Commit aaef3700 authored by bunkerity's avatar bunkerity
Browse files

improved logging with rsyslog

parent 6e3c2ddc
......@@ -11,7 +11,7 @@ COPY scripts/ /opt/scripts
COPY fail2ban/ /opt/fail2ban
COPY logs/ /opt/logs
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
......
......@@ -11,7 +11,7 @@ COPY scripts/ /opt/scripts
COPY fail2ban/ /opt/fail2ban
COPY logs/ /opt/logs
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
......
......@@ -18,7 +18,7 @@ COPY scripts/ /opt/scripts
COPY fail2ban/ /opt/fail2ban
COPY logs/ /opt/logs
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
......
......@@ -11,7 +11,7 @@ COPY scripts/ /opt/scripts
COPY fail2ban/ /opt/fail2ban
COPY logs/ /opt/logs
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils && \
RUN apk --no-cache add php7-fpm certbot libstdc++ libmaxminddb geoip pcre yajl fail2ban clamav apache2-utils rsyslog && \
chmod +x /opt/entrypoint.sh /opt/scripts/* && \
mkdir /opt/entrypoint.d && \
adduser -h /dev/null -g '' -s /sbin/nologin -D -H nginx
......
......@@ -12,9 +12,6 @@ worker_processes auto;
# faster regexp
pcre_jit on;
# display warnings and errors on stderr
error_log stderr warn;
# config files for dynamic modules
include /etc/nginx/modules/*.conf;
......@@ -64,9 +61,9 @@ http {
# get real IP address if behind a reverse proxy
%PROXY_REAL_IP%
# write logs to local syslogd
access_log syslog:server=unix:/dev/log,nohostname,facility=local0 combined;
error_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=warn;
# write logs to local syslog
access_log syslog:server=unix:/dev/log,nohostname,facility=local0,severity=notice combined;
error_log syslog:server=unix:/dev/log,nohostname,facility=local0 warn;
# lua path
lua_package_path "/usr/local/lib/lua/?.lua;;";
......
......@@ -50,7 +50,7 @@ function spaces_to_lua() {
cp /opt/confs/*.conf /etc/nginx
cp -r /opt/confs/owasp-crs /etc/nginx
cp /opt/confs/php.ini /etc/php7/php.ini
cp /opt/logs/syslog.conf /etc/syslog.conf
cp /opt/logs/rsyslog.conf /etc/rsyslog.conf
cp /opt/logs/logrotate.conf /etc/logrotate.conf
# remove cron jobs
......@@ -484,8 +484,8 @@ if [ "$WRITE_ACCESS" = "yes" ] ; then
chmod g+w -R /www
fi
# start syslogd
syslogd -S
# start rsyslogd
rsyslogd
# start PHP
if [ "$USE_PHP" = "yes" ] ; then
......@@ -500,8 +500,11 @@ crond
# start nginx
echo "[*] Running nginx ..."
/usr/sbin/nginx
if [ ! -f "/var/log/nginx.log" ] ; then
touch /var/log/nginx.log
if [ ! -f "/var/log/access.log" ] ; then
touch /var/log/access.log
fi
if [ ! -f "/var/log/error.log" ] ; then
touch /var/log/error.log
fi
if [ ! -f "/var/log/php.log" ] && [ "$USE_PHP" = "yes" ] ; then
touch /var/log/php.log
......@@ -519,9 +522,9 @@ echo "0 0 * * * logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/cront
# display logs
if [ "$USE_PHP" = "yes" ] ; then
tail -f /var/log/nginx.log /var/log/php.log &
tail -f /var/log/access.log /var/log/error.log /var/log/php.log &
else
tail -f /var/log/nginx.log &
tail -f /var/log/access.log /var/log/error.log &
fi
wait $!
......
......@@ -2,6 +2,6 @@
before = common.conf
[Definition]
failregex = .* nginx: <HOST> - .* \[.*\] ".*" (%FAIL2BAN_STATUS_CODES%) .* ".*" ".*"
failregex = <HOST> - .* \[.*\] ".*" (%FAIL2BAN_STATUS_CODES%) .* ".*" ".*"
ignoreregex =
datepattern = %%d/%%b/%%Y:%%H:%%M:%%S
......@@ -4,4 +4,4 @@ findtime = %FAIL2BAN_FINDTIME%
maxretry = %FAIL2BAN_MAXRETRY%
enabled = true
action = nginx-action
logpath = /var/log/nginx.log
logpath = /var/log/access.log
#### Global directives ####
# Sets the directory that rsyslog uses for work files.
$WorkDirectory /var/lib/rsyslog
# Sets default permissions for all log files.
$FileOwner root
$FileGroup root
$FileCreateMode 0600
$DirCreateMode 0700
$Umask 0077
# Include all config files in /etc/rsyslog.d/.
include(file="/etc/rsyslog.d/*.conf" mode="optional")
#### Modules ####
# Provides --MARK-- message capability.
module(load="immark")
# Provides support for local system logging (e.g. via logger command).
module(load="imuxsock")
# Nginx
$template rawFormat,"%msg:2:2048%\n"
local0.=notice /var/log/access.log;rawFormat
local0.*;local0.!=notice /var/log/error.log;rawFormat
# PHP
local1.* /var/log/php.log
local0.* /var/log/nginx.log
local1.* /var/log/php.log
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment