diff --git a/Linux Script/README.md b/Linux Script/README.md new file mode 100644 index 0000000..62f8faa --- /dev/null +++ b/Linux Script/README.md @@ -0,0 +1,11 @@ +Linux Script +============ + +Configure your Linux system to send syslogs to Loggly using the following command + + sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME + + +Stop sending your Linux System logs to Loggly + + sudo bash configure-linux.sh -a SUBDOMAIN -r diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index a36315f..42ac9dd 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -8,14 +8,14 @@ trap ctrl_c INT function ctrl_c() { logMsgToConfigSysLog "INFO" "INFO: Aborting the script." exit 1 -} +} ########## Variable Declarations - Start ########## #name of the current script. This will get overwritten by the child script which calls this SCRIPT_NAME=configure-linux.sh #version of the current script. This will get overwritten by the child script which calls this -SCRIPT_VERSION=1.01 +SCRIPT_VERSION=1.7 #application tag. This will get overwritten by the child script which calls this APP_TAG= @@ -78,16 +78,18 @@ MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure rsyslog on Linux are #this variable is set if the script is invoked via some other calling script IS_INVOKED= +#this variable will hold if the check env function for linux is invoked +LINUX_ENV_VALIDATED="false" + +#this variable will inform if verification needs to be performed +LINUX_DO_VERIFICATION="true" ########## Variable Declarations - End ########## -# executing the script for loggly to install and configure rsyslog. -installLogglyConf() +#check if the Linux environment is compatible with Loggly. +#Also set few variables after the check. +checkLinuxLogglyCompatibility() { - - #log message indicating starting of Loggly configuration - logMsgToConfigSysLog "INFO" "INFO: Initiating Configure Loggly for Linux." - #check if the user has root permission to run this script checkIfUserHasRootPrivileges @@ -103,7 +105,10 @@ installLogglyConf() #check if user credentials are valid. If no, then exit checkIfValidUserNamePassword - #check if authentication token is valid. If no, then exit + #get authentication token if not provided + getAuthToken + + #check if authentication token is valid. If no, then exit. checkIfValidAuthToken #check if rsyslog is configured as service. If no, then exit @@ -118,20 +123,35 @@ installLogglyConf() #check if selinux service is enforced. if yes, ask the user to manually disable and exit the script checkIfSelinuxServiceEnforced + LINUX_ENV_VALIDATED="true" +} + +# executing the script for loggly to install and configure rsyslog. +installLogglyConf() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating Configure Loggly for Linux." + + if [ "$LINUX_ENV_VALIDATED" = "false" ]; then + checkLinuxLogglyCompatibility + fi + #if all the above check passes, write the 22-loggly.conf file write22LogglyConfFile - # Create rsyslog dir if it doesn't exist, Modify the permission on rsyslog directory if exist on Ubuntu + #create rsyslog dir if it doesn't exist, Modify the permission on rsyslog directory if exist on Ubuntu createRsyslogDir - #check if the logs are going to loggly fro linux system now - checkIfLogsMadeToLoggly - - #log success message - logMsgToConfigSysLog "SUCCESS" "SUCCESS: Linux system successfully configured to send logs via Loggly." + if [ "$LINUX_DO_VERIFICATION" = "true" ]; then + #check if the logs are going to loggly fro linux system now + checkIfLogsMadeToLoggly + fi + if [ "$IS_INVOKED" = "" ]; then + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Linux system successfully configured to send logs via Loggly." + fi + } -# End of configure rsyslog for linux #remove loggly configuration from Linux system removeLogglyConf() @@ -150,7 +170,7 @@ removeLogglyConf() #remove 22-loggly.conf file remove22LogglyConfFile - + #restart rsyslog service restartRsyslog @@ -171,34 +191,68 @@ checkIfUserHasRootPrivileges() #check if supported operating system checkIfSupportedOS() { - #set value for linux distribution name - LINUX_DIST=$(lsb_release -ds) - - if [ $? -ne 0 ]; then - logMsgToConfigSysLog "ERROR" "ERROR: This operating system is not supported by the script." + getOs + + LINUX_DIST_IN_LOWER_CASE=$(echo $LINUX_DIST | tr "[:upper:]" "[:lower:]") + + case "$LINUX_DIST_IN_LOWER_CASE" in + *"ubuntu"* ) + echo "INFO: Operating system is Ubuntu." + ;; + *"redhat"* ) + echo "INFO: Operating system is Red Hat." + ;; + *"centos"* ) + echo "INFO: Operating system is CentOS." + ;; + *"amazon"* ) + echo "INFO: Operating system is Amazon AMI." + ;; + *"darwin"* ) + #if the OS is mac then exit + logMsgToConfigSysLog "ERROR" "ERROR: This script is for Linux systems, and Darwin or Mac OSX are not currently supported. You can find alternative options here: https://www.loggly.com/docs" exit 1 - else - #remove double quotes (if any) from the linux distribution name - LINUX_DIST="${LINUX_DIST%\"}" - LINUX_DIST="${LINUX_DIST#\"}" - case "$LINUX_DIST" in - *"Ubuntu"* ) - echo "INFO: Operating system is Ubuntu." - ;; - *"Red Hat"* ) - echo "INFO: Operating system is Red Hat." - ;; - *"CentOS"* ) - echo "INFO: Operating system is CentOS." - ;; - * ) - logMsgToConfigSysLog "ERROR" "ERROR: This operating system is not supported by the script." - exit 1 - ;; - esac - fi + ;; + * ) + logMsgToConfigSysLog "WARN" "WARN: The linux distribution '$LINUX_DIST' has not been previously tested with Loggly." + while true; do + read -p "Would you like to continue anyway? (yes/no)" yn + case $yn in + [Yy]* ) + break;; + [Nn]* ) + exit 1 + ;; + * ) echo "Please answer yes or no.";; + esac + done + ;; + esac } +getOs() +{ + # Determine OS platform + UNAME=$(uname | tr "[:upper:]" "[:lower:]") + # If Linux, try to determine specific distribution + if [ "$UNAME" == "linux" ]; then + # If available, use LSB to identify distribution + if [ -f /etc/lsb-release -o -d /etc/lsb-release.d ]; then + LINUX_DIST=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//) + # If system-release is available, then try to identify the name + elif [ -f /etc/system-release ]; then + LINUX_DIST=$(cat /etc/system-release | cut -f 1 -d " ") + # Otherwise, use release info file + else + LINUX_DIST=$(ls -d /etc/[A-Za-z]*[_-][rv]e[lr]* | grep -v "lsb" | cut -d'/' -f3 | cut -d'-' -f1 | cut -d'_' -f1) + fi + fi + + # For everything else (or if above failed), just use generic identifier + if [ "$LINUX_DIST" == "" ]; then + LINUX_DIST=$(uname) + fi +} #sets linux variables which will be used across various functions setLinuxVariables() @@ -213,25 +267,36 @@ setLinuxVariables() #checks if all the various endpoints used for configuring loggly are accessible checkIfLogglyServersAccessible() { - echo "INFO: Checking if $LOGGLY_ACCOUNT_URL is reachable." - if [ $(curl -s --head --request GET $LOGGLY_ACCOUNT_URL/login | grep "200 OK" | wc -l) == 1 ]; then - echo "INFO: $LOGGLY_ACCOUNT_URL is reachable." - else - logMsgToConfigSysLog "WARNING" "WARNING: $LOGGLY_ACCOUNT_URL is not reachable. Please check your network and firewall settings. Continuing to configure Loggly on your system." - fi - echo "INFO: Checking if $LOGS_01_HOST is reachable." if [ $(ping -c 1 $LOGS_01_HOST | grep "1 packets transmitted, 1 received, 0% packet loss" | wc -l) == 1 ]; then echo "INFO: $LOGS_01_HOST is reachable." else - logMsgToConfigSysLog "WARNING" "WARNING: $LOGS_01_HOST is not reachable. Please check your network and firewall settings. Continuing to configure Loggly on your system." + logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable. Please check your network and firewall settings." + exit 1 + fi + + echo "INFO: Checking if $LOGS_01_HOST is reachable via $LOGGLY_SYSLOG_PORT port. This may take some time." + if [ $(curl --connect-timeout 10 $LOGS_01_HOST:$LOGGLY_SYSLOG_PORT 2>&1 | grep "Empty reply from server" | wc -l) == 1 ]; then + echo "INFO: $LOGS_01_HOST is reachable via $LOGGLY_SYSLOG_PORT port." + else + logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable via $LOGGLY_SYSLOG_PORT port. Please check your network and firewall settings." + exit 1 + fi + + echo "INFO: Checking if '$LOGGLY_ACCOUNT' subdomain is valid." + if [ $(curl -s --head --request GET $LOGGLY_ACCOUNT_URL/login | grep "200 OK" | wc -l) == 1 ]; then + echo "INFO: $LOGGLY_ACCOUNT_URL is valid and reachable." + else + logMsgToConfigSysLog "ERROR" "ERROR: This is not a recognized subdomain. Please ask the account owner for the subdomain they signed up with." + exit 1 fi - echo "INFO: Checking if Gen2 account" + echo "INFO: Checking if Gen2 account." if [ $(curl -s --head --request GET $LOGGLY_ACCOUNT_URL/apiv2/customer | grep "404 NOT FOUND" | wc -l) == 1 ]; then logMsgToConfigSysLog "ERROR" "ERROR: This scripts need a Gen2 account. Please contact Loggly support." + exit 1 else - echo "INFO: It is a Gen2 account" + echo "INFO: It is a Gen2 account." fi } @@ -240,13 +305,36 @@ checkIfValidUserNamePassword() { echo "INFO: Checking if provided username and password is correct." if [ $(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $LOGGLY_ACCOUNT_URL/apiv2/customer | grep "Unauthorized" | wc -l) == 1 ]; then - logMsgToConfigSysLog "ERROR" "ERROR: Invalid Loggly username or password." - exit 1 + logMsgToConfigSysLog "INFO" "INFO: Please check your username or reset your password at $LOGGLY_ACCOUNT_URL/account/users/" + logMsgToConfigSysLog "ERROR" "ERROR: Invalid Loggly username or password." + exit 1 else logMsgToConfigSysLog "INFO" "INFO: Username and password authorized successfully." fi } +getAuthToken() +{ + if [ "$LOGGLY_AUTH_TOKEN" = "" ]; then + logMsgToConfigSysLog "INFO" "INFO: Authentication token not provided. Trying to retrieve it from $LOGGLY_ACCOUNT_URL account." + #get authentication token if user has not provided one + tokenstr=$(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $LOGGLY_ACCOUNT_URL/apiv2/customer | grep -v "token") + + #get the string from index 0 to first occurence of , + tokenstr=${tokenstr%%,*} + + #get the string from index 0 to last occurence of " + tokenstr=${tokenstr%\"*} + + #get the string from first occurence of " to the end + tokenstr=${tokenstr#*\"} + + LOGGLY_AUTH_TOKEN=$tokenstr + + logMsgToConfigSysLog "INFO" "INFO: Retrieved authentication token: $LOGGLY_AUTH_TOKEN" + fi +} + #check if authentication token is valid checkIfValidAuthToken() { @@ -281,6 +369,7 @@ checkIfMultipleRsyslogConfigured() { if [ $(ps -ef | grep -v grep | grep "$RSYSLOG_SERVICE" | wc -l) -gt 1 ]; then logMsgToConfigSysLog "ERROR" "ERROR: Multiple (more than 1) $RSYSLOG_SERVICE is running." + exit 1 fi } @@ -305,6 +394,7 @@ checkIfSelinuxServiceEnforced() logMsgToConfigSysLog "INFO" "INFO: selinux status is not enforced." elif [ $(sudo getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please disable it and start the rsyslog daemon manually." + exit 1 fi } @@ -313,19 +403,8 @@ write22LogglyConfFile() { echo "INFO: Checking if loggly sysconf file $LOGGLY_RSYSLOG_CONFFILE exist." if [ -f "$LOGGLY_RSYSLOG_CONFFILE" ]; then - logMsgToConfigSysLog "WARN" "WARN: Loggly rsyslog file $LOGGLY_RSYSLOG_CONFFILE already exist." - while true; do - read -p "Do you wish to override $LOGGLY_RSYSLOG_CONFFILE? (yes/no)" yn - case $yn in - [Yy]* ) - logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $LOGGLY_RSYSLOG_CONFFILE to $LOGGLY_RSYSLOG_CONFFILE_BACKUP"; - sudo mv -f $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP; - checkAuthTokenAndWriteContents; - break;; - [Nn]* ) break;; - * ) echo "Please answer yes or no.";; - esac - done + logMsgToConfigSysLog "INFO" "INFO: Loggly rsyslog file $LOGGLY_RSYSLOG_CONFFILE already exist." + checkIfConfigurationChanged else logMsgToConfigSysLog "INFO" "INFO: Loggly rsyslog file $LOGGLY_RSYSLOG_CONFFILE does not exist, creating file $LOGGLY_RSYSLOG_CONFFILE" checkAuthTokenAndWriteContents @@ -344,6 +423,48 @@ checkAuthTokenAndWriteContents() fi } +#matches if the content of 22-loggly.conf content is changed +checkIfConfigurationChanged() +{ + ASK_FOR_VERIFICATION="false" + + #strings to be checked which should be present in the existing 22-loggly.conf. + #If these strings are not same then a warning message will be shown to user to update the 22-loggly.conf file + STR_TO_BE_CHECKED[0]="\$template LogglyFormat,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@$LOGGLY_DISTRIBUTION_ID] %msg%\"" + STR_TO_BE_CHECKED[1]="*.* @@$LOGS_01_HOST:$LOGGLY_SYSLOG_PORT;LogglyFormat" + + for i in "${STR_TO_BE_CHECKED[@]}" + do + if ! sudo grep -Fxq "$i" $LOGGLY_RSYSLOG_CONFFILE; then + ASK_FOR_VERIFICATION="true" + break; + fi + done + + if [ "$ASK_FOR_VERIFICATION" == "true" ]; then + logMsgToConfigSysLog "WARN" "WARN: Loggly rsyslog file /etc/rsyslog.d/22-loggly.conf content has changed." + while true; + do + read -p "Do you wish to override $LOGGLY_RSYSLOG_CONFFILE and re-verify configuration? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $LOGGLY_RSYSLOG_CONFFILE to $LOGGLY_RSYSLOG_CONFFILE_BACKUP"; + sudo mv -f $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP; + checkAuthTokenAndWriteContents; + break;; + [Nn]* ) + LINUX_DO_VERIFICATION="false" + logMsgToConfigSysLog "INFO" "INFO: Skipping Linux verification." + break;; + * ) echo "Please answer yes or no.";; + esac + done + else + LINUX_DO_VERIFICATION="false" + fi + +} + #write the contents to 22-loggly.conf file writeContents() { @@ -415,7 +536,7 @@ checkIfLogsMadeToLoggly() let counter=$counter+1 if [ "$counter" -gt "$maxCounter" ]; then MANUAL_CONFIG_INSTRUCTION=$MANUAL_CONFIG_INSTRUCTION" Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/" - logMsgToConfigSysLog "ERROR" "ERROR: Verification logs did not make it to Loggly in time. Please check your token & network/firewall settings and retry." + logMsgToConfigSysLog "ERROR" "ERROR: Logs did not make to Loggly in time. Please check network and firewall settings and retry." exit 1 fi done @@ -479,7 +600,7 @@ logMsgToConfigSysLog() #for Mac system, we need to use -D switch to decode varUname=$(uname) if [[ $varUname == 'Linux' ]]; then - enabler=$(echo MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -d) + enabler=$(echo -n MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -d) elif [[ $varUname == 'Darwin' ]]; then enabler=$(echo MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -D) fi @@ -494,7 +615,9 @@ logMsgToConfigSysLog() #if it is an error, then log message "Script Failed" to config syslog and exit the script if [[ $cslStatus == "ERROR" ]]; then sendPayloadToConfigSysLog "ERROR" "Script Failed" "$enabler" - echo $MANUAL_CONFIG_INSTRUCTION + if [ "$varUname" != "Darwin" ]; then + echo $MANUAL_CONFIG_INSTRUCTION + fi exit 1 fi @@ -508,9 +631,9 @@ logMsgToConfigSysLog() sendPayloadToConfigSysLog() { if [ "$APP_TAG" = "" ]; then - var="{\"sub-domain\":\"$LOGGLY_ACCOUNT\", \"user-name\":\"$LOGGLY_USERNAME\", \"host-name\":\"$HOST_NAME\", \"script-name\":\"$SCRIPT_NAME\", \"script-version\":\"$SCRIPT_VERSION\", \"status\":\"$1\", \"time-stamp\":\"$currentTime\", \"linux-distribution\":\"$LINUX_DIST\", \"messages\":\"$2\"}" + var="{\"sub-domain\":\"$LOGGLY_ACCOUNT\", \"user-name\":\"$LOGGLY_USERNAME\", \"customer-token\":\"$LOGGLY_AUTH_TOKEN\", \"host-name\":\"$HOST_NAME\", \"script-name\":\"$SCRIPT_NAME\", \"script-version\":\"$SCRIPT_VERSION\", \"status\":\"$1\", \"time-stamp\":\"$currentTime\", \"linux-distribution\":\"$LINUX_DIST\", \"messages\":\"$2\",\"rsyslog-version\":\"$RSYSLOG_VERSION\"}" else - var="{\"sub-domain\":\"$LOGGLY_ACCOUNT\", \"user-name\":\"$LOGGLY_USERNAME\", \"host-name\":\"$HOST_NAME\", \"script-name\":\"$SCRIPT_NAME\", \"script-version\":\"$SCRIPT_VERSION\", \"status\":\"$1\", \"time-stamp\":\"$currentTime\", \"linux-distribution\":\"$LINUX_DIST\", $APP_TAG, \"messages\":\"$2\"}" + var="{\"sub-domain\":\"$LOGGLY_ACCOUNT\", \"user-name\":\"$LOGGLY_USERNAME\", \"customer-token\":\"$LOGGLY_AUTH_TOKEN\", \"host-name\":\"$HOST_NAME\", \"script-name\":\"$SCRIPT_NAME\", \"script-version\":\"$SCRIPT_VERSION\", \"status\":\"$1\", \"time-stamp\":\"$currentTime\", \"linux-distribution\":\"$LINUX_DIST\", $APP_TAG, \"messages\":\"$2\",\"rsyslog-version\":\"$RSYSLOG_VERSION\"}" fi curl -s -H "content-type:application/json" -d "$var" $LOGS_01_URL/inputs/$3 > /dev/null 2>&1 } @@ -519,7 +642,9 @@ sendPayloadToConfigSysLog() searchAndFetch() { url=$2 + result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") + if [ -z "$result" ]; then logMsgToConfigSysLog "ERROR" "ERROR: Please check your network/firewall settings & ensure Loggly subdomain, username and password is specified correctly." exit 1 @@ -538,7 +663,7 @@ searchAndFetch() eval $1="'$count'" if [ "$count" -gt 0 ]; then timestamp=$(echo "$result" | grep timestamp) - fi + fi } #get password in the form of asterisk @@ -562,7 +687,7 @@ getPassword() usage() { cat << EOF -usage: configure-linux [-a loggly auth account or subdomain] [-t loggly token] [-u username] [-p password (optional)] +usage: configure-linux [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] usage: configure-linux [-a loggly auth account or subdomain] [-r to remove] usage: configure-linux [-h for help] EOF @@ -607,8 +732,8 @@ if [ "$1" != "being-invoked" ]; then fi if [ "$LOGGLY_REMOVE" != "" -a "$LOGGLY_ACCOUNT" != "" ]; then - removeLogglyConf - elif [ "$LOGGLY_AUTH_TOKEN" != "" -a "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then + removeLogglyConf + elif [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then if [ "$LOGGLY_PASSWORD" = "" ]; then getPassword fi diff --git a/Modular Scripts/Apache2/README.md b/Modular Scripts/Apache2/README.md new file mode 100644 index 0000000..f24dd8b --- /dev/null +++ b/Modular Scripts/Apache2/README.md @@ -0,0 +1,10 @@ +Apache Script +============= + +Configure your Apache server to send logs from access file and error file to Loggly + + sudo bash configure-apache.sh -a SUBDOMAIN -u USERNAME + +Stop sending your Apache logs to Loggly + + sudo bash configure-apache.sh -a SUBDOMAIN -r diff --git a/Modular Scripts/Apache2/configure-apache.sh b/Modular Scripts/Apache2/configure-apache.sh new file mode 100644 index 0000000..e1ccf12 --- /dev/null +++ b/Modular Scripts/Apache2/configure-apache.sh @@ -0,0 +1,378 @@ +#!/bin/bash + +#downloads configure-linux.sh +echo "INFO: Downloading dependencies - configure-linux.sh" +curl -s -o configure-linux.sh https://www.loggly.com/install/configure-linux.sh +source configure-linux.sh "being-invoked" + +########## Variable Declarations - Start ########## +#name of the current script +SCRIPT_NAME=configure-apache.sh +#version of the current script +SCRIPT_VERSION=1.2 + +#we have not found the apache version yet at this point in the script +APP_TAG="\"apache-version\":\"\"" + +#name of the service, in this case apache2 +SERVICE= +#name of apache access log file +APACHE_ACCESS_LOG_FILE= +#name of apache error log file +APACHE_ERROR_LOG_FILE= +#name and location of apache syslog file +APACHE_SYSLOG_CONFFILE=$RSYSLOG_ETCDIR_CONF/21-apache.conf +#name and location of apache syslog backup file +APACHE_SYSLOG_CONFFILE_BACKUP=$RSYSLOG_ETCDIR_CONF/21-apache.conf.loggly.bk + +#this variable will hold the path to the apache home +LOGGLY_APACHE_HOME= +#this variable will hold the value of the apache log folder +LOGGLY_APACHE_LOG_HOME= +#this variable will hold the users apache version +APACHE_VERSION= + +MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure Apache2 is available at https://www.loggly.com/docs/sending-apache-logs/" + +#this variable will hold if the check env function for linux is invoked +APACHE_ENV_VALIDATED="false" +########## Variable Declarations - End ########## + +#check if apache environment is compatible for Loggly +checkApacheLogglyCompatibility() +{ + #check if the linux environment is compatible for Loggly + checkLinuxLogglyCompatibility + + #check if apache2 is installed on unix system + checkApacheDetails + + APACHE_ENV_VALIDATED="true" +} + + +# executing the script for loggly to install and configure syslog. +installLogglyConfForApache() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating Configure Loggly for Apache." + + #check if apache environment is compatible with Loggly + if [ "$APACHE_ENV_VALIDATED" = "false" ]; then + checkApacheLogglyCompatibility + fi + + #configure loggly for Linux + installLogglyConf + + #create 21apache.conf file + write21ApacheConfFile + + #check for the apache log file size + checkLogFileSize $LOGGLY_APACHE_LOG_HOME/$APACHE_ACCESS_LOG_FILE $LOGGLY_APACHE_LOG_HOME/$APACHE_ERROR_LOG_FILE + + #verify if the apache logs made it to loggly + checkIfApacheLogsMadeToLoggly + + #log success message + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Apache successfully configured to send logs via Loggly." +} + +#executing script to remove loggly configuration for Apache +removeLogglyConfForApache() +{ + logMsgToConfigSysLog "INFO" "INFO: Initiating rollback." + + #check if the user has root permission to run