Affected Puppet, Ruby, OS and module versions/distributions

• Puppet:
  puppet6-release-6.0.0-5.el7.noarch
  puppetserver-6.5.0-1.el7.noarch
  puppet-agent-6.8.1-1.el7.x86_64

• Ruby:
  default included in Puppet 6

• Distribution:
  CentOS Linux release 7.6.1810 (Core)

• Module version:
  3.3.0

How to reproduce (e.g Puppet code you use)

puppet module install puppet-rsyslog --version 3.3.0

What are you seeing

module fails to install due to dependency problem

What behaviour did you expect instead

successful installation

Output log

[root@host ~]# puppet module install puppet-rsyslog --version 3.3.0
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules ...
Notice: Downloading from https://forgeapi.puppet.com ...
Error: Could not install module 'puppet-rsyslog' (???)
No version of 'puppet-rsyslog' can satisfy all dependencies
Use puppet module install --ignore-dependencies to install only this module
[root@host ~]#

Any additional information you'd like to impart

We have a clean Puppet 6 installation (no upgrades from earlier installs)
Here is the dependency list:
puppetlabs-stdlib (>= 1.0.0 < 6.0.0)
puppetlabs-concat (>= 2.0.0 < 6.0.0)
puppetlabs-apt (>= 5.0.0 < 7.0.0)

stdlib must be less than 6.0.0 for this module to install. This will break on clean installations of Puppet 6. Don't know about the other dependencies....

We recently switched over to this module from saz/rsyslog (while it was marked as deprecated) and ran into an issue.

To avoid confusion - i will call physical servers "machines" so we can use "client" and "server" only to refer to the module usage.

Our use case is that we have multiple data centers, and in each one we have a couple of machines that (among other things) collect all the logs from all the other machines in the data center (including each other). So in any data center, all our machines are clients. But two machines are also servers.

Since every machine in our infrastructure is a client, I started out using rsyslog::client at a level of the hierarchy which covers all machines (as we did with saz/rsyslog). My syslog collection server is in its own module, so I can tag those servers as needing that module and get them writing logs to file.

I mistakenly thought I would be able to use rsyslog::server to configure the two machines per datacenter. Nope. Duplicate declaration: Class[Rsyslog::Config] is already declared in file ...

So then I tried to hack it by passing my rulesets etc. to the client class ... which you cant #58
So then I tried to look for an equivalent of saz/rsyslog::snippet ... also no joy. #109

So that leaves me with the options of:

• Use rsyslog::server for all clients (confusing)
• Write a server module that drops some files into /etc/rsyslod.d/ (poor cohesiveness)

The crux of it:
The design choice of forcing separation of clients and servers (which for a lot of people is convenient) ends up imposing a restriction on the user that the underlying rsyslog software does not.

The best solution would be one where I can configure rsyslog using hiera, or in a module, without restriction. The server/client split could be dropped completely in that scenario, as I could define that myself.

In lieu of that, implementing #109 would help tremendously in the short term. This functionality is tremendously powerful and useful.

Thanks for your time! I hope this feedback is useful in further improving this module.

👍 on the documentation BTW :)

The documentation included at the header or init.pp file is wrong. It seems to be from a template or ntp module.

A configuration question:
Are there examples of hiera configuration to push all incoming logs to mysql database Loganalyzer consumption?

Thank you

For lookup tables to be useful, rulesets and global config needs to support if/else statements.

This is more of a feature request. saz/rsyslog has been deprecated, and he's pointing at this module as a replacement. One piece of saz/rsyslog that I was quite fond of was 'rsyslog::snippet', which was a simple way to create an rsyslog.d file without any further configuration, e.g.:

$log = '/var/log'
rsyslog::snippet { '00-puppet':
  content => "if \$programname == 'puppet-agent' then -${log}\n& stop"
}

It looks like rsyslog::component::custom_config is close, but you have to set more variables there than I want to get into. Would you be interested in implementing a more-basic rsyslog::snippet again?

https://forge.puppet.com/saz/rsyslog

I think the order of the acceptance tests is broken. For example, I am not sure if Rsyslog is installed correctly after the function cleanup_helper was executed. Also, the module for Elasticsearch is not installed or loaded at all.

