Skip to content

O
OpnSense
Commit 28215751 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy) refactor syslog a bit, make sure we obey syslog.enabled for remote syslog

parent b5b8d91e
Hide whitespace changes
Inline Side-by-side
Showing with 60 additions and 91 deletions
src/etc/inc/system.inc
View file @ 28215751
...@@ -747,12 +747,15 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") { ...@@ -747,12 +747,15 @@ function system_syslogd_get_remote_servers($syslogcfg, $facility = "*.*") {
$remote_servers = ""; $remote_servers = "";
$pad_to = 56; $pad_to = 56;
$padding = ceil(($pad_to - strlen($facility))/8)+1; $padding = ceil(($pad_to - strlen($facility))/8)+1;
if($syslogcfg['remoteserver']) if(!empty($syslogcfg['remoteserver'])) {
$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n"; $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver']) . "\n";
if($syslogcfg['remoteserver2']) }
$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n"; if(!empty($syslogcfg['remoteserver2'])) {
if($syslogcfg['remoteserver3']) $remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver2']) . "\n";
$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n"; }
if(!empty($syslogcfg['remoteserver3'])) {
$remote_servers .= "{$facility}" . str_repeat("\t", $padding) . "@" . system_syslogd_fixup_server($syslogcfg['remoteserver3']) . "\n";
}
return $remote_servers; return $remote_servers;
} }
...@@ -807,76 +810,35 @@ function system_syslogd_start() ...@@ -807,76 +810,35 @@ function system_syslogd_start()
); );
$syslogconf = ''; $syslogconf = '';
$facilitylist = implode(',', array_unique($separatelogfacilities)); // create structure with log section definitions and config tags for remote usage
$syslogconf .= "!radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd\n"; $syslogconfs = array();
if (!isset($syslogcfg['disablelocallogging'])) $syslogconfs['routing'] = array("conf" => "!radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd" , "remote" => null);
$syslogconf .= "*.* {$log_directive}/var/log/routing.log\n"; $syslogconfs['ntpd'] = array("conf" => "!ntp,ntpd,ntpdate", "remote" => null);
$syslogconfs['ppps'] = array("conf" => "!ppp", "remote" => null);
$syslogconf .= "!ntp,ntpd,ntpdate\n"; $syslogconfs['pptps'] = array("conf" => "!pptps", "remote" => null);
if (!isset($syslogcfg['disablelocallogging'])) $syslogconfs['poes'] = array("conf" => "!poes", "remote" => null);
$syslogconf .= "*.* {$log_directive}/var/log/ntpd.log\n"; $syslogconfs['l2tps'] = array("conf" => "!l2tps", "remote" => null);
$syslogconfs['ipsec'] = array("conf" => "!charon", "remote" => null);
$syslogconf .= "!ppp\n"; $syslogconfs['openvpn'] = array("conf" => "!openvpn", "remote" => "vpn");
if (!isset($syslogcfg['disablelocallogging'])) $syslogconfs['gateways'] = array("conf" => "!apinger", "remote" => "apinger");
$syslogconf .= "*.* {$log_directive}/var/log/ppps.log\n"; $syslogconfs['resolver'] = array("conf" => "!dnsmasq,filterdns,unbound", "remote" => null);
$syslogconfs['dhcpd'] = array("conf" => "!dhcpd,dhcrelay,dhclient,dhcp6c", "remote" => "dhcp");
$syslogconf .= "!pptps\n"; $syslogconfs['relayd'] = array("conf" => "!relayd", "remote" => "relayd");
if (!isset($syslogcfg['disablelocallogging'])) $syslogconfs['wireless'] = array("conf" => "!hostapd", "remote" => "hostapd");
$syslogconf .= "*.* {$log_directive}/var/log/pptps.log\n"; $syslogconfs['filter'] = array("conf" => "!filterlog", "remote" => "filter");
$syslogconf .= "!poes\n"; foreach ($syslogconfs as $logTopic => $logConfig) {
if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= "{$logConfig['conf']}\n";
$syslogconf .= "*.* {$log_directive}/var/log/poes.log\n"; if (!isset($syslogcfg['disablelocallogging'])) {
$syslogconf .= "*.* {$log_directive}/var/log/{$logTopic}.log\n";
$syslogconf .= "!l2tps\n"; }
if (!isset($syslogcfg['disablelocallogging'])) if ($logConfig['remote'] != null && !empty($syslogcfg[$logConfig['remote']]) && !empty($syslogcfg['enable'])) {
$syslogconf .= "*.* {$log_directive}/var/log/l2tps.log\n"; $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
}
$syslogconf .= "!charon\n"; }
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/ipsec.log\n";
if (isset($syslogcfg['vpn']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$syslogconf .= "!openvpn\n";
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/openvpn.log\n";
if (isset($syslogcfg['vpn']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$syslogconf .= "!apinger\n";
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/gateways.log\n";
if (isset($syslogcfg['apinger']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$syslogconf .= "!dnsmasq,filterdns,unbound\n";
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/resolver.log\n";
$syslogconf .= "!dhcpd,dhcrelay,dhclient,dhcp6c\n";
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/dhcpd.log\n";
if (isset($syslogcfg['dhcp']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$syslogconf .= "!relayd\n";
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/relayd.log\n";
if (isset($syslogcfg['relayd']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$syslogconf .= "!hostapd\n";
if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= "*.* {$log_directive}/var/log/wireless.log\n";
if (isset($syslogcfg['hostapd']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$syslogconf .= "!filterlog\n";
$syslogconf .= "*.* {$log_directive}/var/log/filter.log\n";
if (isset($syslogcfg['filter']))
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
$facilitylist = implode(',', array_unique($separatelogfacilities));
$syslogconf .= "!-{$facilitylist}\n"; $syslogconf .= "!-{$facilitylist}\n";
if (!isset($syslogcfg['disablelocallogging'])) if (!isset($syslogcfg['disablelocallogging']))
$syslogconf .= <<<EOD $syslogconf .= <<<EOD
...@@ -892,23 +854,30 @@ auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15 ...@@ -892,23 +854,30 @@ auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf 15
*.emerg * *.emerg *
EOD; EOD;
if (isset($syslogcfg['vpn'])) if (!empty($syslogcfg['enable'])) {
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*"); if (isset($syslogcfg['vpn'])) {
if (isset($syslogcfg['portalauth'])) $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local3.*");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*"); }
if (isset($syslogcfg['dhcp'])) if (isset($syslogcfg['portalauth'])) {
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*"); $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local4.*");
if (isset($syslogcfg['system'])) { }
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none"); if (isset($syslogcfg['dhcp'])) {
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*"); $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "local7.*");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info"); }
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");
} if (isset($syslogcfg['system'])) {
if (isset($syslogcfg['logall'])) { $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.notice;kern.debug;lpr.info;mail.crit;");
// Make everything mean everything, including facilities excluded above. $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "news.err;local0.none;local3.none;local7.none");
$syslogconf .= "!*\n"; $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "security.*");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*"); $syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "auth.info;authpriv.info;daemon.info");
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.emerg");
}
if (isset($syslogcfg['logall'])) {
// Make everything mean everything, including facilities excluded above.
$syslogconf .= "!*\n";
$syslogconf .= system_syslogd_get_remote_servers($syslogcfg, "*.*");
}
} }
/* write syslog.conf */ /* write syslog.conf */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023