this script + checkIfUserHasRootPrivileges + + #check if the OS is supported by the script. If no, then exit + checkIfSupportedOS + + #check if apache2 is installed on unix system + checkApacheDetails + + #remove 21apache.conf file + remove21ApacheConfFile + + logMsgToConfigSysLog "INFO" "INFO: Rollback completed." +} + +#identify if apache2 is installed on your system and is available as a service +checkApacheDetails() +{ + getApacheServiceName + + #verify if apache is installed as service + if [ ! -f /etc/init.d/$SERVICE ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Apache is not configured as a service" + exit 1 + fi + + #get the version of apache installed + getApacheVersion + + #check if apache is supported + checkIfSupportedApacheVersion + + #set all the required apache variables by this script + setApacheVariables +} + +#Get the apache service name on various linux flavors +getApacheServiceName() +{ + #checking if the Linux is yum based or apt-get based + YUM_BASED=$(command -v yum) + APT_GET_BASED=$(command -v apt-get) + + if [ "$YUM_BASED" != "" ]; then + SERVICE="httpd" + APACHE_ACCESS_LOG_FILE="access_log" + APACHE_ERROR_LOG_FILE="error_log" + + elif [ "$APT_GET_BASED" != "" ]; then + SERVICE="apache2" + APACHE_ACCESS_LOG_FILE="access.log" + APACHE_ERROR_LOG_FILE="error.log" + fi +} + +#sets apache variables which will be used across various functions +setApacheVariables() +{ + LOGGLY_APACHE_LOG_HOME=/var/log/$SERVICE +} + +#gets the version of apache installed on the unix box +getApacheVersion() +{ + APACHE_VERSION=$($SERVICE -v | grep "Server version: Apache") + APACHE_VERSION=${APACHE_VERSION#*/} + APACHE_VERSION=${APACHE_VERSION% *} + APACHE_VERSION=$APACHE_VERSION | tr -d ' ' + APP_TAG="\"apache-version\":\"$APACHE_VERSION\"" + logMsgToConfigSysLog "INFO" "INFO: Apache version: $APACHE_VERSION" +} + +#checks if the apache version is supported by this script, currently the script +#only supports apache2 +checkIfSupportedApacheVersion() +{ + apacheMajorVersion=${APACHE_VERSION%%.*} + if [[ ($apacheMajorVersion -ne 2 ) ]]; then + logMsgToConfigSysLog "ERROR" "ERROR: This script only supports Apache version 2." + exit 1 + fi +} + +checkLogFileSize() +{ + accessFileSize=$(wc -c "$1" | cut -f 1 -d ' ') + errorFileSize=$(wc -c "$2" | cut -f 1 -d ' ') + fileSize=$((accessFileSize+errorFileSize)) + if [ $fileSize -ge 102400000 ]; then + logMsgToConfigSysLog "INFO" "INFO: " + while true; do + read -p "WARN: There are currently large log files which may use up your allowed volume. Please rotate your logs before continuing. Would you like to continue now anyway? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Current apache logs size is $fileSize bytes. Continuing with Apache Loggly configuration."; + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Current apache logs size is $fileSize bytes. Discontinuing with Apache Loggly configuration." + exit 1 + break;; + * ) echo "Please answer yes or no.";; + esac + done + elif [ $fileSize -eq 0 ]; then + logMsgToConfigSysLog "WARN" "WARN: There are no recent logs from Apache there so won't be any sent to Loggly. You can generate some logs by visiting a page on your web server." + exit 1 + fi +} + +write21ApacheConfFile() +{ + #Create apache syslog config file if it doesn't exist + echo "INFO: Checking if apache sysconf file $APACHE_SYSLOG_CONFFILE exist." + if [ -f "$APACHE_SYSLOG_CONFFILE" ]; then + logMsgToConfigSysLog "WARN" "WARN: Apache syslog file $APACHE_SYSLOG_CONFFILE already exist." + while true; do + read -p "Do you wish to override $APACHE_SYSLOG_CONFFILE? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $APACHE_SYSLOG_CONFFILE to $APACHE_SYSLOG_CONFFILE_BACKUP"; + sudo mv -f $APACHE_SYSLOG_CONFFILE $APACHE_SYSLOG_CONFFILE_BACKUP; + write21ApacheFileContents; + break;; + [Nn]* ) break;; + * ) echo "Please answer yes or no.";; + esac + done + else + write21ApacheFileContents + fi +} + +#function to write the contents of apache syslog config file +write21ApacheFileContents() +{ + logMsgToConfigSysLog "INFO" "INFO: Creating file $APACHE_SYSLOG_CONFFILE" + sudo touch $APACHE_SYSLOG_CONFFILE + sudo chmod o+w $APACHE_SYSLOG_CONFFILE + + imfileStr="\$ModLoad imfile + \$InputFilePollInterval 10 + \$WorkDirectory $RSYSLOG_DIR + " + if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then + imfileStr+="\$PrivDropToGroup adm + " + fi + + imfileStr+=" + # Apache access file: + \$InputFileName $LOGGLY_APACHE_LOG_HOME/$APACHE_ACCESS_LOG_FILE + \$InputFileTag apache-access: + \$InputFileStateFile stat-apache-access + \$InputFileSeverity info + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + + #Apache Error file: + \$InputFileName $LOGGLY_APACHE_LOG_HOME/$APACHE_ERROR_LOG_FILE + \$InputFileTag apache-error: + \$InputFileStateFile stat-apache-error + \$InputFileSeverity error + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + + #Add a tag for apache events + \$template LogglyFormatApache,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 tag=\\\"apache\\\"] %msg%\n\" + + if \$programname == 'apache-access' then @@logs-01.loggly.com:514;LogglyFormatApache + if \$programname == 'apache-access' then ~ + if \$programname == 'apache-error' then @@logs-01.loggly.com:514;LogglyFormatApache + if \$programname == 'apache-error' then ~ + " + + #change the apache-21 file to variable from above and also take the directory of the apache log file. +sudo cat << EOIPFW >> $APACHE_SYSLOG_CONFFILE +$imfileStr +EOIPFW + + restartRsyslog +} + + +#checks if the apache logs made to loggly +checkIfApacheLogsMadeToLoggly() +{ + counter=1 + maxCounter=10 + + apacheInitialLogCount=0 + apacheLatestLogCount=0 + queryParam="tag%3Aapache&from=-15m&until=now&size=1" + + queryUrl="$LOGGLY_ACCOUNT_URL/apiv2/search?q=$queryParam" + logMsgToConfigSysLog "INFO" "INFO: Search URL: $queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Getting initial apache log count." + #get the initial count of apache logs for past 15 minutes + searchAndFetch apacheInitialLogCount "$queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Verifying if the apache logs made it to Loggly." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + #get the final count of apache logs for past 15 minutes + searchAndFetch apacheLatestLogCount "$queryUrl" + let counter=$counter+1 + + while [ "$apacheLatestLogCount" -le "$apacheInitialLogCount" ]; do + echo "INFO: Did not find the test log message in Loggly's search yet. Waiting for 30 secs." + sleep 30 + echo "INFO: Done waiting. Verifying again." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + searchAndFetch apacheLatestLogCount "$queryUrl" + let counter=$counter+1 + if [ "$counter" -gt "$maxCounter" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Apache logs did not make to Loggly in time. Please check network and firewall settings and retry." + exit 1 + fi + done + + if [ "$apacheLatestLogCount" -gt "$apacheInitialLogCount" ]; then + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Apache logs successfully transferred to Loggly! You are now sending Apache logs to Loggly." + exit 0 + fi +} + +#remove 21apache.conf file +remove21ApacheConfFile() +{ + echo "INFO: Deleting the loggly apache syslog conf file." + if [ -f "$APACHE_SYSLOG_CONFFILE" ]; then + sudo rm -rf "$APACHE_SYSLOG_CONFFILE" + fi + echo "INFO: Removed all the modified files." + restartRsyslog +} + +#display usage syntax +usage() +{ +cat << EOF +usage: configure-apache [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] +usage: configure-apache [-a loggly auth account or subdomain] [-r to rollback] +usage: configure-apache [-h for help] +EOF +} + +########## Get Inputs from User - Start ########## + +if [ $# -eq 0 ]; then + usage + exit +else +while [ "$1" != "" ]; do + case $1 in + -t | --token ) shift + LOGGLY_AUTH_TOKEN=$1 + echo "AUTH TOKEN $LOGGLY_AUTH_TOKEN" + ;; + -a | --account ) shift + LOGGLY_ACCOUNT=$1 + echo "Loggly account or subdomain: $LOGGLY_ACCOUNT" + ;; + -u | --username ) shift + LOGGLY_USERNAME=$1 + echo "Username is set" + ;; + -p | --password ) shift + LOGGLY_PASSWORD=$1 + ;; + -r | --rollback ) + LOGGLY_ROLLBACK="true" + ;; + -h | --help) + usage + exit + ;; + esac + shift +done +fi + +if [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then + if [ "$LOGGLY_PASSWORD" = "" ]; then + getPassword + fi + installLogglyConfForApache +elif [ "$LOGGLY_ROLLBACK" != "" -a "$LOGGLY_ACCOUNT" != "" ]; then + removeLogglyConfForApache +else + usage +fi + +########## Get Inputs from User - End ########## diff --git a/Modular Scripts/File Monitoring/README.md b/Modular Scripts/File Monitoring/README.md new file mode 100644 index 0000000..79cbfbf --- /dev/null +++ b/Modular Scripts/File Monitoring/README.md @@ -0,0 +1,14 @@ +File Monitoring Script +====================== + +Configure your any text file to send it contents to Loggly + + sudo bash configure-file-monitoring.sh -a SUBDOMAIN -u USERNAME -f FILENAME -l FILE_ALIAS + +**Note:** File Alias should be unique for each file. + + + +Stop sending your file contents to Loggly + + sudo bash configure-file-monitoring.sh -a SUBDOMAIN -l FILE_ALIAS -r diff --git a/Modular Scripts/File Monitoring/configure-file-monitoring.sh b/Modular Scripts/File Monitoring/configure-file-monitoring.sh new file mode 100644 index 0000000..18f3fce --- /dev/null +++ b/Modular Scripts/File Monitoring/configure-file-monitoring.sh @@ -0,0 +1,398 @@ +#!/bin/bash + +#downloads configure-linux.sh +echo "INFO: Downloading dependencies - configure-linux.sh" +curl -s -o configure-linux.sh https://www.loggly.com/install/configure-linux.sh +source configure-linux.sh "being-invoked" + +########## Variable Declarations - Start ########## +#name of the current script +SCRIPT_NAME=configure-file-monitoring.sh +#version of the current script +SCRIPT_VERSION=1.5 + +#file to monitor (contains complete path and file name) provided by user +LOGGLY_FILE_TO_MONITOR= + +#alias name, will be used as tag & state file name etc. provided by user +LOGGLY_FILE_TO_MONITOR_ALIAS= + +#file alias provided by the user +APP_TAG="\"file-alias\":\"\"" + +#name and location of syslog file +FILE_SYSLOG_CONFFILE= + +#name and location of syslog backup file +FILE_SYSLOG_CONFFILE_BACKUP= + +MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure a file is available at https://www.loggly.com/docs/file-monitoring/" + +#this variable is set if the script is invoked via some other calling script +IS_FILE_MONITOR_SCRIPT_INVOKED="false" + +#file as tag sent with the logs +LOGGLY_FILE_TAG="file" + +#format name for the conf file. Can be set by calling script +CONF_FILE_FORMAT_NAME="LogglyFormatFile" + +########## Variable Declarations - End ########## + +# executing the script for loggly to install and configure syslog +installLogglyConfForFile() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating configure Loggly for file monitoring." + + #check if the linux environment is compatible for Loggly + checkLinuxLogglyCompatibility + + #checks if the file name contain spaces, if yes, the exit + checkIfFileLocationContainSpaces + + #construct variables using filename and filealias + constructFileVariables + + #check if file to monitor exists + checkIfFileExist + + #checks if the file has proper read permission + checkFileReadPermission + + #check if the alias is already taken + checkIfFileAliasExist + + #configure loggly for Linux + installLogglyConf + + #create 21.conf file + write21ConfFileContents + + #restart rsyslog + restartRsyslog + + #check for the log file size + checkLogFileSize $LOGGLY_FILE_TO_MONITOR + + #verify if the file logs made it to loggly + checkIfFileLogsMadeToLoggly + + #log success message + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Successfully configured to send $LOGGLY_FILE_TO_MONITOR logs via Loggly." +} + +#executing script to remove loggly configuration for File +removeLogglyConfForFile() +{ + logMsgToConfigSysLog "INFO" "INFO: Initiating rollback." + + #check if the user has root permission to run this script + checkIfUserHasRootPrivileges + + #check if the OS is supported by the script. If no, then exit + checkIfSupportedOS + + #construct variables using filename and filealias + constructFileVariables + + #checks if the conf file exists. if not, then exit. + checkIfConfFileExist + + #remove 21.conf file + remove21ConfFile + + #restart rsyslog + restartRsyslog + + #log success message + logMsgToConfigSysLog "INFO" "INFO: Rollback completed." +} + +checkIfFileLocationContainSpaces() +{ + case "$LOGGLY_FILE_TO_MONITOR" in + *\ * ) + logMsgToConfigSysLog "ERROR" "ERROR: File location cannot contain spaces." + exit 1;; + *) ;; + esac +} + +constructFileVariables() +{ + #conf file name + FILE_SYSLOG_CONFFILE="$RSYSLOG_ETCDIR_CONF/21-filemonitoring-$LOGGLY_FILE_TO_MONITOR_ALIAS.conf" + + #conf file backup name + FILE_SYSLOG_CONFFILE_BACKUP="$FILE_SYSLOG_CONFFILE.loggly.bk" + + #application tag + APP_TAG="\"file-alias\":\"$LOGGLY_FILE_TO_MONITOR_ALIAS\"" +} + +#checks if the file to be monitored exist +checkIfFileExist() +{ + if [ -f "$LOGGLY_FILE_TO_MONITOR" ]; then + logMsgToConfigSysLog "INFO" "INFO: File $LOGGLY_FILE_TO_MONITOR exists." + else + logMsgToConfigSysLog "ERROR" "ERROR: File $LOGGLY_FILE_TO_MONITOR does not exist. Kindly recheck." + exit 1 + fi +} + +#check if the file alias is already taken +checkIfFileAliasExist() +{ + if [ -f "$FILE_SYSLOG_CONFFILE" ]; then + logMsgToConfigSysLog "WARN" "WARN: This file alias is already taken. You must choose a unique file alias for each file." + while true; do + read -p "Would you like to overwrite the configuration for this file alias (yes/no)?" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $FILE_SYSLOG_CONFFILE to $FILE_SYSLOG_CONFFILE_BACKUP"; + sudo mv -f $FILE_SYSLOG_CONFFILE $FILE_SYSLOG_CONFFILE_BACKUP; + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Not overwriting the existing configuration. Exiting" + exit 1 + break;; + * ) echo "Please answer yes or no.";; + esac + done + fi +} + +#check the size of the log file. If the size is greater than 100MB give a warning to the user. If the file size is 0 +#then exit +checkLogFileSize() +{ + monitorFileSize=$(wc -c "$1" | cut -f 1 -d ' ') + if [ $monitorFileSize -ge 102400000 ]; then + logMsgToConfigSysLog "INFO" "INFO: " + while true; do + read -p "WARN: There are currently large log files which may use up your allowed volume. Please rotate your logs before continuing. Would you like to continue now anyway? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Current size of $LOGGLY_FILE_TO_MONITOR is $monitorFileSize bytes. Continuing with File Loggly configuration."; + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Current size of $LOGGLY_FILE_TO_MONITOR is $monitorFileSize bytes. Discontinuing with File Loggly configuration." + exit 1 + break;; + * ) echo "Please answer yes or no.";; + esac + done + elif [ $monitorFileSize -eq 0 ]; then + logMsgToConfigSysLog "WARN" "WARN: There are no recent logs from $LOGGLY_FILE_TO_MONITOR so there won't be any data sent to Loggly. You can generate some logs by writing to this file." + exit 1 + else + logMsgToConfigSysLog "INFO" "INFO: File size of $LOGGLY_FILE_TO_MONITOR is $monitorFileSize bytes." + fi +} + + +#checks the input file has proper read permissions +checkFileReadPermission() +{ + + LINUX_DIST_IN_LOWER_CASE=$(echo $LINUX_DIST | tr "[:upper:]" "[:lower:]") + + #no need to check read permissions with RedHat and CentOS as they also work with ---------- (000)permissions + case "$LINUX_DIST_IN_LOWER_CASE" in + *"redhat"* ) + ;; + *"centos"* ) + ;; + * ) + FILE_PERMISSIONS=$(ls -l $LOGGLY_FILE_TO_MONITOR) + #checking if the file has read permission for others + PERMISSION_READ_OTHERS=${FILE_PERMISSIONS:7:1} + if [ $PERMISSION_READ_OTHERS != r ]; then + logMsgToConfigSysLog "WARN" "WARN: $LOGGLY_FILE_TO_MONITOR does not have proper read permissions. Verification step may fail." + fi + ;; + esac + +} + +#function to write the contents of syslog config file +write21ConfFileContents() +{ + logMsgToConfigSysLog "INFO" "INFO: Creating file $FILE_SYSLOG_CONFFILE" + sudo touch $FILE_SYSLOG_CONFFILE + sudo chmod o+w $FILE_SYSLOG_CONFFILE + + imfileStr="\$ModLoad imfile + \$InputFilePollInterval 10 + \$WorkDirectory $RSYSLOG_DIR + " + if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then + imfileStr+="\$PrivDropToGroup adm + " + fi + + imfileStr+=" + # File access file: + \$InputFileName $LOGGLY_FILE_TO_MONITOR + \$InputFileTag $LOGGLY_FILE_TO_MONITOR_ALIAS: + \$InputFileStateFile stat-$LOGGLY_FILE_TO_MONITOR_ALIAS + \$InputFileSeverity info + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + + #Add a tag for file events + \$template $CONF_FILE_FORMAT_NAME,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 tag=\\\"$LOGGLY_FILE_TAG\\\"] %msg%\n\" + + if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then @@logs-01.loggly.com:514;$CONF_FILE_FORMAT_NAME + if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then ~ + " + + #write to 21-.conf file +sudo cat << EOIPFW >> $FILE_SYSLOG_CONFFILE +$imfileStr +EOIPFW + +} + +#checks if the apache logs made to loggly +checkIfFileLogsMadeToLoggly() +{ + counter=1 + maxCounter=10 + + fileInitialLogCount=0 + fileLatestLogCount=0 + queryParam="syslog.appName%3A$LOGGLY_FILE_TO_MONITOR_ALIAS&from=-15m&until=now&size=1" + + queryUrl="$LOGGLY_ACCOUNT_URL/apiv2/search?q=$queryParam" + logMsgToConfigSysLog "INFO" "INFO: Search URL: $queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Getting initial log count." + #get the initial count of file logs for past 15 minutes + searchAndFetch fileInitialLogCount "$queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Verifying if the logs made it to Loggly." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + #get the final count of file logs for past 15 minutes + searchAndFetch fileLatestLogCount "$queryUrl" + let counter=$counter+1 + + while [ "$fileLatestLogCount" -le "$fileInitialLogCount" ]; do + echo "INFO: Did not find the test log message in Loggly's search yet. Waiting for 30 secs." + sleep 30 + echo "INFO: Done waiting. Verifying again." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + searchAndFetch fileLatestLogCount "$queryUrl" + let counter=$counter+1 + if [ "$counter" -gt "$maxCounter" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: File logs did not make to Loggly in time. Please check network and firewall settings and retry." + exit 1 + fi + done + + if [ "$fileLatestLogCount" -gt "$fileInitialLogCount" ]; then + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Logs successfully transferred to Loggly! You are now sending $LOGGLY_FILE_TO_MONITOR logs to Loggly." + if [ "$IS_FILE_MONITOR_SCRIPT_INVOKED" = "false" ]; then + exit 0 + fi + fi +} + +#checks if the conf file exist. Name of conf file is constructed using the file alias name provided +checkIfConfFileExist() +{ + if [ ! -f "$FILE_SYSLOG_CONFFILE" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Invalid File Alias provided." + exit 1 + fi +} + +#remove 21.conf file +remove21ConfFile() +{ + echo "INFO: Deleting the loggly syslog conf file $FILE_SYSLOG_CONFFILE." + if [ -f "$FILE_SYSLOG_CONFFILE" ]; then + sudo rm -rf "$FILE_SYSLOG_CONFFILE" + if [ "$IS_FILE_MONITOR_SCRIPT_INVOKED" = "false" ]; then + echo "INFO: Removed all the modified files." + fi + else + logMsgToConfigSysLog "WARN" "WARN: $FILE_SYSLOG_CONFFILE file was not found." + fi +} + +#display usage syntax +usage() +{ +cat << EOF +usage: configure-file-monitoring [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-f filename] [-tag filetag (optional)] [-l filealias] +usage: configure-file-monitoring [-a loggly auth account or subdomain] [-r to rollback] [-l filealias] +usage: configure-file-monitoring [-h for help] +EOF +} + +########## Get Inputs from User - Start ########## +if [ "$1" != "being-invoked" ]; then + if [ $# -eq 0 ]; then + usage + exit + else + while [ "$1" != "" ]; do + case $1 in + -t | --token ) shift + LOGGLY_AUTH_TOKEN=$1 + echo "AUTH TOKEN $LOGGLY_AUTH_TOKEN" + ;; + -a | --account ) shift + LOGGLY_ACCOUNT=$1 + echo "Loggly account or subdomain: $LOGGLY_ACCOUNT" + ;; + -u | --username ) shift + LOGGLY_USERNAME=$1 + echo "Username is set" + ;; + -p | --password ) shift + LOGGLY_PASSWORD=$1 + ;; + -r | --rollback ) + LOGGLY_ROLLBACK="true" + ;; + -f | --filename ) shift + #LOGGLY_FILE_TO_MONITOR=$1 + LOGGLY_FILE_TO_MONITOR=$(readlink -f "$1") + echo "File to monitor: $LOGGLY_FILE_TO_MONITOR" + ;; + -l | --filealias ) shift + LOGGLY_FILE_TO_MONITOR_ALIAS=$1 + CONF_FILE_FORMAT_NAME=$CONF_FILE_FORMAT_NAME$1 + echo "File alias: $LOGGLY_FILE_TO_MONITOR_ALIAS" + ;; + -tag| --filetag ) shift + LOGGLY_FILE_TAG=$1 + echo "File tag: $LOGGLY_FILE_TAG" + ;; + -h | --help) + usage + exit + ;; + esac + shift + done + fi + + if [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" -a "$LOGGLY_FILE_TO_MONITOR" != "" -a "$LOGGLY_FILE_TO_MONITOR_ALIAS" != "" ]; then + if [ "$LOGGLY_PASSWORD" = "" ]; then + getPassword + fi + installLogglyConfForFile + elif [ "$LOGGLY_ROLLBACK" != "" -a "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_FILE_TO_MONITOR_ALIAS" != "" ]; then + removeLogglyConfForFile + else + usage + fi +else + IS_FILE_MONITOR_SCRIPT_INVOKED="true" +fi +########## Get Inputs from User - End ########## diff --git a/Modular Scripts/Nginx/README.md b/Modular Scripts/Nginx/README.md new file mode 100644 index 0000000..abdbd38 --- /dev/null +++ b/Modular Scripts/Nginx/README.md @@ -0,0 +1,10 @@ +Nginx Script +============= + +Configure your Nginx server to send logs from access file and error file to Loggly + + sudo bash configure-nginx.sh -a SUBDOMAIN -u USERNAME + +Stop sending your Nginx logs to Loggly + + sudo bash configure-nginx.sh -a SUBDOMAIN -r diff --git a/Modular Scripts/Nginx/configure-nginx.sh b/Modular Scripts/Nginx/configure-nginx.sh new file mode 100644 index 0000000..3df7157 --- /dev/null +++ b/Modular Scripts/Nginx/configure-nginx.sh @@ -0,0 +1,342 @@ +#!