6305N/A# check version
6305N/A/usr/lib/rsyslog/rsyslogd -v
6305N/A
6305N/A
6305N/A
6305N/A# test that rsyslog does not contain our workspace path but rather relative paths
6305N/A/usr/lib/rsyslog/rsyslogd -d -n 2>&1 | grep ': source file'
6305N/A
6305N/A
6305N/A
6305N/A# Check that GSS support is compiled in. The two functions should be seen:
6305N/Anm /usr/lib/rsyslog/lmnet.so |grep AllowedSenders_GSS
6305N/A[104] | 2097184| 8|OBJT |GLOB |0 |25 |pAllowedSenders_GSS
6305N/A[80] | 2097176| 8|OBJT |LOCL |0 |25 |pLastAllowedSenders_GSS
6305N/A
6305N/A
6305N/A
6305N/A# Install prerequirements for testing
6305N/Apkg install database/mysql-57 database/mysql-57/client
6305N/A
6305N/A
6305N/A
6305N/A# Disable native syslog, enable rsyslog
6305N/Asvcadm disable system/system-log:default
6305N/Asleep 5
6305N/Asvcadm enable system/system-log:rsyslog
6305N/Asleep 5
6305N/Asvcs -x
6305N/A
6305N/A
6305N/A
6306N/A======================= Create /etc/rsyslog.d/filegroup ========================
6306N/A$FileGroup openldap
6306N/A*.* /var/tmp/openldap
6306N/A$ResetConfigVariables
6306N/A================================================================================
6306N/Arm -f /var/tmp/openldap
6306N/Asvcadm restart system/system-log:rsyslog
6306N/Alogger -p error "openldap"
6306N/Als -l /var/tmp/openldap
6306N/A-rw-r--r-- 1 root openldap 2873 Jun 22 10:36 /var/tmp/openldap
6306N/A# Make sure that the new file has 'openldap' group
6306N/A
6306N/A
6306N/A
6305N/A# Logging a message should appear in dmesg and /var/adm/messages
6305N/Alogger -p error "Message 1"
6305N/Admesg | tail # should contain '2016-06-10T07:53:00+00:00 S12-99 root: [ID 702911 user.error] Message 1'
6305N/Atail /var/adm/messages
6305N/A
6305N/A======================== Create /etc/rsyslog.d/by_mail =========================
6305N/Amodule(load="ommail")
6305N/A
6305N/Atemplate (name="mailBody" type="string" string="RSYSLOG Alert\\r\\nmsg='%msg%'")
6305N/Atemplate (name="mailSubject" type="string" string="send by mail on %hostname%")
6305N/A
6305N/Aif $msg contains "send" then {
6305N/A action(type="ommail" server="localhost" port="25"
6305N/A mailfrom="rsyslog@localhost"
6305N/A mailto="root@localhost"
6305N/A subject.template="mailSubject"
6305N/A body.enable="on" # !!!!! should not be needed - see 23584223
6305N/A action.execonlyonceeveryinterval="0")
6305N/A}
6305N/A================================================================================
6305N/A
6305N/Asvcadm restart system/system-log:rsyslog
6305N/Ayes 'd' | mail > /dev/null # delete mail messages
6305N/Alogger -p error "Message 2 - send"
6305N/Amail -p # should contain our "Message 2 - send"
6305N/A
6305N/A
6305N/A
6305N/A====================== Create /etc/rsyslog.d/follow_file =======================
6305N/Amodule(load="imfile" mode="polling" PollingInterval="1")
6305N/A
6305N/Ainput(type="imfile"
6305N/A file="/var/tmp/file_to_follow"
6305N/A tag="foobar"
6305N/A severity="error"
6305N/A facility="local7")
6305N/A================================================================================
6305N/A
6305N/Asvcadm restart system/system-log:rsyslog
6305N/Aecho $"line created in a file\nand a second line" > /var/tmp/file_to_follow
6305N/Admesg | tail
6305N/A#2016-06-10T09:14:20.481340+00:00 S12-99 foobar line created in a file
6305N/A#2016-06-10T09:14:20.481355+00:00 S12-99 foobar and a second line
6305N/A
6305N/A
6305N/A
6305N/A======================= Create file /etc/rsyslog.d/stats =======================
6305N/Amodule(
6305N/A load="impstats"
6305N/A interval="10" # how often to generate stats
6305N/A resetCounters="on" # to get deltas (e.g. # of messages submitted in the last 10 seconds)
6305N/A log.file="/tmp/stats" # file to write those stats to
6305N/A log.syslog="off" # don't send stats through the normal processing pipeline. More on that in a bit
6305N/A)
6305N/A================================================================================
6305N/A
6305N/Arm -f /tmp/stats
6305N/Asvcadm restart system/system-log:rsyslog
6305N/Asleep 15
6305N/Acat /tmp/stats # The file should be there and contain some stats
6305N/A
6305N/A
6305N/A
6305N/A======================== Create file /etc/rsyslog.d/tcp ========================
6305N/Amodule(load="imtcp")
6305N/Ainput(type="imtcp" port="6666" address="127.0.0.1")
6305N/A================================================================================
6305N/A
6305N/Asvcadm restart system/system-log:rsyslog
6305N/Aecho '<89>xxxxxxxxxxxx' | nc localhost 6666
6305N/Admesg | tail # message xxxx should be visible
6305N/A
6305N/A
6305N/A
6305N/AMYSQL_TEST_DATADIR=/var/tmp/mysql
6305N/AMYSQL_VERSION=5.7
6305N/AMYSQL_BINDIR=/usr/mysql/$MYSQL_VERSION/bin
6305N/AMYSQL_TEST_USER=root
6305N/AMYSQL_TEST_PASSWORD=new-password
6305N/A
6305N/Apkill -9 mysqld
6305N/Arm -rf "$MYSQL_TEST_DATADIR"
6305N/Amkdir "$MYSQL_TEST_DATADIR"
6305N/A
6305N/A"$MYSQL_BINDIR/mysqld" --datadir="$MYSQL_TEST_DATADIR" \
6305N/A --basedir=/usr/mysql/$MYSQL_VERSION --initialize-insecure
6305N/A
6305N/A# Run the daemon in background.