• https://github.com/voxpupuli/puppet-rsyslog/blob/master/spec/spec_helper_acceptance.rb#L13
• https://github.com/voxpupuli/puppet-rsyslog/blob/master/spec/acceptance/actions_spec.rb#L22

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.3
• Ruby: 2.4
• Distribution: ?
• Module version:

How to reproduce (e.g Puppet code you use)

mail:
    priority: 110
    type: 'omfile'
    facility: 'mail.*'
    config:
      file: '/var/log/maillog'
  cron:
    priority: 111
    type: 'omfile'
    facility: 'cron.*'
    config:
      file: '/var/log/cron.log'

What are you seeing

These rules are places in the rsyslog file after global definitions (priority 10) but before templates, config, etc (20, 30...) To get it to sort properly I have had to use the following:

mail:
    priority: 6510
  cron:
    priority: 6511

What behaviour did you expect instead

Priority is shown in the examples as an integer. One assumes it would be sorted like an integer. I actually kindof like the effect of being able to just make longer numbers to sort within the section-- but the documentation makes no mention of this!

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: Puppet 5.5
• Ruby:
• Distribution: RedHat Eterprise Linux 6,7
• Module version:

How to reproduce (e.g Puppet code you use)

What are you seeing

What behaviour did you expect instead

Output log

Any additional information you'd like to impart

Trying to configure rsyslog to forward to remote syslog, apache logs from file
rsyslog doc from https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html

but it seems most of imfile options are not recognized and no example is provided in forge readme

Only imfile reference that I found in puppet module is in acceptance test
https://github.com/voxpupuli/puppet-rsyslog/blob/4896d5d5a333c96327a14d3fcb33239edc4fb32e/spec/acceptance/inputs_spec.rb
so not sure what is filtering out other options

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.5.1
• Ruby: 2.4.1
• Distribution: Ubuntu 18.04 (rsyslogd 8.32)
• Module version: 3.2.0

How to reproduce (e.g Puppet code you use)

  class { 'rsyslog::server':
    global_config   => {
        'umask' => {
            'value' => '0022',
            'type' => legacy,
            'priority' => 01, 
        },  
        'PrivDropToUser' => {
            'value' => 'syslog',
            'type' => legacy,
        },  
        'PrivDropToGroup' => {
            'value' => 'syslog',
            'type' => legacy,
        },  
        'workDirectory' => {
            'value' => '/var/spool/rsyslog',
        },  
        'maxMessageSize' => {
            'value' => '64k',
        }   
    },  
   inputs => {
        imfile => {
            type        => "imfile",
            config      => {
              File => "${apache_logdir}/access*log",
#              Tag  => 'apache-access:',
#              StateFile => 'stat-apache-access',
#              Severity => 'info',
#              PersistStateInterval => 20000,
#              Ruleset   => "remoteapachelog",
            }
        }
    },
    rulesets    => {
        remoteapachelog => {
            parameters => {
                'queue.filename' => 'QueueApache',
                'queue.type' => 'LinkedList',
                'queue.spoolDirectory' => "/var/log/rsyslog/queue",
                'queue.size' => 10000,
                'queue.maxdiskspace' => '1000G',
                'queue.timeoutqueue' => 3,
                'queue.dequeuebatchsize' => 1000,
                'queue.saveonshutdown' => 'on',
                'queue.timeoutenqueue' => 0,
                'action.resumeRetryCount' => -1,
            },
            rules      => [
                action => {
                    name    => 'testApache',
                    facility => "*.*",
                    config => {
                        type    => 'omfwd',
                        target  => 'remotelogserver2.local',
                        port    => 514,
                        protocol => 'tcp',
                    },
                }
            ],
        }
    }
  }

What are you seeing

       Error: Evaluation Error: Resource type not found: Ruleset (file: /tmp/kitchen/manifests/site.pp, line: 243, column: 15) on node d3ef8b5697ea

What behaviour did you expect instead

normal successful execution

What this module refers to as "legacy_config" is actually what Rsyslog refers to as the basic syslog configuration.