/bin/bash + +#downloads configure-linux.sh +echo "INFO: Downloading dependencies - configure-linux.sh" +curl -s -o configure-linux.sh https://www.loggly.com/install/configure-linux.sh +source configure-linux.sh "being-invoked" + +########## Variable Declarations - Start ########## +#name of the current script +SCRIPT_NAME=configure-nginx.sh +#version of the current script +SCRIPT_VERSION=1.0 + +#we have not found the nginx version yet at this point in the script +APP_TAG="\"nginx-version\":\"\"" + +#name of the service, in this case nginx +SERVICE="nginx" +#name of nginx access log file +NGINX_ACCESS_LOG_FILE="access.log" +#name of nginx error log file +NGINX_ERROR_LOG_FILE="error.log" +#name and location of nginx syslog file +NGINX_SYSLOG_CONFFILE=$RSYSLOG_ETCDIR_CONF/21-nginx.conf +#name and location of nginx syslog backup file +NGINX_SYSLOG_CONFFILE_BACKUP=$RSYSLOG_ETCDIR_CONF/21-nginx.conf.loggly.bk + +#this variable will hold the path to the nginx home +LOGGLY_NGINX_HOME= +#this variable will hold the value of the nginx log folder +LOGGLY_NGINX_LOG_HOME= +#this variable will hold the users nginx version +NGINX_VERSION= + +MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure nginx is available at https://www.loggly.com/docs/nginx-server-logs#manual" + +#this variable will hold if the check env function for linux is invoked +NGINX_ENV_VALIDATED="false" +########## Variable Declarations - End ########## + +#check if nginx environment is compatible for Loggly +checkNginxLogglyCompatibility() +{ + #check if the linux environment is compatible for Loggly + checkLinuxLogglyCompatibility + + #check if nginx is installed on unix system + checkNginxDetails + + NGINX_ENV_VALIDATED="true" +} + + +# executing the script for loggly to install and configure syslog. +installLogglyConfForNginx() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating Configure Loggly for Nginx." + + #check if nginx environment is compatible with Loggly + if [ "$NGINX_ENV_VALIDATED" = "false" ]; then + checkNginxLogglyCompatibility + fi + + #configure loggly for Linux + installLogglyConf + + #create 21nginx.conf file + write21NginxConfFile + + #check for the nginx log file size + checkLogFileSize $LOGGLY_NGINX_LOG_HOME/$NGINX_ACCESS_LOG_FILE $LOGGLY_NGINX_LOG_HOME/$NGINX_ERROR_LOG_FILE + + #verify if the nginx logs made it to loggly + checkIfNginxLogsMadeToLoggly + + #log success message + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Nginx successfully configured to send logs via Loggly." +} + +#executing script to remove loggly configuration for Nginx +removeLogglyConfForNginx() +{ + logMsgToConfigSysLog "INFO" "INFO: Initiating rollback." + + #check if the user has root permission to run this script + checkIfUserHasRootPrivileges + + #check if the OS is supported by the script. If no, then exit + checkIfSupportedOS + + #check if nginx is installed on unix system + checkNginxDetails + + #remove 21nginx.conf file + remove21NginxConfFile + + logMsgToConfigSysLog "INFO" "INFO: Rollback completed." +} + +#identify if nginx is installed on your system and is available as a service +checkNginxDetails() +{ + #verify if nginx is installed as service + if [ ! -f /etc/init.d/$SERVICE ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Nginx is not configured as a service" + exit 1 + fi + + #get the version of nginx installed + getNginxVersion + + #set all the required nginx variables by this script + setNginxVariables +} + + +#sets nginx variables which will be used across various functions +setNginxVariables() +{ + LOGGLY_NGINX_LOG_HOME=/var/log/$SERVICE +} + +#gets the version of nginx installed on the unix box +getNginxVersion() +{ + NGINX_VERSION=$(nginx -v 2>&1) + NGINX_VERSION=${NGINX_VERSION#*/} + APP_TAG="\"nginx-version\":\"$NGINX_VERSION\"" + logMsgToConfigSysLog "INFO" "INFO: nginx version: $NGINX_VERSION" +} + +checkLogFileSize() +{ + accessFileSize=$(wc -c "$1" | cut -f 1 -d ' ') + errorFileSize=$(wc -c "$2" | cut -f 1 -d ' ') + fileSize=$((accessFileSize+errorFileSize)) + if [ $fileSize -ge 102400000 ]; then + logMsgToConfigSysLog "INFO" "INFO: " + while true; do + read -p "WARN: There are currently large log files which may use up your allowed volume. Please rotate your logs before continuing. Would you like to continue now anyway? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Current nginx logs size is $fileSize bytes. Continuing with nginx Loggly configuration."; + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Current nginx logs size is $fileSize bytes. Discontinuing with nginx Loggly configuration." + exit 1 + break;; + * ) echo "Please answer yes or no.";; + esac + done + elif [ $fileSize -eq 0 ]; then + logMsgToConfigSysLog "WARN" "WARN: There are no recent logs from nginx there so won't be any sent to Loggly. You can generate some logs by visiting a page on your web server." + exit 1 + fi +} + +write21NginxConfFile() +{ + #Create nginx syslog config file if it doesn't exist + echo "INFO: Checking if nginx sysconf file $NGINX_SYSLOG_CONFFILE exist." + if [ -f "$NGINX_SYSLOG_CONFFILE" ]; then + logMsgToConfigSysLog "WARN" "WARN: nginx syslog file $NGINX_SYSLOG_CONFFILE already exist." + while true; do + read -p "Do you wish to override $NGINX_SYSLOG_CONFFILE? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $NGINX_SYSLOG_CONFFILE to $NGINX_SYSLOG_CONFFILE_BACKUP"; + sudo mv -f $NGINX_SYSLOG_CONFFILE $NGINX_SYSLOG_CONFFILE_BACKUP; + write21NginxFileContents; + break;; + [Nn]* ) break;; + * ) echo "Please answer yes or no.";; + esac + done + else + write21NginxFileContents + fi +} + +#function to write the contents of nginx syslog config file +write21NginxFileContents() +{ + logMsgToConfigSysLog "INFO" "INFO: Creating file $NGINX_SYSLOG_CONFFILE" + sudo touch $NGINX_SYSLOG_CONFFILE + sudo chmod o+w $NGINX_SYSLOG_CONFFILE + + imfileStr="\$ModLoad imfile + \$InputFilePollInterval 10 + \$WorkDirectory $RSYSLOG_DIR + " + if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then + imfileStr+="\$PrivDropToGroup adm + " + fi + + imfileStr+=" + # nginx access file: + \$InputFileName $LOGGLY_NGINX_LOG_HOME/$NGINX_ACCESS_LOG_FILE + \$InputFileTag nginx-access: + \$InputFileStateFile stat-nginx-access + \$InputFileSeverity info + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + + #nginx Error file: + \$InputFileName $LOGGLY_NGINX_LOG_HOME/$NGINX_ERROR_LOG_FILE + \$InputFileTag nginx-error: + \$InputFileStateFile stat-nginx-error + \$InputFileSeverity error + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + + #Add a tag for nginx events + \$template LogglyFormatNginx,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 tag=\\\"nginx\\\"] %msg%\n\" + + if \$programname == 'nginx-access' then @@logs-01.loggly.com:514;LogglyFormatNginx + if \$programname == 'nginx-access' then ~ + if \$programname == 'nginx-error' then @@logs-01.loggly.com:514;LogglyFormatNginx + if \$programname == 'nginx-error' then ~ + " + + #change the nginx-21 file to variable from above and also take the directory of the nginx log file. +sudo cat << EOIPFW >> $NGINX_SYSLOG_CONFFILE +$imfileStr +EOIPFW + + restartRsyslog +} + + +#checks if the nginx logs made to loggly +checkIfNginxLogsMadeToLoggly() +{ + counter=1 + maxCounter=10 + + nginxInitialLogCount=0 + nginxLatestLogCount=0 + queryParam="tag%3Anginx&from=-15m&until=now&size=1" + + queryUrl="$LOGGLY_ACCOUNT_URL/apiv2/search?q=$queryParam" + logMsgToConfigSysLog "INFO" "INFO: Search URL: $queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Getting initial nginx log count." + #get the initial count of nginx logs for past 15 minutes + searchAndFetch nginxInitialLogCount "$queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Verifying if the nginx logs made it to Loggly." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + #get the final count of nginx logs for past 15 minutes + searchAndFetch nginxLatestLogCount "$queryUrl" + let counter=$counter+1 + + while [ "$nginxLatestLogCount" -le "$nginxInitialLogCount" ]; do + echo "INFO: Did not find the test log message in Loggly's search yet. Waiting for 30 secs." + sleep 30 + echo "INFO: Done waiting. Verifying again." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + searchAndFetch nginxLatestLogCount "$queryUrl" + let counter=$counter+1 + if [ "$counter" -gt "$maxCounter" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Nginx logs did not make to Loggly in time. Please check network and firewall settings and retry." + exit 1 + fi + done + + if [ "$nginxLatestLogCount" -gt "$nginxInitialLogCount" ]; then + logMsgToConfigSysLog "SUCCESS" "SUCCESS: nginx logs successfully transferred to Loggly! You are now sending nginx logs to Loggly." + exit 0 + fi +} + +#remove 21nginx.conf file +remove21NginxConfFile() +{ + echo "INFO: Deleting the loggly nginx syslog conf file." + if [ -f "$NGINX_SYSLOG_CONFFILE" ]; then + sudo rm -rf "$NGINX_SYSLOG_CONFFILE" + fi + echo "INFO: Removed all the modified files." + restartRsyslog +} + +#display usage syntax +usage() +{ +cat << EOF +usage: configure-nginx [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] +usage: configure-nginx [-a loggly auth account or subdomain] [-r to rollback] +usage: configure-nginx [-h for help] +EOF +} + +########## Get Inputs from User - Start ########## + +if [ $# -eq 0 ]; then + usage + exit +else +while [ "$1" != "" ]; do + case $1 in + -t | --token ) shift + LOGGLY_AUTH_TOKEN=$1 + echo "AUTH TOKEN $LOGGLY_AUTH_TOKEN" + ;; + -a | --account ) shift + LOGGLY_ACCOUNT=$1 + echo "Loggly account or subdomain: $LOGGLY_ACCOUNT" + ;; + -u | --username ) shift + LOGGLY_USERNAME=$1 + echo "Username is set" + ;; + -p | --password ) shift + LOGGLY_PASSWORD=$1 + ;; + -r | --rollback ) + LOGGLY_ROLLBACK="true" + ;; + -h | --help) + usage + exit + ;; + esac + shift +done +fi + +if [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then + if [ "$LOGGLY_PASSWORD" = "" ]; then + getPassword + fi + installLogglyConfForNginx +elif [ "$LOGGLY_ROLLBACK" != "" -a "$LOGGLY_ACCOUNT" != "" ]; then + removeLogglyConfForNginx +else + usage +fi + +########## Get Inputs from User - End ########## diff --git a/Modular Scripts/S3Logs Monitoring/README.md b/Modular Scripts/S3Logs Monitoring/README.md new file mode 100644 index 0000000..d667c16 --- /dev/null +++ b/Modular Scripts/S3Logs Monitoring/README.md @@ -0,0 +1,14 @@ +AWS S3 File Monitoring Script +====================== + +Configure your S3 bucket and file logs to send to Loggly with synchronization + + sudo bash configure-s3-file-monitoring.sh -a SUBDOMAIN -u USERNAME -s3url S3-BUCKET-PATH -s3l S3-BUCKET-ALIAS + +**Note:** S3 Bucket Alias should be unique for each bucket. + + + +Stop sending your S3 bucket logs to Loggly + + sudo bash configure-s3-file-monitoring.sh -a SUBDOMAIN -s3l S3-BUCKET-ALIAS -r diff --git a/Modular Scripts/S3Logs Monitoring/configure-s3-file-monitoring.sh b/Modular Scripts/S3Logs Monitoring/configure-s3-file-monitoring.sh new file mode 100644 index 0000000..f14d841 --- /dev/null +++ b/Modular Scripts/S3Logs Monitoring/configure-s3-file-monitoring.sh @@ -0,0 +1,492 @@ +#!/bin/bash + +echo "INFO: Downloading dependencies - configure-file-monitoring.sh" +curl -s -o configure-file-monitoring.sh https://www.loggly.com/install/configure-file-monitoring.sh +source configure-file-monitoring.sh "being-invoked" + +########## Variable Declarations - Start ########## +#name of the current script +SCRIPT_NAME=configure-s3-file-monitoring.sh +#version of the current script +SCRIPT_VERSION=1.3 + +#s3 bucket name to configure +LOGGLY_S3_BUCKET_NAME= + +#alias name, will be used as tag & state file name etc. provided by user +LOGGLY_S3_ALIAS= + +#file alias provided by the user +APP_TAG="\"s3file-alias\":\"\"" + +#name and location of syslog file +FILE_SYSLOG_CONFFILE= + +#name and location of syslog backup file +FILE_SYSLOG_CONFFILE_BACKUP= + +#holds variable if any of the file is configured +IS_ANY_FILE_CONFIGURED="false" + +#value for temp directory +TEMP_DIR= + +IS_S3CMD_CONFIGURED_BY_SCRIPT="false" + +MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure a file is available at https://www.loggly.com/docs/file-monitoring/" + +########## Variable Declarations - End ########## + +# executing the script for loggly to install and configure syslog +installLogglyConfForS3() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating configure Loggly for file monitoring." + + #check if the provided alias is correct or not + checkIfS3AliasAlreadyTaken + + #check if the linux environment is compatible for Loggly + checkLinuxLogglyCompatibility + + #check if s3cmd utility is installed and configured + checkIfS3cmdInstalledAndConfigured + + #check if s3bucket is valid + checkIfValidS3Bucket + + #configure loggly for Linux + installLogglyConf + + #create temporary directory + createTempDir + + #download S3 files from bucket to temp directory + downloadS3Bucket + + #invoke file monitoring on each file after checking if it is a text file or not + invokeS3FileMonitoring + + #install a cron job to sync the downloaded files after each 5 minutes + installCronToSyncS3BucketPeriodically + + if [ "$IS_ANY_FILE_CONFIGURED" != "false" ]; then + #check if s3 logs made it to loggly + checkIfS3LogsMadeToLoggly + else + logMsgToConfigSysLog "WARN" "WARN: Did not find any files to configure. Nothing to do." + fi + +} + + +#executing script to remove loggly configuration for S3 files +removeLogglyConfForS3() +{ + logMsgToConfigSysLog "INFO" "INFO: Initiating rollback." + + #check if the user has root permission to run this script + checkIfUserHasRootPrivileges + + #check if the OS is supported by the script. If no, then exit + checkIfSupportedOS + + #check if alias provided is the correct one + checkIfS3AliasExist + + #remove file monitoring + removeS3FileMonitoring + + #delete the s3 sync cron from the crontab + deleteS3CronFromCrontab + + #delete temporary directory if exists + TEMP_DIR=/tmp/s3monitoring/$LOGGLY_S3_ALIAS + deleteTempDir + + #log success message + logMsgToConfigSysLog "INFO" "INFO: Rollback completed." +} + +checkIfS3AliasAlreadyTaken() +{ + if ls $RSYSLOG_ETCDIR_CONF/*$LOGGLY_S3_ALIAS.conf &> /dev/null; then + logMsgToConfigSysLog "ERROR" "ERROR: $LOGGLY_S3_ALIAS is already taken. Please try with another one." + exit 1 + fi +} + +#check if s3cmd utility is installed and configured +checkIfS3cmdInstalledAndConfigured() +{ + if hash s3cmd 2>/dev/null; then + checkIfS3cmdConfigured + else + logMsgToConfigSysLog "INFO" "INFO: s3cmd is not present on your system. Setting it up on your system" + downloadS3cmd + configureS3cmd + fi +} + +#check if s3cmd utility is configured +checkIfS3cmdConfigured() +{ + var=$(sudo s3cmd ls 2>/dev/null) + if [ "$var" != "" ]; then + if [ "$IS_S3CMD_CONFIGURED_BY_SCRIPT" == "false" ]; then + logMsgToConfigSysLog "INFO" "INFO: s3cmd is already configured on your system" + else + logMsgToConfigSysLog "INFO" "INFO: s3cmd configured successfully" + fi + else + if [ "$IS_S3CMD_CONFIGURED_BY_SCRIPT" == "false" ]; then + logMsgToConfigSysLog "INFO" "INFO: s3cmd is not configured on your system. Trying to configure." + configureS3cmd + else + logMsgToConfigSysLog "ERROR" "ERROR: s3cmd is not configured correctly. Please configure s3cmd using command s3cmd --configure" + exit 1 + fi + fi +} + +#download and install s3cmd +downloadS3cmd() +{ + #checking if the Linux is yum based or apt-get based + YUM_BASED=$(command -v yum) + APT_GET_BASED=$(command -v apt-get) + + if [ "$YUM_BASED" != "" ]; then + sudo yum install s3cmd || { logMsgToConfigSysLog "ERROR" "ERROR: s3cmd installation failed on $LINUX_DIST. Please ensure you have EPEL installed." ; exit 1; } + elif [ "$APT_GET_BASED" != "" ]; then + sudo apt-get install s3cmd || { logMsgToConfigSysLog "ERROR" "ERROR: s3cmd installation failed on $LINUX_DIST." ; exit 1; } + else + logMsgToConfigSysLog "ERROR" "ERROR: s3cmd installation failed on $LINUX_DIST." + exit 1 + fi +} + +#configure s3cmd +configureS3cmd() +{ + sudo s3cmd --configure + IS_S3CMD_CONFIGURED_BY_SCRIPT="true" + #check if s3cmd configured successfully now + checkIfS3cmdConfigured +} + +#check if s3bucket is valid +checkIfValidS3Bucket() +{ + #check if valid Bucket name + if [[ $LOGGLY_S3_BUCKET_NAME != s3://* ]]; then + logMsgToConfigSysLog "Error" "Error: Invalid s3 Bucket name. Bucket name should start with 's3://'" + exit 1 + fi + + if [ "$LOGGLY_S3_BUCKET_NAME" != "" ]; then + logMsgToConfigSysLog "INFO" "INFO: Check if valid S3 Bucket name." + BUCKET_INFO=$(sudo s3cmd ls -r $LOGGLY_S3_BUCKET_NAME 2>&1) + case $BUCKET_INFO in + ERROR*) + #logging actual error message returned by s3cmd + logMsgToConfigSysLog "ERROR" "$BUCKET_INFO" + exit 1 + ;; + "") + logMsgToConfigSysLog "ERROR" "ERROR: No files found in the S3 Bucket $LOGGLY_S3_BUCKET_NAME." + exit 1 + ;; + *) + logMsgToConfigSysLog "INFO" "INFO: '$LOGGLY_S3_BUCKET_NAME' is a valid Bucket and accessible." + ;; + esac + fi +} + + +createTempDir() +{ + TEMP_DIR=/tmp/s3monitoring/$LOGGLY_S3_ALIAS + if [ -d "$TEMP_DIR" ]; then + if [ "$(ls -A $TEMP_DIR)" ]; then + logMsgToConfigSysLog "WARN" "WARN: There are some files/folders already present in $TEMP_DIR. If you continue, the files currently inside the $TEMP_DIR will also be configured to send logs to loggly." + while true; do + read -p "Would you like to continue now anyway? (yes/no)" yn + case $yn in + [Yy]* ) + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Discontinuing with s3 file monitoring configuration." + exit 1 + break;; + * ) echo "Please answer yes or no.";; + esac + done + fi + else + if [ -d "/tmp/s3monitoring" ]; then + mkdir /tmp/s3monitoring/$LOGGLY_S3_ALIAS + else + mkdir /tmp/s3monitoring + mkdir /tmp/s3monitoring/$LOGGLY_S3_ALIAS + fi + fi +} + +downloadS3Bucket() +{ + if [ "$LOGGLY_S3_BUCKET_NAME" != "" ]; then + #Files are downloaded in nested directory + cd $TEMP_DIR + echo "Downloading files, may take some time..." + sudo s3cmd get -r -f $LOGGLY_S3_BUCKET_NAME > /dev/null 2>&1 + if [ $? -ne 0 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Error downloading files recursively from $LOGGLY_S3_BUCKET_NAME" + exit 1 + fi + fi +} + + +invokeS3FileMonitoring() +{ + dir=/tmp/s3monitoring/$LOGGLY_S3_ALIAS + #TODO: Not supporting multiple files with same name in different directories + #only supporting file with naming convention *.* + for f in $(find $dir -name '*') + do + fileNameWithExt=${f##*/} + uniqueFileName=$(echo "$fileNameWithExt" | tr . _) + var=$(file $f) + + #it may be possible that the "text" may contain some uppercase letters like "Text" + var=$(echo $var | tr "[:upper:]" "[:lower:]") + + if [[ $var == *text* ]]; then + LOGGLY_FILE_TO_MONITOR_ALIAS=$uniqueFileName-$LOGGLY_S3_ALIAS + LOGGLY_FILE_TO_MONITOR=$f + LOGGLY_FILE_TAG="s3file" + CONF_FILE_FORMAT_NAME="LogglyFormatS3" + constructFileVariables + checkFileReadPermission + checkLogFileSize $LOGGLY_FILE_TO_MONITOR + write21ConfFileContents + IS_ANY_FILE_CONFIGURED="true" + #ignoring directory + elif [[ $var != *directory* ]]; then + logMsgToConfigSysLog "WARN" "WARN: File $fileNameWithExt is not a text file. Ignoring." + fi + done + + if [ "$IS_ANY_FILE_CONFIGURED" != "false" ]; then + restartRsyslog + fi +} + +installCronToSyncS3BucketPeriodically() +{ + while true; do + read -p "Would you like install a Cron job to sync the files currently in your bucket every 5 minutes? (yes/no)" yn + case $yn in + [Yy]* ) + + #copying .s3cfg file to /root so that it can be used by crontab for sync + if ! sudo test -f "/root/.s3cfg" ; then + sudo cp $HOME/.s3cfg /root + fi + + CRON_FILE="/tmp/s3monitoring/cron_$LOGGLY_S3_ALIAS" + CRON_SYNC_PATH="/tmp/s3monitoring/$LOGGLY_S3_ALIAS" + + #checking if the provided s3 path if of directory or file + IS_DIR="true" + BUCKET_URL_LAST_VALUE=$(echo ${LOGGLY_S3_BUCKET_NAME##*/}) + + if [ "$BUCKET_URL_LAST_VALUE" != "" ]; then + for fle in $(find $CRON_SYNC_PATH -name $BUCKET_URL_LAST_VALUE) + do + if [ -f $fle ]; then + IS_DIR="false" + break + fi + done + fi + + #adding file name to the sync folder as the bucket path is + #provided upto a file + if [ "$IS_DIR" == "false" ]; then + CRON_SYNC_PATH="$CRON_SYNC_PATH/$BUCKET_URL_LAST_VALUE" + fi + + logMsgToConfigSysLog "INFO" "INFO: Creating a Cron job to sync $LOGGLY_S3_BUCKET_NAME files to $CRON_SYNC_PATH in every five minutes." + + #setting up cron job + CRON_JOB_TO_SYNC_S3_BUCKET="*/5 * * * * s3cmd sync $LOGGLY_S3_BUCKET_NAME --preserve $CRON_SYNC_PATH" + + EXISTING_CRONS=$(sudo crontab -l 2>&1) + case $EXISTING_CRONS in + no*) + ;; + *) + echo "$EXISTING_CRONS" >> $CRON_FILE + ;; + esac + + echo "$CRON_JOB_TO_SYNC_S3_BUCKET" >> $CRON_FILE + sudo crontab $CRON_FILE + sudo rm -fr $CRON_FILE + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Skipping Cron installation." + break;; + * ) echo "Please answer yes or no.";; + esac + done + +} + +deleteTempDir() +{ + if [ -d "$TEMP_DIR" ]; then + sudo rm -fr $TEMP_DIR + fi +} + +checkIfS3LogsMadeToLoggly() +{ + counter=1 + maxCounter=10 + + fileInitialLogCount=0 + fileLatestLogCount=0 + queryParam="syslog.appName%3A%2A$LOGGLY_S3_ALIAS&from=-5m&until=now&size=1" + + queryUrl="$LOGGLY_ACCOUNT_URL/apiv2/search?q=$queryParam" + logMsgToConfigSysLog "INFO" "INFO: Search URL: $queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Verifying if the logs made it to Loggly." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + #get the final count of file logs for past 5 minutes + searchAndFetch fileLatestLogCount "$queryUrl" + let counter=$counter+1 + + while [ "$fileLatestLogCount" -le "$fileInitialLogCount" ]; do + echo "INFO: Did not find the test log message in Loggly's search yet. Waiting for 30 secs." + sleep 30 + echo "INFO: Done waiting. Verifying again." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + searchAndFetch fileLatestLogCount "$queryUrl" + let counter=$counter+1 + if [ "$counter" -gt "$maxCounter" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: S3 logs did not make to Loggly in time. Please check network and firewall settings and retry." + exit 1 + fi + done + + if [ "$fileLatestLogCount" -gt "$fileInitialLogCount" ]; then + if [ "$LOGGLY_S3_BUCKET_NAME" != "" ]; then + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Logs successfully transferred to Loggly! You are now sending $LOGGLY_S3_BUCKET_NAME logs to Loggly." + + fi + fi +} + +checkIfS3AliasExist() +{ + if ! ls $RSYSLOG_ETCDIR_CONF/*$LOGGLY_S3_ALIAS.conf &> /dev/null; then + #logMsgToConfigSysLog "INFO" "INFO: $LOGGLY_S3_ALIAS found." + #else + logMsgToConfigSysLog "ERROR" "ERROR: $LOGGLY_S3_ALIAS does not exist. Please provide the correct s3 alias." + exit 1 + fi +} + +removeS3FileMonitoring() +{ + FILES=$RSYSLOG_ETCDIR_CONF/*$LOGGLY_S3_ALIAS.conf + for f in $FILES + do + aliasName=${f##*/} + aliasName=${aliasName%.*} + aliasName=${aliasName#21-filemonitoring-} + + LOGGLY_FILE_TO_MONITOR_ALIAS=$aliasName + constructFileVariables + remove21ConfFile + done + echo "INFO: Removed all the modified files." + restartRsyslog +} + +deleteS3CronFromCrontab() +{ + logMsgToConfigSysLog "INFO" "INFO: Deleting sync Cron." + sudo crontab -l | grep -v "/tmp/s3monitoring/$LOGGLY_S3_ALIAS" | crontab - +} + +#display usage syntax +usage() +{ +cat << EOF +usage: configure-s3-file-monitoring [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-s3url s3bucketname ] [-s3l s3alias] +usage: configure-s3-file-monitoring [-a loggly auth account or subdomain] [-r to rollback] [-s3l s3alias] +usage: configure-s3-file-monitoring [-h for help] +EOF +} + +########## Get Inputs from User - Start ########## + +if [ $# -eq 0 ]; then + usage + exit +else +while [ "$1" != "" ]; do + case $1 in + -t | --token ) shift + LOGGLY_AUTH_TOKEN=$1 + echo "AUTH TOKEN $LOGGLY_AUTH_TOKEN" + ;; + -a | --account ) shift + LOGGLY_ACCOUNT=$1 + echo "Loggly account or subdomain: $LOGGLY_ACCOUNT" + ;; + -u | --username ) shift + LOGGLY_USERNAME=$1 + echo "Username is set" + ;; + -p | --password ) shift + LOGGLY_PASSWORD=$1 + ;; + -r | --rollback ) + LOGGLY_ROLLBACK="true" + ;; + -s3url | --s3bucketname ) shift + LOGGLY_S3_BUCKET_NAME=$1 + echo "S3 Bucket Name: $LOGGLY_S3_BUCKET_NAME" + ;; + + -s3l | --s3alias ) shift + LOGGLY_S3_ALIAS=$1 + echo "File alias: $LOGGLY_S3_ALIAS" + ;; + -h | --help) + usage + exit + ;; + esac + shift +done +fi + +if [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" -a "$LOGGLY_S3_ALIAS" != "" -a \( "$LOGGLY_S3_BUCKET_NAME" != "" \) ]; then + if [ "$LOGGLY_PASSWORD" = "" ]; then + getPassword + fi + installLogglyConfForS3 +elif [ "$LOGGLY_ROLLBACK" != "" -a "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_S3_ALIAS" != "" ]; then + removeLogglyConfForS3 +else + usage +fi +########## Get Inputs from User - End ########## diff --git a/Modular Scripts/Tomcat/README.md b/Modular Scripts/Tomcat/README.md new file mode 100644 index 0000000..342ad1a --- /dev/null +++ b/Modular Scripts/Tomcat/README.md @@ -0,0 +1,10 @@ +Tomcat Script +============= + +Send your Tomcat logs to Loggly + + sudo bash configure-tomcat.sh -a SUBDOMAIN -u USERNAME + +Stop sending your Tomcat logs to Loggly + + sudo bash configure-tomcat.sh -a SUBDOMAIN -r diff --git a/Modular Scripts/Tomcat/configure-tomcat.sh b/Modular Scripts/Tomcat/configure-tomcat.sh index c1a927a..91f92ea 100644 --- a/Modular Scripts/Tomcat/configure-tomcat.sh +++ b/Modular Scripts/Tomcat/configure-tomcat.sh @@ -1,12 +1,15 @@ #!/bin/bash +#downloads configure-linux.sh +echo "INFO: Downloading dependencies - configure-linux.sh" +curl -s -o configure-linux.sh https://www.loggly.com/install/configure-linux.sh source configure-linux.sh "being-invoked" ########## Variable Declarations - Start ########## #name of the current script SCRIPT_NAME=configure-tomcat.sh #version of the current script -SCRIPT_VERSION=1.0 +SCRIPT_VERSION=1.1 #minimum version of tomcat to enable log rotation MIN_TOMCAT_VERSION=6.0.33.0 @@ -16,19 +19,10 @@ APP_TAG="\"tomcat-version\":\"\"" #name of the service, in this case tomcat6 SERVICE=tomcat6 -#directory location for syslog -SYSLOG_ETCDIR_CONF=/etc/rsyslog.d #name and location of tomcat syslog file -TOMCAT_SYSLOG_CONFFILE=$SYSLOG_ETCDIR_CONF/21-tomcat.conf +TOMCAT_SYSLOG_CONFFILE=$RSYSLOG_ETCDIR_CONF/21-tomcat.conf #name and location of tomcat syslog backup file -TOMCAT_SYSLOG_CONFFILE_BACKUP=$SYSLOG_ETCDIR_CONF/21-tomcat.conf.loggly.bk -#syslog directory -SYSLOG_DIR=/var/spool/rsyslog - -#this variable will hold the host name -HOST_NAME= -#this variable will hold the name of the linux distribution -LINUX_DIST= +TOMCAT_SYSLOG_CONFFILE_BACKUP=$RSYSLOG_ETCDIR_CONF/21-tomcat.conf.loggly.bk #this variable will hold the path to the catalina home LOGGLY_CATALINA_HOME= @@ -54,30 +48,43 @@ LOG4J_FILE_PATH= LOGGLY_CATALINA_HOME= MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure Tomcat is available at https://www.loggly.com/docs/tomcat-application-server" + +#this variable will hold if the check env function for linux is invoked +TOMCAT_ENV_VALIDATED= ########## Variable Declarations - End ########## +#check if Tomcat environment is compatible for Loggly +checkTomcatLogglyCompatibility() +{ + #check if the linux environment is compatible for Loggly + checkLinuxLogglyCompatibility + + #deduce CATALINA_HOME, this sets the value for LOGGLY_CATALINA_HOME variable + deduceAndCheckTomcatHomeAndVersion + + #check if tomcat is configured with log4j. If yes, then exit + checkIfTomcatConfiguredWithLog4J + + TOMCAT_ENV_VALIDATED="true" +} + + # executing the script for loggly to install and configure syslog. installLogglyConfForTomcat() { - installLogglyConf - #log message indicating starting of Loggly configuration logMsgToConfigSysLog "INFO" "INFO: Initiating Configure Loggly for Tomcat." - #get CATALINA_HOME, this sets the value for LOGGLY_CATALINA_HOME variable - getTomcatHome $SERVICE - - #check if the provided or deduced tomcat home is correct or not - checkIfValidTomcatHome - - #set all the required tomcat variables by this script - setTomcatVariables + #check if tomcat environment is compatible with Loggly + if [ "$TOMCAT_ENV_VALIDATED" = "" ]; then + checkTomcatLogglyCompatibility + fi - #check if tomcat version is supported by the script. The script only support tomcat 6 and 7 - checkIfSupportedTomcatVersion + #ask user if tomcat can be restarted + canTomcatBeRestarted - #check if tomcat is configured with log4j. If yes, then exit - checkIfTomcatConfiguredWithLog4J + #configure loggly for Linux + installLogglyConf #backing up the logging.properties file backupLoggingPropertiesFile @@ -94,39 +101,123 @@ installLogglyConfForTomcat() #log success message logMsgToConfigSysLog "SUCCESS" "SUCCESS: Tomcat successfully configured to send logs via Loggly." } -# End of configure rsyslog for tomcat - +#executing script to remove loggly configuration for tomcat removeLogglyConfForTomcat() { logMsgToConfigSysLog "INFO" "INFO: Initiating rollback." #check if the user has root permission to run this script checkIfUserHasRootPrivileges - + #check if the OS is supported by the script. If no, then exit checkIfSupportedOS - #get CATALINA_HOME, this sets the value for LOGGLY_CATALINA_HOME variable - getTomcatHome $SERVICE - - #check if the provided or deduced tomcat home is correct or not - checkIfValidTomcatHome + #deduce CATALINA_HOME, this sets the value for LOGGLY_CATALINA_HOME variable + deduceAndCheckTomcatHomeAndVersion - #set all the required tomcat variables by this script - setTomcatVariables - - #restore original loggly properties file from backup - restoreLogglyPropertiesFile + #ask user if tomcat can be restarted + canTomcatBeRestarted #remove 21tomcat.conf file remove21TomcatConfFile + + #restore original loggly properties file from backup + restoreLogglyPropertiesFile logMsgToConfigSysLog "INFO" "INFO: Rollback completed." } +#identify if tomcat6 or tomcat7 is installed on your system +deduceAndCheckTomcatHomeAndVersion() +{ + + if [ "$LOGGLY_CATALINA_HOME" = "" ]; then + LOGGLY_CATALINA_HOME= + + #lets check if tomcat7 is installed on the system + SERVICE=tomcat7 + + #try to deduce tomcat home considering tomcat7 + assumeTomcatHome $SERVICE + + #initialize validTomcatHome variable with value true. This value will be toggled + #in the function checkIfValidTomcatHome fails + validTomcatHome="true" + + #checks if the deduced tomcat7 home is correct or not + checkIfValidTomcatHome validTomcatHome + + #if tomcat7 home is not valid one, move on to