93 lines
4.8 KiB
Diff
93 lines
4.8 KiB
Diff
|
From 245d4e04318bcac20f15e680cf1b33a35b94067a Mon Sep 17 00:00:00 2001
|
||
|
From: Vojtech Polasek <vpolasek@redhat.com>
|
||
|
Date: Mon, 8 Aug 2022 14:34:34 +0200
|
||
|
Subject: [PATCH 1/3] add warning to the rsyslog_remote_loghost rule about
|
||
|
configuring queues
|
||
|
|
||
|
---
|
||
|
.../rsyslog_remote_loghost/rule.yml | 17 +++++++++++++++++
|
||
|
1 file changed, 17 insertions(+)
|
||
|
|
||
|
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
index 4ce56d2e6a5..c73d9ec95a6 100644
|
||
|
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
@@ -90,3 +90,20 @@ fixtext: |-
|
||
|
*.* @@[remoteloggingserver]:[port]"
|
||
|
|
||
|
srg_requirement: 'The {{{ full_name }}} audit records must be off-loaded onto a different system or storage media from the system being audited.'
|
||
|
+
|
||
|
+warnings:
|
||
|
+ - functionality: |-
|
||
|
+ It is important to configure queues in case the client is sending log
|
||
|
+ messages to a remote server. If queues are not configured, there is a
|
||
|
+ danger that the system will stop functioning in case that the connection
|
||
|
+ to the remote server is not available. Please consult Rsyslog
|
||
|
+ documentation for more information about configuration of queues. The
|
||
|
+ example configuration which should go into <tt>/etc/rsyslog.conf</tt>
|
||
|
+ can look like the following lines:
|
||
|
+ <pre>
|
||
|
+ $ActionQueueType LinkedList
|
||
|
+ $ActionQueueFileName somenameforprefix
|
||
|
+ $ActionQueueMaxDiskSpace 1g
|
||
|
+ $ActionQueueSaveOnShutdown on
|
||
|
+ $ActionResumeRetryCount -1
|
||
|
+ </pre>
|
||
|
|
||
|
From 10fbd1665513284fbb82cf1af96b92774301f8e5 Mon Sep 17 00:00:00 2001
|
||
|
From: vojtapolasek <krecoun@gmail.com>
|
||
|
Date: Tue, 9 Aug 2022 09:41:00 +0200
|
||
|
Subject: [PATCH 2/3] Apply suggestions from code review
|
||
|
|
||
|
Co-authored-by: Watson Yuuma Sato <wsato@redhat.com>
|
||
|
---
|
||
|
.../rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml | 4 ++--
|
||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
index c73d9ec95a6..706d3265a08 100644
|
||
|
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
@@ -95,14 +95,14 @@ warnings:
|
||
|
- functionality: |-
|
||
|
It is important to configure queues in case the client is sending log
|
||
|
messages to a remote server. If queues are not configured, there is a
|
||
|
- danger that the system will stop functioning in case that the connection
|
||
|
+ the system will stop functioning when the connection
|
||
|
to the remote server is not available. Please consult Rsyslog
|
||
|
documentation for more information about configuration of queues. The
|
||
|
example configuration which should go into <tt>/etc/rsyslog.conf</tt>
|
||
|
can look like the following lines:
|
||
|
<pre>
|
||
|
$ActionQueueType LinkedList
|
||
|
- $ActionQueueFileName somenameforprefix
|
||
|
+ $ActionQueueFileName queuefilename
|
||
|
$ActionQueueMaxDiskSpace 1g
|
||
|
$ActionQueueSaveOnShutdown on
|
||
|
$ActionResumeRetryCount -1
|
||
|
|
||
|
From e2abf4f8a1bcc0dd02ad4af6f9575797abdd332e Mon Sep 17 00:00:00 2001
|
||
|
From: vojtapolasek <krecoun@gmail.com>
|
||
|
Date: Tue, 9 Aug 2022 10:55:04 +0200
|
||
|
Subject: [PATCH 3/3] Update
|
||
|
linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
|
||
|
Co-authored-by: Watson Yuuma Sato <wsato@redhat.com>
|
||
|
---
|
||
|
.../rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
index 706d3265a08..cce4d5cac1d 100644
|
||
|
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
|
||
|
@@ -94,7 +94,7 @@ srg_requirement: 'The {{{ full_name }}} audit records must be off-loaded onto a
|
||
|
warnings:
|
||
|
- functionality: |-
|
||
|
It is important to configure queues in case the client is sending log
|
||
|
- messages to a remote server. If queues are not configured, there is a
|
||
|
+ messages to a remote server. If queues are not configured,
|
||
|
the system will stop functioning when the connection
|
||
|
to the remote server is not available. Please consult Rsyslog
|
||
|
documentation for more information about configuration of queues. The
|