Vote for renaming this to match the rsyslog documentation.

example of what Rsyslog calls "Basic" syslog configuration:

mail.info /var/log/mail.log
mail.err @@server.example.net

How we create those in this module today:

rsyslog::component::legacy_config { 'mail.info':
  'priority'  => $rsyslog::legacy_config_priority,
  'target'    => $rsyslog::target_file,
  'confdir'  => $rsyslog::confdir,
  'key'       => 'mail.info',
  'value'    => '/var/log/mail.log',
}

rsyslog::component::legacy_config { 'mail.err':
  'priority'  => $rsyslog::legacy_config_priority,
  'target'    => $rsyslog::target_file,
  'confdir'  => $rsyslog::confdir,
  'key'       => 'mail.err',
  'value'    => '@@server.example.net',
}

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.5.19
• Ruby: 2.4.9
• Distribution: CentOS 7
• Module version: 5.0.0

How to reproduce (e.g Puppet code you use)

populate the rsyslog::feature_packages variable after managing rsyslog service with this module

What are you seeing

When I populate the rsyslog::feature_packages variable, it does not restart the (managed) rsyslog service. Looking at rsyslog::base, there is a lot of conditional logic that makes that challenging to ensure.

What behaviour did you expect instead

If I am installing packages, its likely that I want that change to restart the service. Suggest a refactor of rsyslog::base into rsyslog::install and rsyslog::service so that one class can notify the other from init.pp. EG https://github.com/puppetlabs/puppetlabs-ntp/tree/master/manifests

Output log

Any additional information you'd like to impart

I am willing to do a PR.

Hello,

I played a bit with your module.
I just notice that the file generated by the module : /etc/rsyslog.d/50_rsyslog.conf does have a header like :

# FILE Managed by puppet

I think this would be great to have this information.

What do you think ?

Nearly every setting available inside of a ruleset is also available at the parent config level.

Rulesets should be refactored to enable the support of the following configuration options at the parent/top level base config:

• Filters
• Calls
• Sets
• Stops

Additionally, Rulesets and Filters should reuse code/templates for existing configuration options rather than duplicate code in the templates/manifests. This should make the templates and code more readable and potentially provide a path for validating data passed to the module.

Hi,
this is feature request to support the use of the "execute program" rsyslog feature, which is an alternative to the omprog output module.

While the omprog output module is great for programs which read from STDIN, it's not usable for software that relies on the log message being sent as an argument.

Outside of rulesets, the feature can be already used with this module via the $custom_config hash.

I have written a simple patch for this - I will attach the patch shortly.

Kind regards,
itbane

• Puppet: 5.3
• Ruby: 2.3.3
• Distribution: Debian Stretch
• Module version: 3.1.1

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5
• Distribution: CentOS 7
• Module version: 3.3.0

How to reproduce (e.g Puppet code you use)

I am attempting to re-create the following legacy config via this module:

$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
local0.* @syslog.domain.internal:514
& stop

The rainerscript equivalent should look like this:

local0.*                       action(type="omfwd"
                                           queue.filename="fwdRule1"
                                           queue.maxDiskSpace="1g"
                                           queue.saveOnShutdown="on"
                                           queue.type="LinkedList"
                                           action.resumeRetryCount="-1"
                                           target="syslog1.resources.internal"
                                           port="514"
                                     )

  stop

I think this hiera configuration is almost there:

syslog::server::actions:
  http_logs:
    type: omfwd
    facility: 'local0.*'
    config:
      queue.filename: 'fwdRule1'
      queue.maxDiskSpace: '1g'
      queue.saveOnShutdown: 'on'
      queue.type: 'LinkedList'
      action.resumeRetryCount: '-1'
      target: 'syslog.domain.internal'
      port: '514'

How can I add the 'stop' directive after the action?

Hi,

for my central syslog server I need to add some logic to send clients logs into a specific file, and to send system logs into classic path.

I found a way to do this with rsyslog syntax :

if $hostname == 'myserver' then {
# local config goes here
} else
{
# remote_filter send logs to specific path
*.*     ?remote
}

The issue is I don't have any idea on how to do this with the module.
Any idea ?

Hey,

Is there any reason for not supporting rulesets in client.pp? It seems to be supported only in server.pp

The templates for both Property and Expression filters require a unique name, even when used within a ruleset.

