system/rsyslog: Added (enhanced syslogd)

Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
2024-11-20 19:41:34 +01:00 · 2011-12-11 13:19:47 -06:00 · 2011-12-11 13:19:47 -06:00 · c7dedc9882
commit c7dedc9882
parent a13590db46
9 changed files with 382 additions and 0 deletions
--- a/system/rsyslog/README
+++ b/system/rsyslog/README
@ -0,0 +1,18 @@
+Rsyslog is an enhanced syslogd supporting, among others, MySQL, 
+PostgreSQL, failover log destinations, syslog/tcp, fine grain output 
+format control, high precision timestamps, queued operations and the 
+ability to filter on any message part.  It is quite compatible with
+stock sysklogd and can be used as a drop-in replacement.  Its advanced 
+features make it suitable for enterprise-class, encryption protected 
+syslog relay chains while at the same time being very easy to setup 
+for the novice user.
+
+Before you can run rsyslog, please see README.SLACKWARE
+
+You can enable a lot of optional (not-autodetected) features by
+passing variables to the script (VAR=yes/no ./rsyslog.SlackBuild):
+MYSQL=yes|no (default: no), requires mysql (part of stock Slackware)
+PGSQL=yes|no (default: no), requires postgresql
+RELP=yes|no (default: no), requires librelp
+LIBDBI=yes|no (default: no), requires libdbi
+GNUTLS=yes|no (default: no), requires gnutls
--- a/system/rsyslog/README.SLACKWARE
+++ b/system/rsyslog/README.SLACKWARE
@ -0,0 +1,24 @@
+README.SLACKWARE for rsyslog
+
+The package contains the /etc/rc.d/rc.rsyslogd init script which will
+start rsyslogd.  
+
+Since rsyslog basically supersedes the klogd/syslogd daemons, the stock 
+Slackware sysklogd package should be removed and its leftovers cleaned up:
+
+  1. Remove useless logrotate configuration:
+
+     rm /etc/logrotate.d/syslog
+
+  2. Make rsyslog start automatically on boot, without modifications to rc.M:
+
+     cd /etc/rc.d && ln -sf rc.rsyslogd rc.syslog
+     cd /usr/sbin && ln -sf rsyslogd syslogd
+
+To make the transition even easier, you will find /etc/rsyslog.conf in the 
+proper format, which was converted from sysklogd's syslog.conf.
+
+/etc/rc.d/rc.rsyslogd is written to emulate syslogd.  To prevent rc.inet1
+from attempting to run rc.syslog again, rc.syslogd will copy/remove the
+/var/run/syslogd.pid file on successful start/stop invocations.
+
--- a/system/rsyslog/config/rc.rsyslogd
+++ b/system/rsyslog/config/rc.rsyslogd
@ -0,0 +1,65 @@
+#!/bin/sh
+# Start/stop/restart the system logging daemons.
+#
+# Written for Slackware Linux by Patrick J. Volkerding <volkerdi@slackware.com>.
