56 lines
3.7 KiB
Diff
56 lines
3.7 KiB
Diff
From 76b4418f937fd1dbaa1061fa5f83f11ea046dc40 Mon Sep 17 00:00:00 2001
|
|
From: Noriko Hosoi <nhosoi@redhat.com>
|
|
Date: Thu, 10 Sep 2020 16:35:43 -0700
|
|
Subject: [PATCH 3/7] Adding "Port and SELinux" section to README.
|
|
|
|
(cherry picked from commit 5f144bc74edbcd80a53a2fe84aa464f7ea9f44ef)
|
|
---
|
|
README.md | 16 +++++++++++++---
|
|
1 file changed, 13 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/README.md b/README.md
|
|
index 0eafde8..db29dc5 100644
|
|
--- a/README.md
|
|
+++ b/README.md
|
|
@@ -19,6 +19,7 @@
|
|
* [Standalone configuration](#standalone-configuration)
|
|
* [Client configuration](#client-configuration)
|
|
* [Server configuration](#server-configuration)
|
|
+ * [Port and SELinux](#port-and-selinux)
|
|
* [Providers](#providers)
|
|
* [Tests](#tests)
|
|
* [Implementation Details](#implementation-details)
|
|
@@ -111,10 +112,10 @@ This is a schematic logging configuration to show log messages from input_nameA
|
|
- `ovirt` type - `ovirt` input supports oVirt specific inputs.<br>
|
|
For the details, visit [oVirt Support](../../design_docs/rsyslog_ovirt_support.md).
|
|
|
|
-- `remote` type - `remote` input supports receiving logs from the remote logging system over the network. This input type makes rsyslog a server.<br>
|
|
+- `remote` type - `remote` input supports receiving logs from the remote logging system over the network.<br>
|
|
**available options**
|
|
- - `udp_ports`: List of UDP port numbers to listen. If set, the `remote` input listens on the UDP ports. No defaults. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped.
|
|
- - `tcp_ports`: List of TCP port numbers to listen. If set, the `remote` input listens on the TCP ports. Default to `[514]`. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. If both `udp_ports` and `tcp_ports` are not set in a `remote` input item, `tcp_ports: [514]` is added to the item.
|
|
+ - `udp_ports`: List of UDP port numbers to listen. If set, the `remote` input listens on the UDP ports. No defaults. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. See also [Port and SELinux](#port-and-selinux).
|
|
+ - `tcp_ports`: List of TCP port numbers to listen. If set, the `remote` input listens on the TCP ports. Default to `[514]`. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. If both `udp_ports` and `tcp_ports` are not set in a `remote` input item, `tcp_ports: [514]` is added to the item. See also [Port and SELinux](#port-and-selinux).
|
|
- `tls`: Set to `true` to encrypt the connection using the default TLS implementation used by the provider. Default to `false`.
|
|
- `pki_authmode`: Specifying the default network driver authentication mode. `x509/name`, `x509/fingerprint`, `anon` is accepted. Default to `x509/name`.
|
|
- `permitted_clients`: List of hostnames, IP addresses, fingerprints(sha1), and wildcard DNS domains which will be allowed by the `logging` server to connect and send logs over TLS. Default to `['*.{{ logging_domain }}']`
|
|
@@ -591,6 +592,15 @@ The following playbook generates the same logging configuration files.
|
|
outputs: [remote_files_output0, remote_files_output1]
|
|
```
|
|
|
|
+### Port and SELinux
|
|
+
|
|
+SELinux is only configured to allow sending and receiving on the following ports by default:
|
|
+```
|
|
+syslogd_port_t tcp 514, 20514
|
|
+syslogd_port_t udp 514, 20514
|
|
+```
|
|
+If other ports need to be configured, you can use [linux-system-roles/selinux](https://github.com/linux-system-roles/selinux) to manage SELinux contexts.
|
|
+
|
|
## Providers
|
|
|
|
[Rsyslog](roles/rsyslog) - This documentation contains rsyslog specific information.
|
|
--
|
|
2.26.2
|
|
|