That makes sense when creating a Property Filter or Expression Filter Resource, but it doesn't make any sense when the filter is part of a Ruleset resource.

This module is missing beaker tests. They should be added ASAP to improve the reliability of the module.

Hello
I'm getting cyclic dependency issues when doing a new install (RHEL7).

I copied the yaml file from the example:

rsyslog::client::global_config:
  FileOwner:
    value: 'root'
    type: legacy
 ......
rsyslog::client::modules:
    imuxsock: {}
    imklog: {}
    
rsyslog::client::legacy_config:
  auth_priv_rule:
    key: "auth,authpriv.*"
    value: "/var/log/auth.log"
    .....

In my profiles I included the following

include rsyslog::client

When running on the node It gave me the following:

Error: Found 1 dependency cycle:
(Concat_file[/etc/rsyslog.d/50_rsyslog.conf] => Concat[/etc/rsyslog.d/50_rsyslog.conf] => Rsyslog::Generate_concat[rsyslog::concat::module::imuxsock] => Concat::Fragment[rsyslog::component::module::imuxsock] => Concat_fragment[rsyslog::component::module::imuxsock] => Concat_file[/etc/rsyslog.d/50_rsyslog.conf])\nCycle graph written to /opt/puppetlabs/puppet/cache/state/graphs/cycles.dot.
Error: Failed to apply catalog: One or more resource dependency cycles detected in graph

Here is the .dot file content

digraph Resource_Cycles {
  label = "Resource Cycles"
"Concat_file[/etc/rsyslog.d/50_rsyslog.conf]" -> "File[/etc/rsyslog.d/50_rsyslog.conf]" -> "Concat[/etc/rsyslog.d/50_rsyslog.conf]" -> "Rsyslog::Generate_concat[rsyslog::concat::module::imuxsock]" -> "Concat::Fragment[rsyslog::component::module::imuxsock]" -> "Concat_fragment[rsyslog::component::module::imuxsock]" -> "Concat_file[/etc/rsyslog.d/50_rsyslog.conf]"
"Concat_file[/etc/rsyslog.d/50_rsyslog.conf]" -> "Concat[/etc/rsyslog.d/50_rsyslog.conf]" -> "Rsyslog::Generate_concat[rsyslog::concat::module::imuxsock]" -> "Concat::Fragment[rsyslog::component::module::imuxsock]" -> "Concat_fragment[rsyslog::component::module::imuxsock]" -> "Concat_file[/etc/rsyslog.d/50_rsyslog.conf]"
}

I fixed this by removing the before statement from the component/module.pp file
/rsyslog/manifests/component/module.pp line 21

rsyslog::generate_concat { "rsyslog::concat::module::${name}":
    confdir => $confdir,
    target  => $target,
   (-)  before  => Concat::Fragment["rsyslog::component::module::${name}"],
  }

At the moment the only way to have client side sysklogd options is to write as a custom config like below. it would be handy to pass sysklogd options as well as a list, as a lot of old configuration uses that format.

rsyslog::client::custom_config:
  programname:
    priority: 28
    content: |
      # First some standard log files.  Log by facility.
      auth,authpriv.*                 /var/log/auth.log
      *.*;auth,authpriv.none          /var/log/syslog
      syslog.*                        /var/log/rsyslog.log #rsyslog error messages
      #cron.*                         /var/log/cron.log
      #daemon.*                       /var/log/daemon.log
      kern.*                          /var/log/kern.log
      #lpr.*                          /var/log/lpr.log
      mail.*                          /var/log/mail.log
      #user.*                         /var/log/user.log

this module once listed fedora in the metadata.json. We removed it because all listed versions are EOL. We need to check if recent fedora versions work and add them back.

action should have the option to specify the optional logger facility to support the rainerscript format.

*.* action(type="omelasticsearch"
  template="plain-syslog"
  searchIndex="logstash-index"
  queue.type="linkedlist"
  queue.spoolDirectory="/var/log/rsyslog/queue"
  queue.filename="dbq"
  queue.maxdiskspace="100g"
  queue.maxfilesize="100m"
  queue.SaveOnShutdown="on"
  server="192.168.1.254"
  action.resumeretrycount="-1"
  bulkmode="on"
  dynSearchIndex="on"
)


auth,authpriv.*                 action(type="omfile" dynaFile="remoteAuth" )
*.*;auth,authpriv.none          action(type="omfile" dynaFile="remoteSyslog" )
kern.*                          action(type="omfile" dynaFile="remoteKern" )

Better examples not using yaml
I'm new to puppet and it looks like a really thought out module
but the examples are all yaml based.

would be great to have examples using puppet code.

This is not a bug but a general design question of the module so I left out the issue template.

It is not clear how or if I can 1) create a separate configuration file per service 2) not use hiera.

I would like to be able to not use hiera to declare classes if possible. This seems to be an issue because there is only one public class to be used which is rsyslog::client::global_config. I could use that in a regular puppet manifest but not really because I would get duplicate class declarations if I wanted to create a profile for each rsyslog service to be monitored (which I would like to do so I can have a base profile that is always applied).

Basically I would like to do the following (not exactly this because obviously this would cause a duplicate class declaration)

# profile::rsyslog::base.pp
# this class would end up on every node
class profile::rsyslog::base{

  class { 'rsyslog::client::global_config':
    # base rsyslog config that should be on every host
  }
}

# profile::rsyslog::haproxy.pp
# this class would end up on nodes with haproxy role
class profile::rsyslog::haproxy{

  class { 'rsyslog::client::global_config':
    # rsyslog config for haproxy in a seperate config file than the base stuff(same file would be better than using hiera but I don't think that is possible here either without using hiera)
  }
}

# data/common.yaml
---
classes:
  -profile::rsyslog::base

# roles/haproxy.yaml
---
classes:
  -profile::rsyslog::haproxy

Am I missing something and is something like this possible? Take my opinion with a grain of salt because I am newish to puppet and very new to rsyslog but it seems this puppet module could use a define such as rsyslog::client::custom_service that lets you add separate config files per service.

Anyone have any thoughts about how this could also handle the permissions on the existing files? I know we can set new files to a user and permissions, but on boot the files are created and so you'll get a permission denied until the file gets rotated.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: puppet/rsyslog
• Module version: 2.3.0

What are you seeing

Facility not presented when using

rsyslog::rulesets_defaults:
local_rules:
parameters:
queue.size: '1000'
queue.type: LinkedList
rules:
- action:
facility: '.;auth,authpriv.none'
name: cron_logs
type: omfile
config:
file: '/var/log/cron'

it generated the following

local_rules ruleset

ruleset (name="local_rules"
queue.size="1000"
queue.type="LinkedList"
) {
action(type="omfile"
file="/var/log/cron" )
}

found two issues... type-o in puppet-rsyslog/templates/tasks.epp
facility is spelled faclility at Line 14

<%- if $cfgval['facility'] == undef or '' { $facility = 'default' } else { $facility = $cfgval['faclility'] } -%>

and bad test in puppet-rsyslog/templates/tasks.epp
line 14
< %- if $cfgval['facility'] == undef or '' { $facility = 'default' } else { $facility = $cfgval['faclility'] } -%>
always returns default.
changed to
<%- if ! $cfgval['facility'] or $cfgval['facility'] == '' { $facility = 'default' } else { $facility = $cfgval['facility'] } -%>

What behaviour did you expect instead

i expected the foillowing

local_rules ruleset

ruleset (name="local_rules"
queue.size="1000"
queue.type="LinkedList"
) {
.;auth,authpriv.none action(type="omfile" file="/var/log/cron" )
}

Any additional information you'd like to impart

this is my first time reporting ... be kind.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.14, PE 2019.4
• Ruby: 2.4
• Distribution: RHEL 7
• Module version: 5.1.0

How to reproduce (e.g Puppet code you use)

In site.pp have the following configuration.

File{
  backup => '.old'
}
use defaults for module

Add a listen.conf file in /etc/rsyslog.d/listen.conf

What are you seeing

Puppet backs up this file and places in same directory. Puppet then backs up the same file and appends another '.old' extension on top of the previous one. After several iterations of this you end up with.

listen.conf.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old.old

What behaviour did you expect instead

Only a single listen.conf.old file would be reproduced.