+# Modded for rsyslogd by Chris Elvidge <chris@lowe.ae> Sept 2005
+# slightly modified by ponce <matteo.bernardini@sns.it> Oct 2010
+# rsyslogd_reload added by Christophe Trussardi <chris@teria.org> Sept 2011
+#
+
+pidfile1=/var/run/rsyslogd.pid	# native rsyslogd pid file
+pidfile2=/var/run/syslogd.pid	# spoof the "old" syslogd file
+
+create_xconsole()
+{
+    if [ ! -e /dev/xconsole ]; then
+      mknod -m 640 /dev/xconsole p
+    else
+      chmod 0640 /dev/xconsole
+    fi
+    chown 0:0 /dev/xconsole
+}
+
+rsyslogd_start() {
+  if [ -x /usr/sbin/rsyslogd ]; then
+    echo "Starting rsyslogd daemon: "
+    echo "/usr/sbin/rsyslogd -c5 -i $pidfile1"
+    /usr/sbin/rsyslogd -c5 -i "$pidfile1"
+    cp "$pidfile1" "$pidfile2"
+  fi
+}
+
+rsyslogd_stop() {
+  killall rsyslogd 2> /dev/null
+  /usr/bin/rm $pidfile1 2> /dev/null
+  /usr/bin/rm $pidfile2 2> /dev/null
+}
+
+rsyslogd_restart() {
+  rsyslogd_stop
+  sleep 1
+  rsyslogd_start
+}
+
+rsyslogd_reload() {
+  echo "Reloading rsyslogd daemon: "
+  [ -f "$pidfile1" ] && /bin/kill -HUP $(cat $pidfile1)
+}
+
+case "$1" in
+'start')
+  create_xconsole
+  rsyslogd_start
+  ;;
+'stop')
+  rsyslogd_stop
+  ;;
+'restart')
+  rsyslogd_restart
+  ;;
+'reload')
+  rsyslogd_reload
+  ;;
+*)
+  echo "usage $0 start|stop|restart|reload"
+esac
--- a/system/rsyslog/config/rsyslog
+++ b/system/rsyslog/config/rsyslog
@ -0,0 +1,6 @@
+/var/log/cron /var/log/debug /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler /var/log/syslog {
+    sharedscripts
+    postrotate
+	/bin/kill -HUP $(cat /var/run/rsyslogd.pid 2>/dev/null) 2>/dev/null || true
+    endscript
+}
--- a/system/rsyslog/config/rsyslog.conf
+++ b/system/rsyslog/config/rsyslog.conf
@ -0,0 +1,107 @@
+#  /etc/rsyslog.conf	Configuration file for rsyslog.
+#
+#			For more information see
+#			/usr/doc/rsyslog/html/rsyslog_conf.html
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
+$ModLoad immark   # provides --MARK-- message capability
+
+# ######### Receiving Messages from Remote Hosts ##########
+# TCP Syslog Server:
+# provides TCP syslog reception and GSS-API (if compiled to support it)
+#$ModLoad imtcp  # load module
+#$InputTCPServerRun 514 # start up TCP listener at port 514
+
+# UDP Syslog Server:
+#$ModLoad imudp  # provides UDP syslog reception
+#$UDPServerRun 514 # start a UDP syslog server at standard port 514
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Use traditional Slackware console log level
+#
+$klogConsoleLogLevel 3
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup root
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+#$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+# Uncomment this to see kernel messages on the console.
+#kern.*							/dev/console
+
+# Log anything 'info' or higher, but lower than 'warn'.
+# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
+*.info;*.!warn;\
+	authpriv.none;cron.none;mail.none;news.none	-/var/log/messages
+
+# Log anything 'warn' or higher.
+# Exclude authpriv, cron, mail, and news.  These are logged elsewhere.
+*.warn;\
+	authpriv.none;cron.none;mail.none;news.none	-/var/log/syslog
+
+# Debugging information is logged here.
+*.=debug						-/var/log/debug
+
+# Private authentication message logging:
+authpriv.*						-/var/log/secure
+
+# Cron related logs:
+cron.*							-/var/log/cron
+
+# Mail related logs:
+mail.*							-/var/log/maillog
+
+# Emergency level messages go to all users:
+*.emerg							*
+
+# This log is for news and uucp errors:
+uucp,news.crit						-/var/log/spooler
+
+# Uncomment these if you'd like INN to keep logs on everything.
+# You won't need this if you don't run INN (the InterNetNews daemon).
+#news.=crit					-/var/log/news/news.crit
+#news.=err					-/var/log/news/news.err
+#news.notice					-/var/log/news/news.notice
+
+# ########## Remote Logging (we use TCP for reliable delivery) ##########
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#$WorkDirectory /rsyslog/spool # where to place spool files
+#$ActionQueueFileName uniqName # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinite retries if host is down
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
--- a/system/rsyslog/doinst.sh
+++ b/system/rsyslog/doinst.sh
@ -0,0 +1,31 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    rm $NEW
+  fi
+}
+preserve_perms() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ -e $OLD ]; then
+    cp -a $OLD ${NEW}.incoming
+    cat $NEW > ${NEW}.incoming
+    mv ${NEW}.incoming $NEW
+  fi
+  config $NEW
+}
+
+preserve_perms etc/rc.d/rc.rsyslogd.new
+config etc/rsyslog.conf.new
+config etc/logrotate.d/rsyslog.new
+config var/log/messages.new ; rm -f var/log/messages.new
+config var/log/syslog.new ; rm -f var/log/syslog.new
+config var/log/debug.new ; rm -f var/log/debug.new
+config var/log/secure.new ; rm -f var/log/secure.new
+config var/log/cron.new ; rm -f var/log/cron.new
+config var/log/maillog.new ; rm -f var/log/maillog.new
+config var/log/spooler.new ; rm -f var/log/spooler.new
+
--- a/system/rsyslog/rsyslog.SlackBuild
+++ b/system/rsyslog/rsyslog.SlackBuild
@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# Slackware build script for rsyslog
+# Written by Christophe Trussardi (chris at teria dot org)
+#
+
+PRGNAM=rsyslog
+VERSION=${VERSION:-5.8.6}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i486 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+[ "${MYSQL:-no}" = "no" ] || mysql_option="--enable-mysql"
+[ "${PGSQL:-no}" = "no" ] || pgsql_option="--enable-pgsql"
+[ "${LIBDBI:-no}" = "no" ] || libdbi_option="--enable-libdbi"
+[ "${GNUTLS:-no}" = "no" ] || gnutls_option="--enable-gnutls"
+[ "${RELP:-no}" = "no" ] || relp_option="--enable-relp"
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+chmod -R u+w,go+r-w,a-s .
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+  --prefix=/usr \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --docdir=/usr/doc/$PRGNAM-$VERSION \
+  --build=$ARCH-slackware-linux \
+  $mysql_option $pgsql_option $libdbi_option $gnutls_option $relp_option 
+
+make
+make install-strip DESTDIR=$PKG
+
+mkdir -p $PKG/etc/rc.d/
+cat $CWD/config/rsyslog.conf > $PKG/etc/rsyslog.conf.new
+cat $CWD/config/rc.rsyslogd > $PKG/etc/rc.d/rc.rsyslogd.new
+chmod 0755 $PKG/etc/rc.d/rc.rsyslogd.new
+
+mkdir -p $PKG/etc/logrotate.d/
+cat $CWD/config/rsyslog > $PKG/etc/logrotate.d/rsyslog.new
+
+# Create log files in such a way that they won't clobber existing ones
+mkdir -p $PKG/var/log
+for i in cron debug maillog messages secure spooler syslog; do
+ touch $PKG/var/log/$i.new ;
+done
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/html
+cp -a \
+  AUTHORS COPYING COPYING.LESSER ChangeLog INSTALL NEWS README \
+  $PKG/usr/doc/$PRGNAM-$VERSION 
+cp -a doc/*.{jpg,html,png} $PKG/usr/doc/$PRGNAM-$VERSION/html
+chmod -R 0644 $PKG/usr/doc/$PRGNAM-$VERSION/*
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
--- a/system/rsyslog/rsyslog.info
+++ b/system/rsyslog/rsyslog.info
@ -0,0 +1,10 @@
+PRGNAM="rsyslog"
+VERSION="5.8.6"
+HOMEPAGE="http://www.rsyslog.com/"
+DOWNLOAD="http://www.rsyslog.com/files/download/rsyslog/rsyslog-5.8.6.tar.gz"
+MD5SUM="c46db0496066b82faf735bd4222208d7"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Christophe Trussardi"
+EMAIL="chris@teria.org"
+APPROVED="rworkman"
--- a/system/rsyslog/slack-desc
+++ b/system/rsyslog/slack-desc
@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in.  You must
+# make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':'.
+
+       |-----handy-ruler-------------------------------------------------|
+rsyslog: Rsyslog (enhanced syslogd)
+rsyslog:
+rsyslog: Rsyslog is an enhanced syslogd supporting, among others, MySQL,
+rsyslog: PostgreSQL, failover log destinations, syslog/tcp, fine grain 
+rsyslog: output format control, high precision timestamps, queued
+rsyslog: operations and the ability to filter on any message part. Its
+rsyslog: advanced features make it suitable for enterprise-class,
+rsyslog: encryption protected syslog relay chains while at the same time 
+rsyslog: being very easy to setup for the novice user.
+rsyslog:
+rsyslog: Homepage: http://www.rsyslog.com/