diff --git a/techniques/system/common/1.0/metadata.xml b/techniques/system/common/1.0/metadata.xml
index f2782648b..6b4e2deb1 100644
--- a/techniques/system/common/1.0/metadata.xml
+++ b/techniques/system/common/1.0/metadata.xml
@@ -129,6 +129,7 @@ along with this program. If not, see .
RUDDER_NODE_GROUPS_VARS
RUDDER_NODE_GROUPS_CLASSES
REPORTING_PROTOCOL
+ SYSLOG_PROTOCOL_DISABLED
RUDDER_INVENTORY_VARS
diff --git a/techniques/system/common/1.0/promises.st b/techniques/system/common/1.0/promises.st
index 09b956509..990abf841 100644
--- a/techniques/system/common/1.0/promises.st
+++ b/techniques/system/common/1.0/promises.st
@@ -36,6 +36,7 @@ bundle common rudder_roles
"changes_only" expression => "changes_only_mode.!force_full_compliance";
"reports_disabled" expression => "reports_disabled_mode.!force_full_compliance";
"rudder_reporting_https" expression => strcmp("&REPORTING_PROTOCOL&", "HTTPS");
+ "rsyslog_disabled" expression => strcmp("&SYSLOG_PROTOCOL_DISABLED&", "true");
# full compliance is the default mode
"full_compliance" not => "changes_only|reports_disabled";
diff --git a/techniques/system/distributePolicy/1.0/rsyslogConf.cf b/techniques/system/distributePolicy/1.0/rsyslogConf.cf
index dbe185962..a7dee8637 100644
--- a/techniques/system/distributePolicy/1.0/rsyslogConf.cf
+++ b/techniques/system/distributePolicy/1.0/rsyslogConf.cf
@@ -62,14 +62,16 @@ bundle agent install_rsyslogd
files:
- policy_server.!reports_disabled.!role_rudder_relay_promises_only::
+ policy_server.!(reports_disabled|rsyslog_disabled).!role_rudder_relay_promises_only::
"/etc/rsyslog.d/rudder.conf"
- create => "true",
- edit_defaults => empty_size("8388608"), # the template can get pretty big with a lot of entries
- edit_line => expand_template("${this.promise_dirname}/../rsyslog.conf/${rsyslog_source_file}"),
- classes => classes_generic("rudder_rsyslog_conf"),
- comment => "Copying rsyslog conf";
+ create => "true",
+ edit_defaults => empty_size("8388608"), # the template can get pretty big with a lot of entries
+ perms => mog("600", "root", "0"),
+ template_method => "mustache",
+ edit_template => "${this.promise_dirname}/../rsyslog.conf/${rsyslog_source_file}",
+ classes => classes_generic("rudder_rsyslog_conf"),
+ comment => "Copying rsyslog conf";
"/etc/rsyslog.conf"
edit_line => append_if_no_lines("$IncludeConfig /etc/rsyslog.d/*.conf"),
@@ -84,20 +86,28 @@ bundle agent install_rsyslogd
classes => classes_generic("rudder_rsyslog_historical_conf"),
comment => "Deleting historical rudder-agent.conf file if it is there";
- (root_server|role_rudder_relay_top).debian.!reports_disabled.!role_rudder_relay_promises_only::
+ (root_server|role_rudder_relay_top).debian.!(reports_disabled|rsyslog_disabled).!role_rudder_relay_promises_only::
"/etc/rsyslog.d/pgsql.conf"
edit_line => comment_all(),
edit_defaults => noempty_backup,
classes => classes_generic("rudder_rsyslog_pgsql"),
comment => "Removing the logging of all in the database";
+ # If reports are disabled, or if rsyslog is disabled, we remove rudder rsyslog conf
+ policy_server.(reports_disabled|rsyslog_disabled)
+ "/etc/rsyslog.d/rudder.conf"
+ delete => tidy,
+ classes => classes_generic("remove_rudder_rsyslog_conf");
+
+
+
commands:
- policy_server.!SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired)::
+ policy_server.!SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired|remove_rudder_rsyslog_conf_repaired)::
"${paths.path[service]} rsyslog"
args => "restart",
classes => classes_generic("rsyslog_restarted"),
comment => "restarting rsyslog";
- policy_server.SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired)::
+ policy_server.SuSE.(rudder_rsyslog_conf_repaired|rsyslog_inc_repaired|rudder_rsyslog_historical_conf_repaired|rudder_rsyslog_pgsql_repaired|remove_rudder_rsyslog_conf_repaired)::
"${paths.path[service]} syslog"
args => "restart",
classes => classes_generic("rsyslog_restarted"),
diff --git a/techniques/system/distributePolicy/1.0/rudder-rsyslog-relay.st b/techniques/system/distributePolicy/1.0/rudder-rsyslog-relay.st
index 761da3f43..b77661039 100644
--- a/techniques/system/distributePolicy/1.0/rudder-rsyslog-relay.st
+++ b/techniques/system/distributePolicy/1.0/rudder-rsyslog-relay.st
@@ -44,13 +44,21 @@ $ActionQueueSaveOnShutdown on
# Filtering by content
# Process :
+
+# If report protocol is HTTPS, we drop the local rsyslog message
+{{#classes.rudder_reporting_https}}
+if $fromhost-ip == "127.0.0.1" then {
+ :programname, isequal, "rudder" ~
+}
+{{/classes.rudder_reporting_https}}
+
# We first forward the data to the root server, then we drop it to prevent
# it from reaching local storage in .log files.
# The report format is @@Policy@@State@@RuleId@@DirectiveId@@VersionId@@Component@@Key@@ExecutionTimeStamp##NodeId@#HumanReadableMessage
#
# 1 - Send every matching report to the root server
-:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]{1,64}?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@[0-9]+?@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*" ${check_log_system.rsyslog_rule_prefix}${server_info.policy_server}:&SYSLOGPORT&
+:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]{1,64}?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@[0-9]+?@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*" {{vars.check_log_system.rsyslog_rule_prefix}}{{vars.server_info.policy_server}}:&SYSLOGPORT&
# 2 - Drop the remaining rudder logs to prevent local storage cluttering
diff --git a/techniques/system/distributePolicy/1.0/rudder-rsyslog-root.st b/techniques/system/distributePolicy/1.0/rudder-rsyslog-root.st
index 4abfe1dcb..71dd573fa 100644
--- a/techniques/system/distributePolicy/1.0/rudder-rsyslog-root.st
+++ b/techniques/system/distributePolicy/1.0/rudder-rsyslog-root.st
@@ -63,12 +63,19 @@ $template RudderReportsFormat,"insert into RudderSysEvents (executionDate, nodeI
# Filtering by content
# Process :
-# We first store the data in the database, then we drop it to prevent
+# If report protocol is HTTPS, we drop the local rsyslog message
+{{#classes.rudder_reporting_https}}
+if $fromhost-ip == "127.0.0.1" then {
+ :programname, isequal, "rudder" ~
+}
+{{/classes.rudder_reporting_https}}
+
+# Else we first store the data in the database, then we drop it to prevent
# it from reaching local storage in .log files.
# The report format is @@Policy@@State@@RuleId@@DirectiveId@@0@@Component@@Key@@ExecutionTimeStamp##NodeId@#HumanReadableMessage
#
# 1 - Send every matching report in the database...
-:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]+?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@0@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*" :ompgsql:${rudder_postgresql.host},${rudder_postgresql.db_name},${rudder_postgresql.db_user},${rudder_postgresql.db_pass};RudderReportsFormat
+:msg, ereregex, "(R: )?@@[ a-zA-Z0-9_\-]+?@@[a-zA-Z0-9_\-]+?@@[a-zA-Z0-9\-]+@@[a-zA-Z0-9\-]+?@@0@@.*?@@.*?@@[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{1,2}:[0-9]{2}##[a-zA-Z0-9\-]+?@#.*" :ompgsql:{{vars.rudder_postgresql.host}},{{vars.rudder_postgresql.db_name}},{{vars.rudder_postgresql.db_user}},{{vars.rudder_postgresql.db_pass}};RudderReportsFormat
# 2 - Drop the remaining rudder logs to prevent local storage cluttering