check for tomcat6 + if [ "$validTomcatHome" = "false" ]; then + + LOGGLY_CATALINA_HOME= + + #lets check if tomcat6 is installed on the system + SERVICE=tomcat6 + + #try to deduce tomcat home considering tomcat6 + assumeTomcatHome $SERVICE + + #initialize validTomcatHome variable with value true. This value will be toggled + #in the function checkIfValidTomcatHome fails + validTomcatHome="true" + + #checks if the deduced tomcat7 home is correct or not + checkIfValidTomcatHome validTomcatHome + fi + + if [ "$validTomcatHome" = "true" ]; then + logMsgToConfigSysLog "INFO" "INFO: CATALINA HOME: $LOGGLY_CATALINA_HOME" + + #set all the required tomcat variables by this script + setTomcatVariables + + #find tomcat version + getTomcatVersion + + #check if tomcat version is supported by the script. The script only support tomcat 6 and 7 + checkIfSupportedTomcatVersion + else + logMsgToConfigSysLog "ERROR" "ERROR: Unable to determine correct CATALINA_HOME. Please provide correct Catalina Home using -ch option." + fi + else + #if the user has provided catalina_home, then we need to check if it is a valid catalina home and what is the correct version of the tomcat. + #Let us assume service name is tomcat for now, which will be updated later. + SERVICE=tomcat + + #set the flag to true + validTomcatHome="true" + + #check if the tomcat home provided by user is valid + checkIfValidTomcatHome validTomcatHome + + if [ "$validTomcatHome" = "true" ]; then + logMsgToConfigSysLog "INFO" "INFO: CATALINA HOME: $LOGGLY_CATALINA_HOME" + + #set tomcat variables + setTomcatVariables + + #find tomcat version + getTomcatVersion + + #check if tomcat version is supported by the script. The script only support tomcat 6 and 7 + checkIfSupportedTomcatVersion + + #update the service name + if [ "$tomcatMajorVersion" = "7" ]; then + SERVICE=tomcat7 + elif [ "$tomcatMajorVersion" = "6" ]; then + SERVICE=tomcat6 + fi + else + logMsgToConfigSysLog "ERROR" "ERROR: Provided Catalina Home is not correct. Please recheck." + fi + fi +} + #Get default location of tomcat home on various supported OS if user has not provided one -getTomcatHome() +assumeTomcatHome() { #if user has not provided the catalina home if [ "$LOGGLY_CATALINA_HOME" = "" ]; then @@ -134,7 +225,7 @@ getTomcatHome() *"Ubuntu"* ) LOGGLY_CATALINA_HOME="/var/lib/$1" ;; - *"Red Hat"* ) + *"RedHat"* ) LOGGLY_CATALINA_HOME="/usr/share/$1" ;; *"CentOS"* ) @@ -142,7 +233,6 @@ getTomcatHome() ;; esac fi - logMsgToConfigSysLog "INFO" "INFO: CATALINA HOME: $LOGGLY_CATALINA_HOME" } #checks if the catalina home is a valid one by searching for logging.properties and @@ -151,14 +241,14 @@ checkIfValidTomcatHome() { #check if logging.properties files is present if [ ! -f "$LOGGLY_CATALINA_HOME/conf/logging.properties" ]; then - logMsgToConfigSysLog "ERROR" "ERROR: Unable to find conf/logging.properties file within $LOGGLY_CATALINA_HOME. Please provide correct Catalina Home using -ch option." - exit 1 + logMsgToConfigSysLog "WARN" "WARN: Unable to find conf/logging.properties file within $LOGGLY_CATALINA_HOME." + eval $1="false" #check if tomcat is configured as a service. If no, then check if we have access to startup.sh file elif [ ! -f /etc/init.d/$SERVICE ]; then logMsgToConfigSysLog "INFO" "INFO: Tomcat is not configured as a service" if [ ! -f "$LOGGLY_CATALINA_HOME/bin/startup.sh" ]; then - logMsgToConfigSysLog "ERROR" "ERROR: Unable to find bin/startup.sh file within $LOGGLY_CATALINA_HOME. Please provide correct Catalina Home using -ch option." - exit 1 + logMsgToConfigSysLog "WARN" "WARN: Unable to find bin/startup.sh file within $LOGGLY_CATALINA_HOME." + eval $1="false" fi fi } @@ -174,13 +264,17 @@ setTomcatVariables() LOGGLY_CATALINA_LOG_HOME=/var/log/$SERVICE + #if tomcat is not installed as service, then tomcat logs will be created at would be $CATALINA_HOME/log + if [ ! -f "$LOGGLY_CATALINA_LOG_HOME" ]; then + LOGGLY_CATALINA_LOG_HOME=$LOGGLY_CATALINA_HOME/logs + fi + #default path for catalina.jar CATALINA_JAR_PATH=$LOGGLY_CATALINA_HOME/lib/catalina.jar } -#checks if the tomcat version is supported by this script, currently the script -#only supports tomcat 6 and tomcat 7 -checkIfSupportedTomcatVersion() +#get the version of tomcat +getTomcatVersion() { #check if the identified CATALINA_HOME has the catalina.jar if [ ! -f "$CATALINA_JAR_PATH" ]; then @@ -202,12 +296,17 @@ checkIfSupportedTomcatVersion() TOMCAT_VERSION=${TOMCAT_VERSION#*: } TOMCAT_VERSION=$TOMCAT_VERSION | tr -d ' ' APP_TAG="\"tomcat-version\":\"$TOMCAT_VERSION\"" + fi +} - tomcatMajorVersion=${TOMCAT_VERSION%%.*} - if [[ ($tomcatMajorVersion -ne 6 ) && ($tomcatMajorVersion -ne 7) ]]; then - echo "ERROR" "ERROR: This script only supports Tomcat version 6 or 7." - exit 1 - fi +#checks if the tomcat version is supported by this script, currently the script +#only supports tomcat 6 and tomcat 7 +checkIfSupportedTomcatVersion() +{ + tomcatMajorVersion=${TOMCAT_VERSION%%.*} + if [[ ($tomcatMajorVersion -ne 6 ) && ($tomcatMajorVersion -ne 7) ]]; then + logMsgToConfigSysLog "ERROR" "ERROR: This script only supports Tomcat version 6 or 7." + exit 1 fi } @@ -233,6 +332,21 @@ checkIfTomcatConfiguredWithLog4J() logMsgToConfigSysLog "INFO" "INFO: Tomcat seems not to be configured with log4j logger." } +canTomcatBeRestarted() +{ + while true; do + read -p "Tomcat needs to be restarted during configuration. Do you wish to continue? (yes/no)" yn + case $yn in + [Yy]* ) + break;; + [Nn]* ) + logMsgToConfigSysLog "WARN" "WARN: This script must restart Tomcat. Please run the script again when you are ready to restart it. No changes have been made to your system. Exiting." + exit 1 + break;; + * ) echo "Please answer yes or no.";; + esac + done +} #backup the logging.properties file in the CATALINA_HOME folder backupLoggingPropertiesFile() { @@ -326,13 +440,12 @@ write21TomcatConfFile() #function to write the contents of tomcat syslog config file write21TomcatFileContents() { - logMsgToConfigSysLog "INFO" "INFO: Creating file $TOMCAT_SYSLOG_CONFFILE" sudo touch $TOMCAT_SYSLOG_CONFFILE sudo chmod o+w $TOMCAT_SYSLOG_CONFFILE - + imfileStr="\$ModLoad imfile - \$WorkDirectory $SYSLOG_DIR + \$WorkDirectory $RSYSLOG_DIR " if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then imfileStr+="\$PrivDropToGroup adm @@ -415,6 +528,9 @@ write21TomcatFileContents() sudo cat << EOIPFW >> $TOMCAT_SYSLOG_CONFFILE $imfileStr EOIPFW + + #restart the syslog service. + restartRsyslog } #checks if the tomcat logs made to loggly @@ -434,9 +550,7 @@ checkIfTomcatLogsMadeToLoggly() #get the initial count of tomcat logs for past 15 minutes searchAndFetch tomcatInitialLogCount "$queryUrl" - logMsgToConfigSysLog "INFO" "INFO: Restarting rsyslog and tomcat to generate logs for verification." - # restart the syslog service. - restartRsyslog + logMsgToConfigSysLog "INFO" "INFO: Tomcat needs to be restarted to complete the configuration and verification." # restart the tomcat service. restartTomcat @@ -454,7 +568,7 @@ checkIfTomcatLogsMadeToLoggly() searchAndFetch tomcatLatestLogCount "$queryUrl" let counter=$counter+1 if [ "$counter" -gt "$maxCounter" ]; then - logMsgToConfigSysLog "ERROR" "ERROR: Tomcat logs did not make to Loggly in time. Please check your token & network/firewall settings and retry." + logMsgToConfigSysLog "ERROR" "ERROR: Tomcat logs did not make to Loggly in time. Please check network and firewall settings and retry." exit 1 fi done @@ -474,6 +588,9 @@ restoreLogglyPropertiesFile() sudo cp -f $LOGGLY_CATALINA_BACKUP_PROPFILE $LOGGLY_CATALINA_PROPFILE sudo rm -fr $LOGGLY_CATALINA_BACKUP_PROPFILE fi + + logMsgToConfigSysLog "INFO" "INFO: Tomcat needs to be restarted to rollback the configuration." + restartTomcat } #remove 21tomcat.conf file @@ -483,8 +600,9 @@ remove21TomcatConfFile() if [ -f "$TOMCAT_SYSLOG_CONFFILE" ]; then sudo rm -rf "$TOMCAT_SYSLOG_CONFFILE" fi - echo "INFO: Removed all the modified files." - restartTomcat + + #restart rsyslog + restartRsyslog } #restart tomcat @@ -502,7 +620,6 @@ restartTomcat() fi else logMsgToConfigSysLog "INFO" "INFO: $SERVICE is not running as service." - # To be commented only for test logMsgToConfigSysLog "INFO" "INFO: Shutting down tomcat." sudo $LOGGLY_CATALINA_HOME/bin/shutdown.sh if [ $? -ne 0 ]; then @@ -526,9 +643,9 @@ restartTomcat() usage() { cat << EOF -usage: ltomcatsetup [-a loggly auth account or subdomain] [-t loggly token] [-u username] [-p password (optional)] [-ch catalina home (optional)] -usage: ltomcatsetup [-r to rollback] [-ch catalina home (optional)] -usage: ltomcatsetup [-h for help] +usage: configure-tomcat [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-ch catalina home (optional)] +usage: configure-tomcat [-r to rollback] [-a loggly auth account or subdomain] [-ch catalina home (optional)] +usage: configure-tomcat [-h for help] EOF } @@ -571,20 +688,20 @@ while [ "$1" != "" ]; do done fi -if [ "$LOGGLY_DEBUG" != "" -a "$LOGGLY_AUTH_TOKEN" != "" -a "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then +if [ "$LOGGLY_DEBUG" != "" -a "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then if [ "$LOGGLY_PASSWORD" = "" ]; then getPassword fi debug -elif [ "$LOGGLY_AUTH_TOKEN" != "" -a "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then +elif [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then if [ "$LOGGLY_PASSWORD" = "" ]; then getPassword fi installLogglyConfForTomcat -elif [ "$LOGGLY_ROLLBACK" != "" ]; then +elif [ "$LOGGLY_ROLLBACK" != "" -a "$LOGGLY_ACCOUNT" != "" ]; then removeLogglyConfForTomcat else usage fi -########## Get Inputs from User - End ########## \ No newline at end of file +########## Get Inputs from User - End ########## diff --git a/README.md b/README.md index 4a9b276..ae135c5 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,17 @@ install-script ============== -Loggly Sender Installation Script. +Loggly Sender Installation Script. Sends Linux, Tomcat, Apache, Text file and S3 bucket logs to Loggly. -Versions are tagged with the date they are pushed to the S3 bucket. Tag format is: +***Note:*** These scripts support only Loggly **Gen2** account. -yyyy-mm-dd-n -where n is a number, increasing if the same date is re-used. +You can view the **READMEs** of the various installation scripts at the following paths + + +1. Linux Configuration Script +2. Apache Installation Script +3. File Monitoring Configuration Script +4. Tomcat Configuration Script +5. S3 Bucket Configuration Script +6. Nginx Script