Output log

Any additional information you'd like to impart

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.5.1
• Ruby: 2.4.1p1
• Distribution: Centos/Ubuntu
• Module version: latest

How to reproduce (e.g Puppet code you use)

  class { 'rsyslog::server':
    global_config   => {
        umask => {
            value => '0022',
            type => legacy,
            priority => 01, 
        },  
        PrivDropToUser => {
            value => 'syslog',
            type => legacy,
        },  
        PrivDropToGroup => {
            value => 'syslog',
            type => legacy,
        },  
        workDirectory => {
            value => '/var/spool/rsyslog',
        },  
        maxMessageSize => {
            value => '64k',
        }   
    },

What are you seeing

above message

What behaviour did you expect instead

rsyslog should be configured with given unprivileged user.
On Debian/Ubuntu, it's the default

Output log

(centos7) https://travis-ci.org/juju4/puppet-meta-harden-linux/jobs/420572879#L2727
(bionic) https://travis-ci.org/juju4/puppet-meta-harden-linux/jobs/420572880#L3246
(xenial) https://travis-ci.org/juju4/puppet-meta-harden-linux/jobs/420572881#L3053

Any additional information you'd like to impart

Hi,

I need to create a ruleset with a rule with an expression with more than just one else if. Somethin like:

if $hostname == ["sip", "proxysipint", "proxysipintb" ] then {
  set $.filename = "kam-int.log";

    }
else if $hostname == ["sipext", "proxysipext" ] then {
  set $.filename = "kam-ext.log";

    }
else if $hostname == ["pbxum", "pbxum1", "pbxum1b"] then {
  set $.filename = "ast-core.log";

    }

So, my code is like:

  - expression_filter:
      filter:
        if:
          expression: '$hostname == ["sip", "proxysipint", "proxysipintb" ]'
          tasks:
            - set:
                '$.filename': '"kam-int.log"'
        'else if':
          expression: '$hostname == ["sipext", "proxysipext" ]'
          tasks:
            - set:
                '$.filename': '"kam-ext.log"'
        'else if':
          expression: '$hostname == ["pbxum", "pbxum1", "pbxum1b"]'
          tasks:
            - set:
                '$.filename': '"ast-core.log"'

the problem with this hiera is that I have to use the same else if key for two different hash elements, so the second overrides the first.

I've been looking for a way to create such an expression, but as the template for an expression is:

<%- |
$filter_name,
$conditionals
| -%>
# <%= $filter_name %>
<%- $conditionals.each |$conditional, $options| { -%>
  <%- if $conditional == 'else' { -%>
<%= $conditional %> {
  <%- } else { -%>
<%= "${conditional} ${options['expression']} then" %> {
  <%-}-%>
<%- $options['tasks'].each |$task| { -%>
<%= epp('rsyslog/tasks.epp', { 'tasks' => $task }) -%>
<%-}-%>
}
<%}-%>

I can't find any way to do it, because the conditional clause is taken always from the key of the element in the hash.

Is there any way to create such config?

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: PE 2017.2.1
• Ruby: 2.1.9p490 (from pe-agent)
• Distribution: RHEL 7.4
• Module version: 2.3.1

How to reproduce (e.g Puppet code you use)

class { 'rsyslog::client': }

What are you seeing

/etc/rsyslog.d/00_client.conf
and I cannot figure out how it was generated or how to modify it to do something simple like specify the remote log server

Hi

I believe I tried the most basic setup of this module but everytime I call rsyslog::client::actions I have a dependency circle.

(Concat_file[/etc/rsyslog.d/50_rsyslog.conf] => Concat[/etc/rsyslog.d/50_rsyslog.conf] => Rsyslog::Generate_concat[rsyslog::concat::action::mail_logs] => Concat::Fragment[rsyslog::component::action::mail_logs] => Concat_fragment[rsyslog::component::action::mail_logs] => Concat_file[/etc/rsyslog.d/50_rsyslog.conf])

I have these two piece of code:

profile.pp

class { 'rsyslog::client': }

common.yaml

rsyslog::client::actions:
  mail_logs:
    type: "omfile"
    facility: "mail.*"
    config:
      file: "/var/log/testlog"

