fix: syslog-ng logrotate, add filter for kube, update access.conf
This commit is contained in:
parent
990c407b44
commit
4e997b7688
7
Makefile
7
Makefile
|
@ -31,3 +31,10 @@ age-seal:
|
|||
git restore $${f}.age 2>/dev/null && \
|
||||
age --decrypt -i ~/.ssh/git.age $$f.age | diff -q - $$f 2>/dev/null 1>&2 && \
|
||||
rm -f $$f || ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done
|
||||
|
||||
# Just a reference how it could work, requires root though
|
||||
scan-image:
|
||||
modprobe nbd
|
||||
qemu-nbd -c /dev/nbd0 --read-only alpine-cloud-images/work/images/aws/3.15.4-x86_64-bios-cloudinit-aws-kubezero/image.qcow2
|
||||
mount /dev/nbd0 /mnt/temp/
|
||||
trivy rootfs /mnt/temp
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
#!/bin/bash
|
||||
#set -x
|
||||
|
||||
echo "Are you really sure as AMIs might be used by customers !!"
|
||||
read
|
||||
|
||||
TAG_FILTER="Name=tag:project,Values=zdt-alpine"
|
||||
|
||||
#for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do
|
||||
|
|
Binary file not shown.
|
@ -23,13 +23,20 @@ sed -i -e "s/^[\s#]*rc_cgroup_mode=.*/rc_cgroup_mode=\"unified\"/" $TARGET/etc/r
|
|||
# Setup syslog-ng json logging
|
||||
cp $SETUP/syslog-ng.conf $TARGET/etc/syslog-ng/syslog-ng.conf
|
||||
cp $SETUP/syslog-ng.logrotate.conf $TARGET/etc/logrotate.d/syslog-ng
|
||||
echo 'syslog set to json logging'
|
||||
|
||||
# Change logrotate to run hourly rather than daily
|
||||
mv $TARGET/etc/periodic/daily/logrotate $TARGET/etc/periodic/hourly/
|
||||
echo 'Switch logrotate to run hourly rather than daily'
|
||||
|
||||
# Install cloudbender shutdown hook
|
||||
cp $SETUP/cloudbender.stop $TARGET/etc/local.d
|
||||
mkdir -p $TARGET/etc/cloudbender/shutdown.d
|
||||
echo 'Installed cloudbender shutdown hook'
|
||||
|
||||
# Install tools
|
||||
cp $SETUP/route53.py $TARGET/usr/local/bin
|
||||
echo 'Installed route53.py'
|
||||
|
||||
# ps_mem
|
||||
#wget https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
|
||||
|
|
|
@ -13,4 +13,10 @@ source s_sys { system(); internal();};
|
|||
|
||||
destination d_mesg { file("/var/log/messages" template("$(format-json time=\"$UNIXTIME\" facility=\"$FACILITY\" host=\"$LOGHOST\" ident=\"$PROGRAM\" pid=\"$PID\" level=\"$PRIORITY\" message=\"$MESSAGE\")\n")); };
|
||||
|
||||
log { source(s_sys); destination(d_mesg); };
|
||||
# filter ipvs loggging each SYN to closed port
|
||||
# IPVS: rr: TCP 10.52.82.199:31021 - no destination available
|
||||
filter f_drop_ipvs { not (facility(kern) and match("IPVS: rr:.*no destination available" value("MESSAGE"))); };
|
||||
# "message":"net_ratelimit: 16 callbacks suppressed"
|
||||
filter f_drop_ipvs_ratelimit { not (facility(kern) and match("net_ratelimit:.*callbacks suppressed" value("MESSAGE"))); };
|
||||
|
||||
log { source(s_sys); filter(f_drop_ipvs); filter(f_drop_ipvs_ratelimit); destination(d_mesg); };
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
/var/log/messages
|
||||
{
|
||||
nodateext
|
||||
rotate 2
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
maxsize 64M
|
||||
daily
|
||||
sharedscripts
|
||||
postrotate
|
||||
invoke-rc.d syslog-ng reload > /dev/null
|
||||
rc-service syslog-ng reload > /dev/null
|
||||
endscript
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue