diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 846bbdc..da80ebc 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -15,7 +15,7 @@ function ctrl_c() { #name of the current script. This will get overwritten by the child script which calls this SCRIPT_NAME=configure-linux.sh #version of the current script. This will get overwritten by the child script which calls this -SCRIPT_VERSION=1.13 +SCRIPT_VERSION=1.16 #application tag. This will get overwritten by the child script which calls this APP_TAG= @@ -118,7 +118,10 @@ checkLinuxLogglyCompatibility() #checking if syslog-ng is configured as a service checkifSyslogNgConfiguredAsService - + + #check if systemd is present in machine. + checkIfSystemdConfigured + #check if rsyslog is configured as service. If no, then exit checkIfRsyslogConfiguredAsService @@ -130,6 +133,9 @@ checkLinuxLogglyCompatibility() #check if selinux service is enforced. if yes, ask the user to manually disable and exit the script checkIfSelinuxServiceEnforced + + #update rsyslog.conf and adds $MaxMessageSize in it + modifyMaxMessageSize LINUX_ENV_VALIDATED="true" } @@ -158,7 +164,7 @@ installLogglyConf() if [ "$IS_INVOKED" = "" ]; then logMsgToConfigSysLog "SUCCESS" "SUCCESS: Linux system successfully configured to send logs via Loggly." fi - + } #remove loggly configuration from Linux system @@ -176,6 +182,9 @@ removeLogglyConf() #set the basic variables needed by this script setLinuxVariables + #remove systemd-rsyslog configuration + revertSystemdChanges + #remove 22-loggly.conf file remove22LogglyConfFile @@ -189,7 +198,7 @@ removeLogglyConf() #checks if user has root privileges checkIfUserHasRootPrivileges() { - #This script needs to be run as a sudo user + #This script needs to be run as root if [[ $EUID -ne 0 ]]; then logMsgToConfigSysLog "ERROR" "ERROR: This script must be run as root." exit 1 @@ -200,9 +209,9 @@ checkIfUserHasRootPrivileges() checkIfSupportedOS() { getOs - + LINUX_DIST_IN_LOWER_CASE=$(echo $LINUX_DIST | tr "[:upper:]" "[:lower:]") - + case "$LINUX_DIST_IN_LOWER_CASE" in *"ubuntu"* ) echo "INFO: Operating system is Ubuntu." @@ -233,7 +242,7 @@ checkIfSupportedOS() [Yy]* ) break;; [Nn]* ) - exit 1 + exit 1 ;; * ) echo "Please answer yes or no.";; esac @@ -281,7 +290,7 @@ setLinuxVariables() checkIfLogglyServersAccessible() { echo "INFO: Checking if $LOGS_01_HOST is reachable." - if [ $(ping -c 1 $LOGS_01_HOST | grep "1 packets transmitted, 1 received, 0% packet loss" | wc -l) == 1 ]; then + if [ $(ping -c 1 $LOGS_01_HOST | grep "1 packets transmitted, 1 received, 0% packet loss" | wc -l) == 1 ] || [ $(sleep 1 | telnet $LOGS_01_HOST $LOGGLY_SYSLOG_PORT | grep Connected | wc -l) == 1 ]; then echo "INFO: $LOGS_01_HOST is reachable." else logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable. Please check your network and firewall settings." @@ -303,7 +312,7 @@ checkIfLogglyServersAccessible() logMsgToConfigSysLog "ERROR" "ERROR: This is not a recognized subdomain. Please ask the account owner for the subdomain they signed up with." exit 1 fi - + echo "INFO: Checking if Gen2 account." if [ $(curl -s --head --request GET $LOGGLY_ACCOUNT_URL/apiv2/customer | grep "404 NOT FOUND" | wc -l) == 1 ]; then logMsgToConfigSysLog "ERROR" "ERROR: This scripts need a Gen2 account. Please contact Loggly support." @@ -343,7 +352,7 @@ getAuthToken() tokenstr=${tokenstr#*\"} LOGGLY_AUTH_TOKEN=$tokenstr - + logMsgToConfigSysLog "INFO" "INFO: Retrieved authentication token: $LOGGLY_AUTH_TOKEN" fi } @@ -365,17 +374,19 @@ checkIfRsyslogConfiguredAsService() { if [ -f /etc/init.d/$RSYSLOG_SERVICE ]; then logMsgToConfigSysLog "INFO" "INFO: $RSYSLOG_SERVICE is present as service." + elif [ -f /usr/lib/systemd/system/$RSYSLOG_SERVICE.service ]; then + logMsgToConfigSysLog "INFO" "INFO: $RSYSLOG_SERVICE is present as service." else logMsgToConfigSysLog "ERROR" "ERROR: $RSYSLOG_SERVICE is not present as service." exit 1 fi - + #checking if syslog-ng is running as a service checkifSyslogNgConfiguredAsService - + if [ $(ps -A | grep "$RSYSLOG_SERVICE" | wc -l) -eq 0 ]; then logMsgToConfigSysLog "INFO" "INFO: $RSYSLOG_SERVICE is not running. Attempting to start service." - sudo service $RSYSLOG_SERVICE start + service $RSYSLOG_SERVICE start fi } @@ -387,6 +398,19 @@ checkifSyslogNgConfiguredAsService() fi } +#check if systemd is present in machine. +checkIfSystemdConfigured() +{ + FILE="/etc/systemd/journald.conf"; + if [ -f "$FILE" ]; then + logMsgToConfigSysLog "INFO" "INFO: Systemd is present. Configuring logs from Systemd to rsyslog." + cp /etc/systemd/journald.conf /etc/systemd/journald.conf.loggly.bk + sed -i 's/.*ForwardToSyslog.