6305N/A# --gdb makes it possible to terminate mysqld via Ctrl+C
6305N/A"$MYSQL_BINDIR/mysqld" \
6305N/A --skip-networking \
6305N/A -u $MYSQL_TEST_USER \
6305N/A --datadir="$MYSQL_TEST_DATADIR" \
6305N/A --pid-file="$MYSQL_TEST_DATADIR"/pid \
6305N/A --user=root \
6305N/A --gdb &
6305N/A
6305N/Asleep 10 # wait for db to come up
6305N/A
6305N/A"$MYSQL_BINDIR/mysqladmin" \
6305N/A -u "$MYSQL_TEST_USER" \
6305N/A password "$MYSQL_TEST_PASSWORD"
6305N/A
6305N/Aecho "CREATE DATABASE Syslog;
6305N/AUSE Syslog;
6305N/ACREATE TABLE SystemEvents
6305N/A(
6305N/A ID int unsigned not null auto_increment primary key,
6305N/A CustomerID bigint,
6305N/A ReceivedAt datetime NULL,
6305N/A DeviceReportedTime datetime NULL,
6305N/A Facility smallint NULL,
6305N/A Priority smallint NULL,
6305N/A FromHost varchar(60) NULL,
6305N/A Message text,
6305N/A NTSeverity int NULL,
6305N/A Importance int NULL,
6305N/A EventSource varchar(60),
6305N/A EventUser varchar(60) NULL,
6305N/A EventCategory int NULL,
6305N/A EventID int NULL,
6305N/A EventBinaryData text NULL,
6305N/A MaxAvailable int NULL,
6305N/A CurrUsage int NULL,
6305N/A MinUsage int NULL,
6305N/A MaxUsage int NULL,
6305N/A InfoUnitID int NULL ,
6305N/A SysLogTag varchar(60),
6305N/A EventLogType varchar(60),
6305N/A GenericFileName VarChar(60),
6305N/A SystemID int NULL
6305N/A);
6305N/A
6305N/ACREATE TABLE SystemEventsProperties
6305N/A(
6305N/A ID int unsigned not null auto_increment primary key,
6305N/A SystemEventID int NULL ,
6305N/A ParamName varchar(255) NULL ,
6305N/A ParamValue text NULL
6305N/A);
6305N/A" | mysql --user="$MYSQL_TEST_USER" --password="$MYSQL_TEST_PASSWORD"
6305N/A
6305N/A========================= Create /etc/rsyslog.d/mysql ==========================
6305N/A$ModLoad ommysql.so
6305N/A
6305N/Aif $msg contains 'mysql' then :ommysql:localhost,Syslog,root,new-password
6305N/A================================================================================
6305N/A
6305N/Asvcadm restart system/system-log:rsyslog
6305N/Alogger -p error "no database"
6305N/Alogger -p info "mysql database"
6305N/Aecho "select Message from SystemEvents" | mysql --user="$MYSQL_TEST_USER" --password="$MYSQL_TEST_PASSWORD" -D Syslog
6305N/A# The table should contain "mysql database" entry
6305N/A
6305N/A
6305N/A
6305N/A============================= Create /var/tmp/a.py =============================
6305N/Aimport socket
6305N/Asock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
6305N/Asock.bind('/tmp/socksample')
6305N/Awhile True:
6305N/A print('!!! ' + sock.recv(4096))
6305N/A================================================================================
6305N/A
6305N/A========================= Create /etc/rsyslog.d/socket =========================
6305N/A$ModLoad omuxsock
6305N/A$OMUxSockSocket /tmp/socksample
6305N/A*.* :omuxsock:
6305N/A================================================================================
6305N/A
6305N/Arm -f /tmp/socksample
6305N/Apython /var/tmp/a.py &
6305N/Asvcadm restart system/system-log:rsyslog
6305N/Alogger -p info test
6305N/A# there should be output like !!! <14>Jun 13 20:05:56 S12-99 root: [ID 702911 user.info] test
6305N/A
6305N/A
6305N/A
6305N/Arm /etc/rsyslog.d/*
6305N/A
6305N/A========================= Create /etc/rsyslog.d/server =========================
6305N/A$ModLoad imudp
6305N/A$UDPServerRun 5822
6305N/A================================================================================
6305N/Asvcadm restart system/system-log:rsyslog
6305N/A
6305N/ALines denoted by '!!!' means that they apply to second (client) machine.
