF
> ls /var/log/HOSTS/*/`date +"%Y/%m/%d"`/auth-`date
+"%Y%m%d"`.log \
>     /var/log/HOSTS/*/`date +"%Y/%m/%d"`/syslog-`date
+"%Y%m%d"` >> ${LOGCHECKFILE}
Central server set up along the lines of 
http://www.campin.net/newlogcheck.html -- I did most/all of that 
manually, though.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

You may find useful this (for syslog-ng):
http://live.lab42.it/puppetinfrastructure/browser/syslog-ng

and this (for phpsyslogng web interface);
http://live.lab42.it/puppetinfrastructure/browser/phpsyslogng

Regards,
al

On Sep 22, 9:30 pm, "Brian Gupta" <brian.gu...@gmail.com>
wrote:
> Anyone have any recipes for this? Also logrotate bits would help.
>
> --
> - Brian Gupta
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

If you are using RHEL or CentOS you should also remove sysklogd.

I do it this way:

        # remove old syslog-ng (hack) only if exists. Does not follow
standard upgrade
        exec { "remove-syslog-ng-1.6.2-2":
                name      => "rpm -e --nodeps --allmatches syslog-
ng-1.6.2-2",
                logoutput => true,
                onlyif    => "rpm -q syslog-ng-1.6.2-2",
        }


Talk to me offline tonight at the Puppet get together.

-L

--
Larry Ludwig
Empowering Media
1-866-792-0489 x600
Fully Managed VPSes
http://www.hostcube.com/

On Sep 22, 3:30 pm, "Brian Gupta" <brian.gu...@gmail.com>
wrote:
> Anyone have any recipes for this? Also logrotate bits would help.
>
> --
> - Brian Gupta
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Sorry I gave you the wrong bit.  That was for a badly installed older
version of syslog-ng

        # remove old sysklogd (hack) only if exists. Does not follow
standard upgrade
        exec { "remove-sysklogd":
                name      => "rpm -e --nodeps --allmatches
sysklogd",
                logoutput => true,
                onlyif    => "rpm -q sysklogd",
        }

On Sep 24, 10:46 am, Larry Ludwig <larry...@gmail.com>
wrote:
> If you are using RHEL or CentOS you should also remove sysklogd.
>
> I do it this way:
>
>         # remove old syslog-ng (hack) only if exists. Does not follow
> standard upgrade
>         exec { "remove-syslog-ng-1.6.2-2":
>                 name      => "rpm -e --nodeps --allmatches syslog-
> ng-1.6.2-2",
>                 logoutput => true,
>                 onlyif    => "rpm -q syslog-ng-1.6.2-2",
>         }
>
> Talk to me offline tonight at the Puppet get together.
>
> -L
>
> --
> Larry Ludwig
> Empowering Media
> 1-866-792-0489 x600
> Fully Managed VPSeshttp://www.hostcube.com/
>
> On Sep 22, 3:30 pm, "Brian Gupta" <brian.gu...@gmail.com>
wrote:
>
> > Anyone have any recipes for this? Also logrotate bits would help.
>
> > --
> > - Brian Gupta
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

ensuring that the service is disabled and not running is enough for me...
Be sure to make a dependency between them to reduce the time you are
running without a log
Ohad

On 9/24/08, Larry Ludwig <larrylud@gmail.com>
wrote:
>
> Sorry I gave you the wrong bit.  That was for a badly installed older
> version of syslog-ng
>
>         # remove old sysklogd (hack) only if exists. Does not follow
> standard upgrade
>         exec { "remove-sysklogd":
>                 name      => "rpm -e --nodeps --allmatches
sysklogd",
>                 logoutput => true,
>                 onlyif    => "rpm -q sysklogd",
>         }
>
> On Sep 24, 10:46 am, Larry Ludwig <larry...@gmail.com> wrote:
>> If you are using RHEL or CentOS you should also remove sysklogd.
>>
>> I do it this way:
>>
>>         # remove old syslog-ng (hack) only if exists. Does not follow
>> standard upgrade
>>         exec { "remove-syslog-ng-1.6.2-2":
>>                 name      => "rpm -e --nodeps --allmatches
syslog-
>> ng-1.6.2-2",
>>                 logoutput => true,
>>                 onlyif    => "rpm -q syslog-ng-1.6.2-2",
>>         }
>>
>> Talk to me offline tonight at the Puppet get together.
>>
>> -L
>>
>> --
>> Larry Ludwig
>> Empowering Media
>> 1-866-792-0489 x600
>> Fully Managed VPSeshttp://www.hostcube.com/
>>
>> On Sep 22, 3:30 pm, "Brian Gupta"
<brian.gu...@gmail.com> wrote:
>>
>> > Anyone have any recipes for this? Also logrotate bits would help.
>>
>> > --
>> > - Brian Gupta
> >
>
-- 
Sent from Gmail for mobile | mobile.google.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Sep 24, 8:39 pm, "Ohad Levy" <ohadl...@gmail.com>
wrote:
> ensuring that the service is disabled and not running is enough for me...
> Be sure to make a dependency between them to reduce the time you are
> running without a log
We''ve remove services to prevent them ever from running.  Granted a
ensure=> stopped will stop any service from running.  For security and
since we allow customers root access we want to have extra safety.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---