update the default vars for kernel-qa group

add a phx2 option for rsyslog.conf

2 files changed, 100 insertions, 1 deletions

diff --git a/files/rsyslog/rsyslog.conf.phx2 b/files/rsyslog/rsyslog.conf.phx2
new file mode 100644
index 000000000..8215f5cd7
--- /dev/null
+++ b/files/rsyslog/rsyslog.conf.phx2
@@ -0,0 +1,97 @@
+#rsyslog v3 config file
+
+# if you experience problems, check
+# http://www.rsyslog.com/troubleshoot for assistance
+
+#### MODULES ####
+
+$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
+$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
+#$ModLoad immark.so	# provides --MARK-- message capability
+
+# Provides UDP syslog reception
+#$ModLoad imudp.so
+#$UDPServerRun 514
+
+# Provides TCP syslog reception
+#$ModLoad imtcp.so  
+#$InputTCPServerRun 514
+
+
+#### GLOBAL DIRECTIVES ####
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# File syncing capability is disabled by default. This feature is usually not required, 
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+
+#### RULES ####
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*                                                 /dev/console
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;local6.none;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 *
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+
+# monitor auditd log and send out over local6 to central loghost
+$ModLoad imfile.so
+
+# auditd audit.log
+$InputFileName /var/log/audit/audit.log
+$InputFileTag tag_audit_log:
+$InputFileStateFile audit_log
+$InputFileSeverity info
+$InputFileFacility local6
+$InputRunFileMonitor
+
+# ### begin forwarding rule ###
+# The statement between the begin ... end define a SINGLE forwarding
+# rule. They belong together, do NOT split them. If you create multiple
+# forwarding rules, duplicate the whole block!
+# Remote Logging (we use TCP for reliable delivery)
+#
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+$WorkDirectory /var/spool/rsyslog # where to place spool files
+$ActionQueueFileName fwdRule1     # unique name prefix for spool files
+$ActionQueueMaxDiskSpace 512m     # 512M space limit (use as much as possible)
+$ActionQueueSaveOnShutdown on     # save messages to disk on shutdown
+$ActionQueueType LinkedList       # run asynchronously
+$ActionResumeRetryCount -1        # infinite retries if host is down
+
+# Disable rate limiting
+$IMUXSockRateLimitInterval 0
+$SystemLogRateLimitInterval 0
+
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
+# ### end of the forwarding rule ###
+cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none              @@log02:514
+
+:msg, !contains, "type=AVC" ~
+local6.*				@@log02:514
+
diff --git a/inventory/group_vars/kernel-qa b/inventory/group_vars/kernel-qa
index 64c610a97..57e5af10e 100644
--- a/inventory/group_vars/kernel-qa
+++ b/inventory/group_vars/kernel-qa
@@ -1,2 +1,4 @@
 ---
-freezes: true
\ No newline at end of file
+freezes: true
+resolvconf: $files/resolv.conf/phx2
+rsyslogconf: $files/rsyslog/rsyslog.conf.phx2