6305N/AReplace A.B.C.D by ip of server machine
6305N/A
6305N/A!!! ================ On second machine create /etc/rsyslog.d/client ================
6305N/A!!! *.* @A.B.C.D:5822
6305N/A!!! ================================================================================
6305N/A!!! # Disable native syslog, enable rsyslog
6305N/A!!! svcadm disable system/system-log:default
6305N/A!!! sleep 5
6305N/A!!! svcadm enable system/system-log:rsyslog
6305N/A!!! sleep 5
6305N/A!!! svcs -x
6305N/A!!!
6305N/A!!! svcadm restart system/system-log:rsyslog
6305N/A!!! logger -p error 'udp log'
6305N/A!!!
6305N/A!!! # Server should have the log
6305N/A!!! dmest | tail
6305N/A!!! 2016-06-18T23:22:56+00:00 S12-101 root: [ID 702911 user.error] udp log
6305N/A
6305N/Admesg | tail # shoudl show 'udp log' message
6305N/A
6305N/A
6305N/A
6305N/A========================= Modify /etc/rsyslog.d/server =========================
6305N/A$ModLoad imtcp
6305N/A$InputTCPServerRun 5822
6305N/A================================================================================
6305N/Asnoop -d net0 -x 0 port 5822
6305N/A
6305N/A!!! =============== On second machine replace /etc/rsyslog.d/client ================
6305N/A!!! *.* @@A.B.C.D:5822
6305N/A!!! ================================================================================
6305N/A!!! svcadm restart system/system-log:rsyslog
6305N/A!!! logger -p error 'tcp log'
6305N/A
6305N/A# Make sure snoop shows the 'tcp log' message in plain
6305N/Admesg | tail # should show 'tcp log' message
6305N/A
6305N/A
6305N/A
6305N/A========================= Modify /etc/rsyslog.d/server =========================
6305N/A$DefaultNetstreamDriver gtls
6305N/A$DefaultNetstreamDriverCAFile /etc/rsyslog.cert/ca-cert.pem
6305N/A$DefaultNetstreamDriverCertFile /etc/rsyslog.cert/server-cert.pem
6305N/A$DefaultNetstreamDriverKeyFile /etc/rsyslog.cert/server-key.pem
6305N/A
6305N/A$ModLoad imtcp
6305N/A
6305N/A$InputTCPServerStreamDriverMode 1
6305N/A$InputTCPServerStreamDriverAuthMode anon
6305N/A$InputTCPServerRun 5822
6305N/A================================================================================
6305N/Amkdir -p /etc/rsyslog.cert
6305N/Acd /etc/rsyslog.cert
6305N/ASUBJ='/CN=server.cz.oracle.com/O=Oracle Corporation/OU=Solaris RPE/C=CZ/ST=Czech republic/L=Prague/emailAddress=root@localhost'
6305N/Aopenssl genrsa 2048 > ca-key.pem
6305N/Aopenssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj "$SUBJ"
6305N/ASUBJ='/CN=client.cz.oracle.com/O=Oracle Corporation/OU=Solaris RPE/C=CZ/ST=Czech republic/L=Prague/emailAddress=root@localhost'
6305N/Aopenssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj "$SUBJ"
6305N/Aopenssl rsa -in server-key.pem -out server-key.pem
6305N/Aopenssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
6305N/A
6305N/Asnoop -d net0 -x 0 port 5822
6305N/A# This should show no plain text message once we send it in next paragraph
6305N/A
6305N/A!!! =============== On second machine replace /etc/rsyslog.d/client ================
6305N/A!!! $DefaultNetstreamDriverCAFile /etc/rsyslog.cert/ca-cert.pem
6305N/A!!! $DefaultNetstreamDriver gtls
6305N/A!!! $ActionSendStreamDriverMode 1
6305N/A!!! $ActionSendStreamDriverAuthMode anon
6305N/A!!!
6305N/A!!! *.* @@A.B.C.D:5822
6305N/A!!! ================================================================================
6305N/A!!! mkdir -p /etc/rsyslog.cert
6305N/A!!! scp A.B.C.D:/etc/rsyslog.cert/ca-cert.pem /etc/rsyslog.cert/ca-cert.pem
6305N/A!!! svcadm restart system/system-log:rsyslog
6305N/A!!! logger -p error 'encrypted tcp log'
6305N/A
6305N/A# Make sure snoop SHOWS NO 'encrypted tcp log' message in plain
6305N/Admesg | tail # should show 'encrypted tcp log' message