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.2.0
• Ruby: 2.5.3
• Distribution: Ubuntu 16.04
• Module version: 3.3.0

How to reproduce (e.g Puppet code you use)

Straight from the documentation for ruleset expression filters:

rsyslog::server::rulesets:
  ruleset_eth0_514_udp:
    parameters:
      queue.type: LinkedList
    rules:
      - expression_filter:
          if:
            expression: '$fromhost-ip == "192.168.255.1"'
            tasks:
              - call: "ruleset.action.rawlog.standard"
              - stop: true
      - call: "ruleset.client.log.standard"
      - call: "ruleset.unknown.standard"

What are you seeing

An error message.

What behaviour did you expect instead

No error :)

Output log

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Method call, 'each' expects one of:
  (Hash hash, Callable[2, 2] block)
    rejected: parameter 'hash' expects a Hash value, got Undef
  (Hash hash, Callable[1, 1] block)
    rejected: parameter 'hash' expects a Hash value, got Undef
  (Iterable enumerable, Callable[2, 2] block)
    rejected: parameter 'enumerable' expects an Iterable value, got Undef
  (Iterable enumerable, Callable[1, 1] block)
    rejected: parameter 'enumerable' expects an Iterable value, got Undef (file: /etc/puppetlabs/code/environments/production/modules/rsyslog/templates/expression_filter.epp, line: 6, column: 18) (file: /etc/puppetlabs/code/environments/production/modules/rsyslog/manifests/config/rulesets.pp, line: 3) on node canvasci-its.ocad.ca

Any additional information you'd like to impart

It seems that the module is expecting an additional key that is not present in the documention. The following will work:

rsyslog::server::rulesets:
  ruleset_eth0_514_udp:
    parameters:
      queue.type: LinkedList
    rules:
      - expression_filter:
          filter:
            if:
              expression: '$fromhost-ip == "192.168.255.1"'
              tasks:
                - call: "ruleset.action.rawlog.standard"
                - stop: true
      - call: "ruleset.client.log.standard"
      - call: "ruleset.unknown.standard"

Note the addition of the filter key below expression_filter. I'm not sure if the filter key needs to be added to the docs, or if

Thanks!

Just as with the rsyslog packages, there are times where managing the service is not desirable. Need to add a parameter that allows the user to disable service management.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.10.0
• Ruby: 2.5.5p157
• Distribution: Debian 10
• Module version: 5.0.1

How to reproduce (e.g Puppet code you use)

rsyslog with mostly default settings (in particular purge_config_files is true).

What are you seeing

When the puppet modules purges config files in /etc/rsyslog.d/, it does not restart rsyslogd.

What behaviour did you expect instead

It should restart rsyslogd.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: puppet-agent_5.5.1-1wheezy_amd64.deb from http://apt.puppetlabs.com/puppet5-release-wheezy.deb
• Ruby: from kitchen-test
• Distribution: ubuntu 18.04, 16.04, centos7
• Module version: latest from forge

How to reproduce (e.g Puppet code you use)

https://github.com/juju4/puppet-meta-harden-linux/blob/devel/manifests/site.pp#L142
but compilation warning related to module so not expecting to be config dependent

issue is on
https://github.com/voxpupuli/puppet-rsyslog/blob/master/hiera.yaml
and should be for v5 like
https://github.com/juju4/puppet-meta-harden-linux/blob/devel/hiera.yaml

Thanks

What are you seeing

https://travis-ci.org/juju4/puppet-meta-harden-linux/jobs/423360920#L3318

       Warning: /tmp/kitchen/modules/rsyslog/hiera.yaml: Use of 'hiera.yaml' version 4 is deprecated. It should be converted to version 5
          (file: /tmp/kitchen/modules/rsyslog/hiera.yaml)
       Warning: Defining "data_provider": "hiera" in metadata.json is deprecated.
          (file: /tmp/kitchen/modules/rsyslog/metadata.json)

What behaviour did you expect instead

no warnings

Output log

above

Rather than passing all the values in the global hash inside the global tag it creates a global tag per entry in the syslog config file.

