search

robertdebock / ansible-role-rsyslog

Install and configure rsyslog on your system.
https://robertdebock.nl/
Apache License 2.0
36 stars 40 forks source link

Using 'advanced' mode on CentOS 7 seems to be fraught with errors #34

Open isuftin opened 2 years ago

isuftin commented 2 years ago

Describe the bug

A clear and concise description of what the bug is.

Playbook

I am running robertdebock.rsyslog 4.6.0 against a CentOS-7 VirtualBox VM (latest bento/centos-7)

Variables going in to the include_role:

rsyslog_config_file_format: advanced
rsyslog_default_rules:
  - { rule: "authpriv.*", logpath: "/var/log/secure" }
  - { rule: "mail.*", logpath: "-/var/log/mail" }
  - { rule: "mail.info", logpath: "-/var/log/mail.info" }
  - { rule: "mail.warning", logpath: "-/var/log/mail.warn" }
  - { rule: "mail.err", logpath: "-/var/log/mail.err" }
  - { rule: "news.crit", logpath: "-/var/log/news/news.crit" }
  - { rule: "news.err", logpath: "-/var/log/news/news.err" }
  - { rule: "news.notice", logpath: "-/var/log/news/news.notice" }
  - { rule: "cron.*", logpath: "/var/log/cron" }
  - { rule: "*.emerg", logpath: ":omusrmsg:*" }
  - { rule: "uucp,news.crit", logpath: "/var/log/spooler" }
  - { rule: "local7.*", logpath: "/var/log/boot.log" }
  - { rule: "*.=warning;*.=err", logpath: "-/var/log/warn" }
  - { rule: "*.crit", logpath: "/var/log/warn" }
  - { rule: "*.*;mail.none;authpriv.none;cron.none;news.none", logpath: "-/var/log/messages" }
  - { rule: "local0,local1.*", logpath: "-/var/log/localmessages" }
  - { rule: "local2,local3.*", logpath: "-/var/log/localmessages" }
  - { rule: "local4,local5.*", logpath: "-/var/log/localmessages" }
  - { rule: "local6,local7.*", logpath: "-/var/log/localmessages" }
rsyslog_deploy_default_config: yes
rsyslog_dircreatemode: "0700"
rsyslog_features: []
rsyslog_filecreatemode: "0644"
rsyslog_mods:
  - imjournal
rsyslog_imuxsock_syssock: no
rsyslog_package_state: present
rsyslog_preservefqdn: no
rsyslog_receiver: no
rsyslog_remote_port: 514
rsyslog_remote_selector: "*.*"
rsyslog_remote_tcp: yes
rsyslog_rsyslog_d_files: []
rsyslog_workaroundjournalbug: no

What this outputs to /etc/rsyslog.conf:

#
# Ansible managed: Do NOT edit this file manually!
#
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

#################
#### MODULES ####
#################

# Provides support for local system logging (e.g. via logger command)
# And turns off message reception via local log socket;
# Local messages are retrieved through imjournal now.
#module(load="imuxsock" SysSock.Use="off")

# Provides access to the systemd journal
# And provides file to store the position in the journal
module(load="imjournal" StateFile="imjournal.state")

# provides kernel logging support
#module(load="imklog")

# provides --MARK-- message capability
#module(load="immark")

# provides access to specific log file
#module(load="imfile")

# provides UDP syslog reception
#module(load="imudp") # needs to be done just once
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp") # needs to be done just once
#input(type="imtcp" port="514")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

#
# Set the default permissions for all log files.
#
$FileCreateMode 0644
$DirCreateMode 0700

#
# Where to place spool and state files
#
global(workDirectory="/var/lib/rsyslog")

#
# Include all config files in /etc/rsyslog.d/
#
include(file="/etc/rsyslog.d/*.conf" mode="optional")

###############
#### RULES ####
###############

authpriv.* /var/log/secure
mail.* -/var/log/mail
mail.info -/var/log/mail.info
mail.warning -/var/log/mail.warn
mail.err -/var/log/mail.err
news.crit -/var/log/news/news.crit
news.err -/var/log/news/news.err
news.notice -/var/log/news/news.notice
cron.* /var/log/cron
*.emerg :omusrmsg:*
uucp,news.crit /var/log/spooler
local7.* /var/log/boot.log
*.=warning;*.=err -/var/log/warn
*.crit /var/log/warn
*.*;mail.none;authpriv.none;cron.none;news.none -/var/log/messages
local0,local1.* -/var/log/localmessages
local2,local3.* -/var/log/localmessages
local4,local5.* -/var/log/localmessages
local6,local7.* -/var/log/localmessages

Output

Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig systemd: Starting System Logging Service...
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: [origin software="rsyslogd" swVersion="8.24.0-57.el7_9.1" x-pid="7450" x-info="http://www.rsyslog.com"] start
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: action 'include' treated as ':omusrmsg:include' - please use ':omusrmsg:include' syntax instead, 'include' will not be supported in the future [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2184 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 65: warnings occured in file '/etc/rsyslog.conf' around line 65 [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2207 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 65: invalid character '(' - is there an invalid escape sequence somewhere? [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2207 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: action 'file' treated as ':omusrmsg:file' - please use ':omusrmsg:file' syntax instead, 'file' will not be supported in the future [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2184 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 65: warnings occured in file '/etc/rsyslog.conf' around line 65 [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2207 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 65: invalid character '=' - is there an invalid escape sequence somewhere? [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2207 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 65: invalid character '"' - is there an invalid escape sequence somewhere? [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2207 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: invalid character in selector line - ';template' expected [v8.24.0-57.el7_9.1]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 65: errors occured in file '/etc/rsyslog.conf' around line 65 [v8.24.0-57.el7_9.1 try http://www.rsyslog.com/e/2207 ]
Mar  2 16:52:57 vagrant-centos-7-vagrant-centos-7-stig systemd: Started System Logging Service.

Environment

Control node is MacOS Catalina

ansible [core 2.12.3]
  config file = None
  configured module search path = ['/Users/isuftin/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/isuftin/.pyenv/versions/3.9.10/envs/ctek-development/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/isuftin/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/isuftin/.pyenv/versions/ctek-development/bin/ansible
  python version = 3.9.10 (main, Jan 31 2022, 16:09:50) [Clang 12.0.0 (clang-1200.0.32.29)]
  jinja version = 3.0.3
  libyaml = True
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

Please consider sponsoring me.

Tuxem commented 1 year ago

CentOS7 uses a weird version of rsyslog which doesn't provide yet the include directive. For your MR, it might be better to change it with a check on the OS version ?

This legacy directive has been superseeded by the rsyslog include() configuration object. While it is save to use the legacy statement, we highly recommend to use it’s modern counterpart. Among others, the include() object provides enhanced functionality.

https://www.rsyslog.com/doc/v8-stable/configuration/global/options/rsconf1_includeconfig.html