-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrsyslog-ubuntu-root.sh
34 lines (26 loc) · 1.4 KB
/
rsyslog-ubuntu-root.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/bash
# Define default values
DEFAULT_GRAYLOG_SERVER_IP="192.168.1.14"
DEFAULT_GRAYLOG_SERVER_PORT="1514"
# Use command-line arguments or default values
GRAYLOG_SERVER_IP="${1:-$DEFAULT_GRAYLOG_SERVER_IP}"
GRAYLOG_SERVER_PORT="${2:-$DEFAULT_GRAYLOG_SERVER_PORT}"
# Check if rsyslog is installed
if ! command -v rsyslogd &> /dev/null; then
echo "rsyslog is not installed. Installing..."
apt install rsyslog -y
fi
# The location of the new rsyslog.conf file. The file will be created by this script.
RSYSLOG_CONF="/etc/rsyslog.conf"
# Backup the rsyslog configuration file
cp "$RSYSLOG_CONF" "$RSYSLOG_CONF.bak"
# Add configuration to forward logs to Graylog
echo "*.emerg @${GRAYLOG_SERVER_IP}:${GRAYLOG_SERVER_PORT}" | tee -a "$RSYSLOG_CONF" > /dev/null
echo "*.alert @${GRAYLOG_SERVER_IP}:${GRAYLOG_SERVER_PORT}" | tee -a "$RSYSLOG_CONF" > /dev/null
echo "*.crit @${GRAYLOG_SERVER_IP}:${GRAYLOG_SERVER_PORT}" | tee -a "$RSYSLOG_CONF" > /dev/null
echo "*.err @${GRAYLOG_SERVER_IP}:${GRAYLOG_SERVER_PORT}" | tee -a "$RSYSLOG_CONF" > /dev/null
echo "*.warning @${GRAYLOG_SERVER_IP}:${GRAYLOG_SERVER_PORT}" | tee -a "$RSYSLOG_CONF" > /dev/null
# Restart rsyslog
service rsyslog restart
echo "rsyslog has been configured to forward logs to Graylog at ${GRAYLOG_SERVER_IP}:${GRAYLOG_SERVER_PORT}."
echo "Please verify that Graylog is correctly configured to receive syslog messages by checking for events in Graylog."