rsyslog::server::global_config:
  umask:
    value: '0000'
    type: legacy
    priority: 01
  RepeatedMsgReduction:
    value: 'on'
    type: legacy
  PrivDropToUser:
    value: 'syslog'
    type: legacy
  PrivDropToGroup:
    value: 'syslog'
    type: legacy
  parser.escapeControlCharactersOnReceive:
    value: 'on'
  workDirectory:
    value: '/var/spool/rsyslog'
  maxMessageSize:
    value: '64k'

the above code produces content like below

$PrivDropToGroup syslog
$PrivDropToUser syslog
$RepeatedMsgReduction on
global (
  maxMessageSize="64k"
)
global (
  parser.escapeControlCharactersOnReceive="on"
)
global (
  workDirectory="/var/spool/rsyslog"
)
$umask 0000

but it should be like this

$PrivDropToGroup syslog
$PrivDropToUser syslog
$RepeatedMsgReduction on
global (
  maxMessageSize="64k"
  parser.escapeControlCharactersOnReceive="on"
  workDirectory="/var/spool/rsyslog"
)
$umask 0000

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 5.5.6 (PE 2018.1.4)
• Module version: 3.2.0

How to reproduce (e.g Puppet code you use)

dwhite2.sec.dte.cert.org.yaml.txt

What are you seeing

etc-rsyslog.conf.txt

and /etc/rsyslog.d/ is empty

What behaviour did you expect instead

Previous /etc/rsyslog.conf: (trimmed of comment lines)
etc-rsyslog.conf-orig.txt
Previous /etc/rsyslog.d/listen.conf:
etc-rsyslog.d-listen.conf-orig.txt

Output log

puppet-run-2018-09-07-09-48-15.txt
Use "less -r" to view without garbage

The target key in a component hash (templates, actions, modules, etc) doesn't properly work when overridden.

If target is not supposed to be configurable at the component level

No error message is displayed, the component defined in the hash simple doesn't get created due to the lack of a parent concat resource that matches the concat::fragment's target attribute.

If target is supposed to be configurable at the component level

No parent concat resource exists for the concat::fragment that is generated, thus the config is not generated in a configuration file.

Support rsyslog Ruleset generation.

see http://www.rsyslog.com/doc/v8-stable/concepts/multi_ruleset.html

Support the rsyslog parser() configuration parameter.

See http://www.rsyslog.com/doc/master/configuration/parser.html

The metadata.json is missing an OS compatibility matrix. This should be added.

v5.0.0 was never released to the forge due to an issue with the release process. v5.0.1 contains no functional changes.

Unable to provide additional options along with the load module

module ( load="imudp" 
          threads="2"
          TimeRequery="8"
          batchSize="128"

)
module ( load="builtin:omfile" 
          fileOwner="syslog"
          fileGroup="adm"
          dirGroup="adm"
          fileCreateMode="0640"
          dirCreateMode="0755"

)

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: agent 6.4.3 (Puppet Enterprise 2019.1)
• Ruby:
• Distribution: RHEL 7,8
• Module version: 4.0.0 (appears to be an issue in 5.0.0 as well)

How to reproduce (e.g Puppet code you use)

include rsyslog::client

What are you seeing

/etc/rsyslog.conf, /etc/rsyslog.d, /etc/rsyslog.d permissions cannot be set
We use 0600 on our files, but can't set that.

What behaviour did you expect instead

Conf file Permissions exposed as a parameter

Output log

Any additional information you'd like to impart

Add support for Rsyslog 8 Lookup Tables feature:

http://www.rsyslog.com/doc/v8-stable/configuration/lookup_tables.html

• Puppet: 7+
• Ruby: ?
• Distribution: CentOS 8
• Module version: 5.1.0

How to reproduce (e.g Puppet code you use)

include ::rsyslog

What are you seeing

puppet agent -t

/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on TrueClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on TrueClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on TrueClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on TrueClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on TrueClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on TrueClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil
/opt/puppetlabs/puppet/cache/lib/facter/rsyslog.rb:29: warning: deprecated Object#=~ is called on FalseClass; it always returns nil

What behaviour did you expect instead

no errors

The module needs acceptance tests

Hi,

I would like to use this module with Puppet 7.10.0.

Are there any plans to update this to work with it or know of any which would work with Puppet 7.10.0?