*/ForwardToSyslog=Yes/g' /etc/systemd/journald.conf + logMsgToConfigSysLog "INFO" "INFO: Restarting Systemd-journald" + systemctl restart systemd-journald + fi +} + #check if multiple versions of rsyslog is configured checkIfMultipleRsyslogConfigured() { @@ -399,7 +423,7 @@ checkIfMultipleRsyslogConfigured() #check if minimum version of rsyslog required to configure loggly is met checkIfMinVersionOfRsyslog() { - RSYSLOG_VERSION=$(sudo $RSYSLOGD -version | grep "$RSYSLOGD") + RSYSLOG_VERSION=$($RSYSLOGD -version | grep "$RSYSLOGD") RSYSLOG_VERSION=${RSYSLOG_VERSION#* } RSYSLOG_VERSION=${RSYSLOG_VERSION%,*} RSYSLOG_VERSION=$RSYSLOG_VERSION | tr -d " " @@ -415,12 +439,23 @@ checkIfSelinuxServiceEnforced() isSelinuxInstalled=$(getenforce -ds 2>/dev/null) if [ $? -ne 0 ]; then logMsgToConfigSysLog "INFO" "INFO: selinux status is not enforced." - elif [ $(sudo getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then + elif [ $(getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please disable it and start the rsyslog daemon manually." exit 1 fi } +#update rsyslog.conf and adds $MaxMessageSize in it +modifyMaxMessageSize() +{ + if grep -q '$MaxMessageSize' "/etc/rsyslog.conf"; then + sed -i 's/.*$MaxMessageSize.*/$MaxMessageSize 64k/g' /etc/rsyslog.conf + else + sed -i '1 a $MaxMessageSize 64k' /etc/rsyslog.conf + fi + logMsgToConfigSysLog "INFO" "INFO: Modified \$MaxMessageSize to 64k in rsyslog.conf" +} + #check if authentication token is valid and then write contents to 22-loggly.conf file to /etc/rsyslog.d directory checkAuthTokenAndWriteContents() { @@ -461,24 +496,24 @@ inputStr=" " if [ -f "$LOGGLY_RSYSLOG_CONFFILE" ]; then logMsgToConfigSysLog "INFO" "INFO: Loggly rsyslog file $LOGGLY_RSYSLOG_CONFFILE already exist." - + STR_SIZE=${#inputStr} SIZE_FILE=$(stat -c%s "$LOGGLY_RSYSLOG_CONFFILE") - + #actual file size and variable size with same contents always differ in size with one byte STR_SIZE=$(( STR_SIZE + 1 )) - + if [ "$STR_SIZE" -ne "$SIZE_FILE" ]; then - + logMsgToConfigSysLog "WARN" "WARN: Loggly rsyslog file /etc/rsyslog.d/22-loggly.conf content has changed." if [ "$SUPPRESS_PROMPT" == "false" ]; then - while true; + while true; do read -p "Do you wish to override $LOGGLY_RSYSLOG_CONFFILE and re-verify configuration? (yes/no)" yn case $yn in [Yy]* ) logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $LOGGLY_RSYSLOG_CONFFILE to $LOGGLY_RSYSLOG_CONFFILE_BACKUP"; - sudo mv -f $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP; + mv -f $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP; WRITE_SCRIPT_CONTENTS="true" break;; [Nn]* ) @@ -490,7 +525,7 @@ inputStr=" done else logMsgToConfigSysLog "INFO" "INFO: Going to back up the conf file: $LOGGLY_RSYSLOG_CONFFILE to $LOGGLY_RSYSLOG_CONFFILE_BACKUP"; - sudo mv -f $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP; + mv -f $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP; WRITE_SCRIPT_CONTENTS="true" fi else @@ -499,13 +534,13 @@ inputStr=" else WRITE_SCRIPT_CONTENTS="true" fi - + if [ "$WRITE_SCRIPT_CONTENTS" == "true" ]; then -sudo cat << EOIPFW >> $LOGGLY_RSYSLOG_CONFFILE +cat << EOIPFW >> $LOGGLY_RSYSLOG_CONFFILE $inputStr EOIPFW - + fi } @@ -517,13 +552,13 @@ createRsyslogDir() logMsgToConfigSysLog "INFO" "INFO: $RSYSLOG_DIR already exist, so not creating directory." if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then logMsgToConfigSysLog "INFO" "INFO: Changing the permission on the rsyslog in /var/spool" - sudo chown -R syslog:adm $RSYSLOG_DIR + chown -R syslog:adm $RSYSLOG_DIR fi else logMsgToConfigSysLog "INFO" "INFO: Creating directory $SYSLOGDIR" - sudo mkdir -v $RSYSLOG_DIR + mkdir -v $RSYSLOG_DIR if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then - sudo chown -R syslog:adm $RSYSLOG_DIR + chown -R syslog:adm $RSYSLOG_DIR fi fi } @@ -577,7 +612,18 @@ checkIfLogsMadeToLoggly() remove22LogglyConfFile() { if [ -f "$LOGGLY_RSYSLOG_CONFFILE" ]; then - sudo rm -rf "$LOGGLY_RSYSLOG_CONFFILE" + rm -rf "$LOGGLY_RSYSLOG_CONFFILE" + fi +} + +revertSystemdChanges() +{ + FILE="/etc/systemd/journald.conf.loggly.bk"; + if [ -f "$FILE" ]; then + cp /etc/systemd/journald.conf.loggly.bk /etc/systemd/journald.conf + rm /etc/systemd/journald.conf.loggly.bk + logMsgToConfigSysLog "INFO" "INFO: Reverted Systemd-rsyslog configuration" + systemctl restart systemd-journald fi } @@ -603,7 +649,7 @@ compareVersions () restartRsyslog() { logMsgToConfigSysLog "INFO" "INFO: Restarting the $RSYSLOG_SERVICE service." - sudo service $RSYSLOG_SERVICE restart + service $RSYSLOG_SERVICE restart if [ $? -ne 0 ]; then logMsgToConfigSysLog "WARNING" "WARNING: $RSYSLOG_SERVICE did not restart gracefully. Please restart $RSYSLOG_SERVICE manually." fi @@ -666,9 +712,9 @@ sendPayloadToConfigSysLog() searchAndFetch() { url=$2 - + result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") - + if [ -z "$result" ]; then logMsgToConfigSysLog "ERROR" "ERROR: Please check your network/firewall settings & ensure Loggly subdomain, username and password is specified correctly." exit 1 @@ -687,7 +733,7 @@ searchAndFetch() eval $1="'$count'" if [ "$count" -gt 0 ]; then timestamp=$(echo "$result" | grep timestamp) - fi + fi } #get password in the form of asterisk @@ -774,4 +820,4 @@ fi ########## Get Inputs from User - End ########## ------------------------------------------------------- # End of Syslog Logging Directives for Loggly -# +# diff --git a/Linux Script/update-loggly-certificate.sh b/Linux Script/update-loggly-certificate.sh new file mode 100644 index 0000000..a7a6ead --- /dev/null +++ b/Linux Script/update-loggly-certificate.sh @@ -0,0 +1,740 @@ +#!/bin/bash + +#trapping Control + C +#these statements must be the first statements in the script to trap the CTRL C event + +trap ctrl_c INT + +function ctrl_c() { + logMsgToConfigSysLog "INFO" "INFO: Aborting the script." + exit 1 +} + +########## Variable Declarations - Start ########## + +#name of the current script. This will get overwritten by the child script which calls this +SCRIPT_NAME=update-loggly-certificate.sh +#version of the current script. This will get overwritten by the child script which calls this +SCRIPT_VERSION=1.0 + +#application tag. This will get overwritten by the child script which calls this +APP_TAG= + +#directory location for syslog +RSYSLOG_ETCDIR_CONF=/etc/rsyslog.d +#name and location of loggly syslog file +LOGGLY_RSYSLOG_CONFFILE=$RSYSLOG_ETCDIR_CONF/22-loggly.conf +#name and location of loggly syslog backup file +LOGGLY_RSYSLOG_CONFFILE_BACKUP=$LOGGLY_RSYSLOG_CONFFILE.loggly.bk + +#syslog directory +RSYSLOG_DIR=/var/spool/rsyslog +#rsyslog service name +RSYSLOG_SERVICE=rsyslog +#syslog-ng +SYSLOG_NG_SERVICE=syslog-ng +#rsyslogd +RSYSLOGD=rsyslogd +#minimum version of rsyslog to enable logging to loggly +MIN_RSYSLOG_VERSION=5.8.0 +#this variable will hold the users syslog version +RSYSLOG_VERSION= + +#this variable will hold the host name +HOST_NAME= +#this variable will hold the name of the linux distribution +LINUX_DIST= + +#this variable will hold if the script is for test +TEST_MODE="true" + +#host name for logs-01.loggly.com +LOGS_01_HOST=logs-01.loggly.com +LOGS_01_URL=https://$LOGS_01_HOST +#this variable will contain loggly account url in the format https://$LOGGLY_ACCOUNT.loggly.com +LOGGLY_ACCOUNT_URL= +#loggly.com URL +LOGGLY_COM_URL=https://www.loggly.com + +######Inputs provided by user###### +#this variable will hold the loggly account name provided by user. +#this is a mandatory input +LOGGLY_ACCOUNT= +#this variable will hold the loggly authentication token provided by user. +#this is a mandatory input +LOGGLY_AUTH_TOKEN= +#this variable will identify if the user has selected to rollback settings +LOGGLY_ROLLBACK= +#this variable will hold the user name provided by user +#this is a mandatory input +LOGGLY_USERNAME= +#this variable will hold the password provided by user +#this is a mandatory input +LOGGLY_PASSWORD= + +#if this variable is set to true then suppress all prompts +SUPPRESS_PROMPT="false" + +#variables used in 22-loggly.conf file +LOGGLY_SYSLOG_PORT=6514 +LOGGLY_DISTRIBUTION_ID="41058" + +#Instruction link on how to configure rsyslog TLS on linux manually. This will get overwritten by the child script which calls this +#on how to configure the child application +MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure rsyslog TLS on Linux are available at https://www.loggly.com/docs/rsyslog-tls-configuration/." + +#this variable is set if the script is invoked via some other calling script +IS_INVOKED= + +#this variable will hold if the check env function for linux is invoked +LINUX_ENV_VALIDATED="false" + +#this variable will inform if verification needs to be performed +LINUX_DO_VERIFICATION="true" + +########## Variable Declarations - End ########## + + +#check if the Linux environment is compatible with Loggly. +#Also set few variables after the check. +checkLinuxLogglyCompatibility() +{ + #check if the user has root permission to run this script + checkIfUserHasRootPrivileges + + #check if the OS is supported by the script. If no, then exit + checkIfSupportedOS + + #set the basic variables needed by this script + setLinuxVariables + + #check if the Loggly servers are accessible. If no, ask user to check network connectivity & exit + checkIfLogglyServersAccessible + + #check if user credentials are valid. If no, then exit + checkIfValidUserNamePassword + + #get authentication token if not provided + getAuthToken + + #check if authentication token is valid. If no, then exit. + checkIfValidAuthToken + + #checking if syslog-ng is configured as a service + checkifSyslogNgConfiguredAsService + + #check if rsyslog is configured as service. If no, then exit + checkIfRsyslogConfiguredAsService + + #check if multiple rsyslog are present in the system. If yes, then exit + checkIfMultipleRsyslogConfigured + + #check for the minimum version of rsyslog i.e 5.8.0. If no, then exit + checkIfMinVersionOfRsyslog + + #check if selinux service is enforced. if yes, ask the user to manually disable and exit the script + checkIfSelinuxServiceEnforced + + LINUX_ENV_VALIDATED="true" +} + +# executing the script for loggly to install and configure rsyslog. +installLogglyConf() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating TLS Certificate upgrade in Loggly Configuration." + + if [ "$LINUX_ENV_VALIDATED" = "false" ]; then + checkLinuxLogglyCompatibility + fi + + #write new sha2 certificate + updateCertificate + + #restart rsyslog service + restartRsyslog + + if [ "$TEST_MODE" = "true" ]; then + + #call changeHostFile to test collector + updateHostsFile + + #check if the logs are going to loggly fro linux system now + checkIfLogsMadeToLoggly + + else + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Successfully upgraded TLS Certificate for Loggly configuration" + fi +} + +#revert loggly TLS Certificate upgrade from Linux system +revertTLSchanges() +{ + #log message indicating starting of Loggly configuration + logMsgToConfigSysLog "INFO" "INFO: Initiating restore of rsyslog-tls" + + #check if the user has root permission to run this script + checkIfUserHasRootPrivileges + + #check if the OS is supported by the script. If no, then exit + checkIfSupportedOS + + #set the basic variables needed by this script + setLinuxVariables + + #remove 22-loggly.conf file + remove22LogglyTLSChange + + #restart rsyslog service + restartRsyslog + + #log success message + logMsgToConfigSysLog "SUCCESS" "SUCCESS: TLS Changes have been reverted." +} + +#checks if user has root privileges +checkIfUserHasRootPrivileges() +{ + #This script needs to be run as a sudo user + if [[ $EUID -ne 0 ]]; then + logMsgToConfigSysLog "ERROR" "ERROR: This script must be run as root." + exit 1 + fi +} + +#check if supported operating system +checkIfSupportedOS() +{ + getOs + + LINUX_DIST_IN_LOWER_CASE=$(echo $LINUX_DIST | tr "[:upper:]" "[:lower:]") + + case "$LINUX_DIST_IN_LOWER_CASE" in + *"ubuntu"* ) + echo "INFO: Operating system is Ubuntu." + ;; + *"redhat"* ) + echo "INFO: Operating system is Red Hat." + ;; + *"centos"* ) + echo "INFO: Operating system is CentOS." + ;; + *"debian"* ) + echo "INFO: Operating system is Debian." + ;; + *"amazon"* ) + echo "INFO: Operating system is Amazon AMI." + ;; + *"darwin"* ) + #if the OS is mac then exit + logMsgToConfigSysLog "ERROR" "ERROR: This script is for Linux systems, and Darwin or Mac OSX are not currently supported. You can find alternative options here: https://www.loggly.com/docs/send-mac-logs-to-loggly/" + exit 1 + ;; + * ) + logMsgToConfigSysLog "WARN" "WARN: The linux distribution '$LINUX_DIST' has not been previously tested with Loggly." + if [ "$SUPPRESS_PROMPT" == "false" ]; then + while true; do + read -p "Would you like to continue anyway? (yes/no)" yn + case $yn in + [Yy]* ) + break;; + [Nn]* ) + exit 1 + ;; + * ) echo "Please answer yes or no.";; + esac + done + fi + ;; + esac +} + +getOs() +{ + # Determine OS platform + UNAME=$(uname | tr "[:upper:]" "[:lower:]") + # If Linux, try to determine specific distribution + if [ "$UNAME" == "linux" ]; then + # If available, use LSB to identify distribution + if [ -f /etc/lsb-release -o -d /etc/lsb-release.d ]; then + LINUX_DIST=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//) + # If system-release is available, then try to identify the name + elif [ -f /etc/system-release ]; then + LINUX_DIST=$(cat /etc/system-release | cut -f 1 -d " ") + # Otherwise, use release info file + else + LINUX_DIST=$(ls -d /etc/[A-Za-z]*[_-][rv]e[lr]* | grep -v "lsb" | cut -d'/' -f3 | cut -d'-' -f1 | cut -d'_' -f1) + fi + fi + + # For everything else (or if above failed), just use generic identifier + if [ "$LINUX_DIST" == "" ]; then + LINUX_DIST=$(uname) + fi +} + +#sets linux variables which will be used across various functions +setLinuxVariables() +{ + #set host name + HOST_NAME=$(hostname) + + #set loggly account url + LOGGLY_ACCOUNT_URL=https://$LOGGLY_ACCOUNT.loggly.com +} + +#checks if all the various endpoints used for configuring loggly are accessible +checkIfLogglyServersAccessible() +{ + echo "INFO: Checking if $LOGS_01_HOST is reachable." + if [ $(ping -c 1 $LOGS_01_HOST | grep "1 packets transmitted, 1 received, 0% packet loss" | wc -l) == 1 ] || [ $(sleep 1 | telnet $LOGS_01_HOST $LOGGLY_SYSLOG_PORT | grep Connected | wc -l) == 1 ]; then + echo "INFO: $LOGS_01_HOST is reachable." + else + logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable. Please check your network and firewall settings." + exit 1 + fi + + echo "INFO: Checking if $LOGS_01_HOST is reachable via $LOGGLY_SYSLOG_PORT port. This may take some time." + if [ $(curl --connect-timeout 10 $LOGS_01_HOST:$LOGGLY_SYSLOG_PORT 2>&1 | grep "Empty reply from server" | wc -l) == 1 ]; then + echo "INFO: $LOGS_01_HOST is reachable via $LOGGLY_SYSLOG_PORT port." + else + logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable via $LOGGLY_SYSLOG_PORT port. Please check your network and firewall settings." + exit 1 + fi + + echo "INFO: Checking if '$LOGGLY_ACCOUNT' subdomain is valid." + if [ $(curl -s --head --request GET $LOGGLY_ACCOUNT_URL/login | grep "200 OK" | wc -l) == 1 ]; then + echo "INFO: $LOGGLY_ACCOUNT_URL is valid and reachable." + else + logMsgToConfigSysLog "ERROR" "ERROR: This is not a recognized subdomain. Please ask the account owner for the subdomain they signed up with." + exit 1 + fi + + echo "INFO: Checking if Gen2 account." + if [ $(curl -s --head --request GET $LOGGLY_ACCOUNT_URL/apiv2/customer | grep "404 NOT FOUND" | wc -l) == 1 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: This scripts need a Gen2 account. Please contact Loggly support." + exit 1 + else + echo "INFO: It is a Gen2 account." + fi +} + +#check if user name and password is valid +checkIfValidUserNamePassword() +{ + echo "INFO: Checking if provided username and password is correct." + if [ $(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $LOGGLY_ACCOUNT_URL/apiv2/customer | grep "Unauthorized" | wc -l) == 1 ]; then + logMsgToConfigSysLog "INFO" "INFO: Please check your username or reset your password at $LOGGLY_ACCOUNT_URL/account/users/" + logMsgToConfigSysLog "ERROR" "ERROR: Invalid Loggly username or password. Your username is visible at the top right of the Loggly console before the @ symbol. You can reset your password at http://.loggly.com/login." + exit 1 + else + logMsgToConfigSysLog "INFO" "INFO: Username and password authorized successfully." + fi +} + +getAuthToken() +{ + if [ "$LOGGLY_AUTH_TOKEN" = "" ]; then + logMsgToConfigSysLog "INFO" "INFO: Authentication token not provided. Trying to retrieve it from $LOGGLY_ACCOUNT_URL account." + #get authentication token if user has not provided one + tokenstr=$(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $LOGGLY_ACCOUNT_URL/apiv2/customer | grep -v "token") + + #get the string from index 0 to first occurence of , + tokenstr=${tokenstr%%,*} + + #get the string from index 0 to last occurence of " + tokenstr=${tokenstr%\"*} + + #get the string from first occurence of " to the end + tokenstr=${tokenstr#*\"} + + LOGGLY_AUTH_TOKEN=$tokenstr + + logMsgToConfigSysLog "INFO" "INFO: Retrieved authentication token: $LOGGLY_AUTH_TOKEN" + fi +} + +#check if authentication token is valid +checkIfValidAuthToken() +{ + echo "INFO: Checking if provided auth token is correct." + if [ $(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $LOGGLY_ACCOUNT_URL/apiv2/customer | grep \"$LOGGLY_AUTH_TOKEN\" | wc -l) == 1 ]; then + logMsgToConfigSysLog "INFO" "INFO: Authentication token validated successfully." + else + logMsgToConfigSysLog "ERROR" "ERROR: Invalid authentication token $LOGGLY_AUTH_TOKEN. You can get valid authentication token by following instructions at https://www.loggly.com/docs/customer-token-authentication-token/." + exit 1 + fi +} + +#check if rsyslog is configured as service. If it is configured as service and not started, start the service +checkIfRsyslogConfiguredAsService() +{ + if [ -f /etc/init.d/$RSYSLOG_SERVICE ]; then + logMsgToConfigSysLog "INFO" "INFO: $RSYSLOG_SERVICE is present as service." + else + logMsgToConfigSysLog "ERROR" "ERROR: $RSYSLOG_SERVICE is not present as service." + exit 1 + fi + + #checking if syslog-ng is running as a service + checkifSyslogNgConfiguredAsService + + if [ $(ps -A | grep "$RSYSLOG_SERVICE" | wc -l) -eq 0 ]; then + logMsgToConfigSysLog "INFO" "INFO: $RSYSLOG_SERVICE is not running. Attempting to start service." + sudo service $RSYSLOG_SERVICE start + fi +} + +checkifSyslogNgConfiguredAsService() +{ + if [ $(ps -A | grep "$SYSLOG_NG_SERVICE" | wc -l) -gt 0 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: This script does not currently support syslog-ng. Please follow the instructions on this page https://www.loggly.com/docs/syslog-ng-manual-configuration" + exit 1 + fi +} + +#check if multiple versions of rsyslog is configured +checkIfMultipleRsyslogConfigured() +{ + if [ $(ps -A | grep "$RSYSLOG_SERVICE" | wc -l) -gt 1 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Multiple (more than 1) $RSYSLOG_SERVICE is running." + exit 1 + fi +} + +#check if minimum version of rsyslog required to configure loggly is met +checkIfMinVersionOfRsyslog() +{ + RSYSLOG_VERSION=$(sudo $RSYSLOGD -version | grep "$RSYSLOGD") + RSYSLOG_VERSION=${RSYSLOG_VERSION#* } + RSYSLOG_VERSION=${RSYSLOG_VERSION%,*} + RSYSLOG_VERSION=$RSYSLOG_VERSION | tr -d " " + if [ $(compareVersions $RSYSLOG_VERSION $MIN_RSYSLOG_VERSION 3) -lt 0 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Min rsyslog version required is 5.8.0." + exit 1 + fi +} + +#check if SeLinux service is enforced +checkIfSelinuxServiceEnforced() +{ + isSelinuxInstalled=$(getenforce -ds 2>/dev/null) + if [ $? -ne 0 ]; then + logMsgToConfigSysLog "INFO" "INFO: selinux status is not enforced." + elif [ $(sudo getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please disable it and start the rsyslog daemon manually." + exit 1 + fi +} + +#create /etc/rsyslog.d/keys/ca.d directory and installs the certificates +updateCertificate() +{ + CURRENT_CRT_CONF="$(grep '.crt' $LOGGLY_RSYSLOG_CONFFILE)" + CURRENT_CRT_COUNT="$(grep '.crt' $LOGGLY_RSYSLOG_CONFFILE | wc -l)" + if [ $CURRENT_CRT_COUNT -gt 0 ]; then + + DIRECTORY_K="/etc/rsyslog.d/keys"; + DIRECTORY_CA="/etc/rsyslog.d/keys/ca.d"; + + if [ ! -d "$DIRECTORY_K" ]; then + logMsgToConfigSysLog "INFO" "INFO: Making directories /etc/rsyslog.d/keys/ca.d" + sudo mkdir /etc/rsyslog.d/keys + sudo mkdir /etc/rsyslog.d/keys/ca.d + elif [ -d "$DIRECTORY_K" ]; then + if [ ! -d "$DIRECTORY_CA" ]; then + sudo mkdir /etc/rsyslog.d/keys/ca.d + fi + else + logMsgToConfigSysLog "INFO" "INFO: Directories /etc/rsyslog.d/keys/ca.d already exists" + fi + + cd /etc/rsyslog.d/keys/ca.d/ + + logMsgToConfigSysLog "INFO" "INFO: Downloading required certificates" + sudo curl -O https://logdog.loggly.com/media/logs-01.loggly.com_sha12.crt + sudo cat logs-01.loggly.com_sha12.crt > loggly_full_sha12.crt + + #taking backup and changing path in 22-loggly.conf + sudo cp $LOGGLY_RSYSLOG_CONFFILE $LOGGLY_RSYSLOG_CONFFILE_BACKUP + NEW_CRT_CONF="\$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/loggly_full_sha12.crt" + sed -i "s%$CURRENT_CRT_CONF%$NEW_CRT_CONF%g" $LOGGLY_RSYSLOG_CONFFILE + logMsgToConfigSysLog "INFO" "INFO: Upgraded TLS Certificate for Loggly configuration" + else + logMsgToConfigSysLog "INFO" "INFO: Rsyslog TLS is not configured." + logMsgToConfigSysLog "ERROR" "INFO: Please configure Rsyslog TLS first and then retry updating the certificate." + fi +} + +#Updates the /etc/hosts file with test collectorIP and creates backup of file +updateHostsFile() +{ + sudo sed -i '$ a\ '"52.1.106.130 logs-01.loggly.com" /etc/hosts + logMsgToConfigSysLog "INFO" "INFO: Hosts file Updated" + sleep 15 +} + + +#check if the logs made it to Loggly +checkIfLogsMadeToLoggly() +{ + logMsgToConfigSysLog "INFO" "INFO: Sending test message to Loggly." + uuid=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) + + queryParam="syslog.appName%3ALOGGLYVERIFY%20$uuid" + logger -t "LOGGLYVERIFY" "LOGGLYVERIFY-Test message for verification with UUID $uuid" + + #sleeps for 2 seconds before restoring hosts file + sleep 2 + + #restores hosts file to its earlier state + restoreHostFile + + counter=1 + maxCounter=10 + finalCount=0 + + queryUrl="$LOGGLY_ACCOUNT_URL/apiv2/search?q=$queryParam" + logMsgToConfigSysLog "INFO" "INFO: Search URL: $queryUrl" + + logMsgToConfigSysLog "INFO" "INFO: Verifying if the log made it to Loggly." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + searchAndFetch finalCount "$queryUrl" + let counter=$counter+1 + + while [ "$finalCount" -eq 0 ]; do + echo "INFO: Did not find the test log message in Loggly's search yet. Waiting for 50 secs." + sleep 50 + echo "INFO: Done waiting. Verifying again." + logMsgToConfigSysLog "INFO" "INFO: Verification # $counter of total $maxCounter." + searchAndFetch finalCount "$queryUrl" + let counter=$counter+1 + if [ "$counter" -gt "$maxCounter" ]; then + + logMsgToConfigSysLog "ERROR" "ERROR: Logs did not make to Loggly in time. Please check network and firewall settings and retry." + exit 1 + fi + done + + if [ "$finalCount" -eq 1 ]; then + logMsgToConfigSysLog "SUCCESS" "SUCCESS: Verification logs successfully transferred to Loggly! You have now upgraded TLS Certificate for Loggly configuration" + fi + +} + +#restores host file to its original state +restoreHostFile() +{ + if grep -q '52.1.106.130 logs-01.loggly.com' "/etc/hosts";then + sed -i -e '/52.1.106.130 logs-01.loggly.com/d' /etc/hosts + fi + logMsgToConfigSysLog "INFO" "INFO: Hosts file Restored" +} + +#delete 22-loggly.conf file +remove22LogglyTLSChange() +{ + CURRENT_CRT_COUNT="$(grep '.crt' $LOGGLY_RSYSLOG_CONFFILE | wc -l)" + if [ $CURRENT_CRT_COUNT -gt 0 ]; then + if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then + sudo rm -rf $LOGGLY_RSYSLOG_CONFFILE + sudo cp $LOGGLY_RSYSLOG_CONFFILE_BACKUP $LOGGLY_RSYSLOG_CONFFILE + fi + else + logMsgToConfigSysLog "INFO" "INFO: Rsyslog TLS is not configured." + exit 1 + fi +} + +#compares two version numbers, used for comparing versions of various softwares +compareVersions () +{ + typeset IFS='.' + typeset -a v1=( $1 ) + typeset -a v2=( $2 ) + typeset n diff + + for (( n=0; n<$3; n+=1 )); do + diff=$((v1[n]-v2[n])) + if [ $diff -ne 0 ] ; then + [ $diff -le 0 ] && echo '-1' || echo '1' + return + fi + done + echo '0' +} + +#restart rsyslog +restartRsyslog() +{ + logMsgToConfigSysLog "INFO" "INFO: Restarting the $RSYSLOG_SERVICE service." + sudo service $RSYSLOG_SERVICE restart + if [ $? -ne 0 ]; then + logMsgToConfigSysLog "WARNING" "WARNING: $RSYSLOG_SERVICE did not restart gracefully. Please restart $RSYSLOG_SERVICE manually." + fi +} + +#logs message to config syslog +logMsgToConfigSysLog() +{ + #$1 variable will be SUCCESS or ERROR or INFO or WARNING + #$2 variable will be the message + cslStatus=$1 + cslMessage=$2 + echo "$cslMessage" + currentTime=$(date) + + #for Linux system, we need to use -d switch to decode base64 whereas + #for Mac system, we need to use -D switch to decode + varUname=$(uname) + if [[ $varUname == 'Linux' ]]; then + enabler=$(echo -n MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -d) + elif [[ $varUname == 'Darwin' ]]; then + enabler=$(echo MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -D) + fi + + if [ $? -ne 0 ]; then + echo "ERROR: Base64 decode is not supported on your Operating System. Please update your system to support Base64." + exit 1 + fi + + sendPayloadToConfigSysLog "$cslStatus" "$cslMessage" "$enabler" + + #if it is an error, then log message "Script Failed" to config syslog and exit the script + if [[ $cslStatus == "ERROR" ]]; then + sendPayloadToConfigSysLog "ERROR" "Script Failed" "$enabler" + if [ "$varUname" != "Darwin" ]; then + echo $MANUAL_CONFIG_INSTRUCTION + fi + exit 1 + fi + + #if it is a success, then log message "Script Succeeded" to config syslog and exit the script + if [[ $cslStatus == "SUCCESS" ]]; then + sendPayloadToConfigSysLog "SUCCESS" "Script Succeeded" "$enabler" + exit 0 + fi +} + +#payload construction to send log to config syslog +sendPayloadToConfigSysLog() +{ + if [ "$APP_TAG" = "" ]; then + var="{\"sub-domain\":\"$LOGGLY_ACCOUNT\", \"user-name\":\"$LOGGLY_USERNAME\", \"customer-token\":\"$LOGGLY_AUTH_TOKEN\", \"host-name\":\"$HOST_NAME\", \"script-name\":\"$SCRIPT_NAME\", \"script-version\":\"$SCRIPT_VERSION\", \"status\":\"$1\", \"time-stamp\":\"$currentTime\", \"linux-distribution\":\"$LINUX_DIST\", \"messages\":\"$2\",\"rsyslog-version\":\"$RSYSLOG_VERSION\"}" + else + var="{\"sub-domain\":\"$LOGGLY_ACCOUNT\", \"user-name\":\"$LOGGLY_USERNAME\", \"customer-token\":\"$LOGGLY_AUTH_TOKEN\", \"host-name\":\"$HOST_NAME\", \"script-name\":\"$SCRIPT_NAME\", \"script-version\":\"$SCRIPT_VERSION\", \"status\":\"$1\", \"time-stamp\":\"$currentTime\", \"linux-distribution\":\"$LINUX_DIST\", $APP_TAG, \"messages\":\"$2\",\"rsyslog-version\":\"$RSYSLOG_VERSION\"}" + fi + curl -s -H "content-type:application/json" -d "$var" $LOGS_01_URL/inputs/$3 > /dev/null 2>&1 +} + +#$1 return the count of records in loggly, $2 is the query param to search in loggly +searchAndFetch() +{ + url=$2 + + result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") + + if [ -z "$result" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: Please check your network/firewall settings & ensure Loggly subdomain, username and password is specified correctly." + exit 1 + fi + id=$(echo "$result" | grep -v "{" | grep id | awk '{print $2}') + # strip last double quote from id + id="${id%\"}" + # strip first double quote from id + id="${id#\"}" + url="$LOGGLY_ACCOUNT_URL/apiv2/events?rsid=$id" + + # retrieve the data + result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") + count=$(echo "$result" | grep total_events | awk '{print $2}') + count="${count%\,}" + eval $1="'$count'" + if [ "$count" -gt 0 ]; then + timestamp=$(echo "$result" | grep timestamp) + fi +} + +#get password in the form of asterisk +getPassword() +{ + unset LOGGLY_PASSWORD + prompt="Please enter Loggly Password:" + while IFS= read -p "$prompt" -r -s -n 1 char + do + if [[ $char == $'\0' ]] + then + break + fi + prompt='*' + LOGGLY_PASSWORD+="$char" + done + echo +} + +#display usage syntax +usage() +{ +cat << EOF +usage: update-loggly-certificate [-a loggly auth account or subdomain] [-u loggly username] [-t loggly token (optional)] [-p password (optional)] [ -notest to disable test mode (optional)] [-s suppress prompts {optional)] +usage: update-loggly-certificate [-a loggly auth account or subdomain] [-r to remove] +usage: update-loggly-certificate [-h for help] +EOF +} + +########## Get Inputs from User - Start ########## +if [ $# -eq 0 ]; then + usage + exit +else + while [ "$1" != "" ]; do + case $1 in + -t | --token ) shift + LOGGLY_AUTH_TOKEN=$1 + echo "AUTH TOKEN $LOGGLY_AUTH_TOKEN" + ;; + -a | --account ) shift + LOGGLY_ACCOUNT=$1 + echo "Loggly account or subdomain: $LOGGLY_ACCOUNT" + ;; + -notest | --notest ) shift + TEST_MODE="false" + logMsgToConfigSysLog "INFO" "INFO: Test mode disabled" + ;; + -u | --username ) shift + LOGGLY_USERNAME=$1 + echo "Username is set" + ;; + -p | --password ) shift + LOGGLY_PASSWORD=$1 + ;; + -r | --remove ) + TLS_RESET="true" + ;; + -s | --suppress ) + SUPPRESS_PROMPT="true" + ;; + -h | --help) + usage + exit + ;; + *) usage + exit + ;; + esac + shift + done +fi + +if [ "$TLS_RESET" != "" -a "$LOGGLY_ACCOUNT" != "" ]; then + revertTLSchanges +elif [ "$LOGGLY_ACCOUNT" != "" -a "$LOGGLY_USERNAME" != "" ]; then + if [ "$LOGGLY_PASSWORD" = "" ]; then + getPassword + fi + installLogglyConf +else + usage +fi +########## Get Inputs from User - End ########## ------------------------------------------------------- +# End of Syslog Logging Directives for Loggly diff --git a/Mac Script/configure-mac.sh b/Mac Script/configure-mac.sh index 65fe6a8..6ed7c3e 100644 --- a/Mac Script/configure-mac.sh +++ b/Mac Script/configure-mac.sh @@ -15,7 +15,7 @@ function ctrl_c() { #name of the current script. This will get overwritten by the child script which calls this SCRIPT_NAME=configure-mac.sh #version of the current script. This will get overwritten by the child script which calls this -SCRIPT_VERSION=1.1 +SCRIPT_VERSION=1.4 #application tag. This will get overwritten by the child script which calls this APP_TAG= @@ -47,6 +47,9 @@ LOGGLY_ACCOUNT_URL= #loggly.com URL LOGGLY_COM_URL=https://www.loggly.com +#installation directory +LOGGLY_HOME=$HOME/.loggly + ######Inputs provided by user###### #this variable will hold the loggly account name provided by user. #this is a mandatory input @@ -89,6 +92,8 @@ PROP_FILE= #manual instructions to be show in case of error MANUAL_CONFIG_INSTRUCTION="Manual instructions to configure Loggly on Mac are available at https://www.loggly.com/docs/send-mac-logs-to-loggly/." +MANUAL_XCODE_INSTALL_INSTRUCTION="Xcode command line tools are not installed on your system. Try running \"xcode-select --install\" to install xcode command line tools and run script again. You can download tools manually from https://developer.apple.com/" + checkMacLogglyCompatibility() { #check if the user has root permission to run this script @@ -115,7 +120,10 @@ checkMacLogglyCompatibility() #check if minimum version of ruby is installed checkIfMinRubyVersionInstalled - MAC_ENV_VALIDATED="true" + #check if xcode command line tools are installed + checkIfXCodeCommandlineToolsInstalled + + MAC_ENV_VALIDATED="true" } # executing the script for loggly to install and configure fluentd. @@ -191,9 +199,9 @@ checkIfUserHasRootPrivileges() #check if supported operating system checkIfSupportedOS() { - # Determine OS platform - UNAME=$(uname | tr "[:upper:]" "[:lower:]") - MAC_DIST=$UNAME + # Determine OS platform + UNAME=$(uname | tr "[:upper:]" "[:lower:]") + MAC_DIST=$UNAME if [ "$MAC_DIST" == "darwin" ]; then logMsgToConfigSysLog "INFO" "INFO: Operating system is Mac" else @@ -304,10 +312,22 @@ checkIfMinRubyVersionInstalled() fi } +checkIfXCodeCommandlineToolsInstalled() +{ + logMsgToConfigSysLog "INFO" "INFO: Checking if Xcode command line tools are installed." + + if [ $(xcode-select -p 2>/dev/null | wc -l ) == 0 ]; then + logMsgToConfigSysLog "ERROR" "ERROR: $MANUAL_XCODE_INSTALL_INSTRUCTION" + exit 1 + else + logMsgToConfigSysLog "INFO" "INFO: Xcode command line tools are installed in your system." + fi +} + #this functions checks if the Fluentd gem is installed in the system checkIfFluentdInstalled() { - if [ $(fluentd --setup ./fluent 2>/dev/null | grep "./fluent/fluent.conf" | wc -l ) == 1 ]; then + if [ $(sudo fluentd --setup $LOGGLY_HOME/fluent 2>/dev/null | grep ".loggly/fluent/fluent.conf" | wc -l ) == 1 ]; then logMsgToConfigSysLog "INFO" "INFO: Fluentd is already installed. Not installing." else logMsgToConfigSysLog "INFO" "INFO: Fluentd is not installed. Installing Fluentd. This may take a while." @@ -319,10 +339,14 @@ checkIfFluentdInstalled() installFluentd() { #install fluentd gem http://docs.fluentd.org/articles/install-by-gem - sudo gem install fluentd --no-ri --no-rdoc + sudo gem install fluentd --no-ri --no-rdoc -n/usr/local/bin + + if [[ ! -d "$LOGGLY_HOME" ]]; then + mkdir $LOGGLY_HOME + fi #to check fluentd installed successfully - if [ $(fluentd --setup ./fluent 2>/dev/null | grep "./fluent/fluent.conf" | wc -l ) == 1 ]; then + if [ $(sudo fluentd --setup $LOGGLY_HOME/fluent 2>/dev/null | grep ".loggly/fluent/fluent.conf" | wc -l ) == 1 ]; then logMsgToConfigSysLog "INFO" "INFO: Fluentd installed Successfully" else logMsgToConfigSysLog "ERROR" "ERROR: Unable to install fluentd" @@ -333,8 +357,8 @@ installFluentd() #this function installs Loggly fluentd plugin installLogglyFluentdPlugin() { - logMsgToConfigSysLog "INFO" "INFO: Installing Loggly plugin for Fluentd" - sudo gem install fluent-plugin-loggly + logMsgToConfigSysLog "INFO" "INFO: Installing Loggly plugin for Fluentd" + sudo gem install fluent-plugin-loggly logMsgToConfigSysLog "INFO" "INFO: Loggly fluentd plugin installed successfully." } @@ -342,10 +366,6 @@ installLogglyFluentdPlugin() writeLogglyConfFile() { - if [[ ! -d "$HOME/.loggly" ]]; then - mkdir $HOME/.loggly - fi - FLUENTD_CONF="$HOME/.loggly/fluentd-loggly.conf" if [ -f "$FLUENTD_CONF" ]; then @@ -415,7 +435,7 @@ configureFluentdAsService() fi sudo touch $PROP_FILE - sudo chmod +x $PROP_FILE + sudo chmod +x $PROP_FILE propStr=" @@ -455,7 +475,10 @@ startFluentdService() #check if the logs made it to Loggly checkIfLogsMadeToLoggly() { - logMsgToConfigSysLog "INFO" "INFO: Sending test message to Loggly." + logMsgToConfigSysLog "INFO" "INFO: Sending test message to Loggly. Waiting for 30 secs." + + #sleeping for 30 secs so that fluentd service can start doing its work properly + sleep 30 uuid=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) queryParam="tag%3AMac%20$uuid" @@ -529,9 +552,9 @@ logMsgToConfigSysLog() #for Mac system, we need to use -D switch to decode varUname=$(uname) if [[ $varUname == 'Linux' ]]; then - enabler=$(echo -n MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -d) + enabler=$(echo -n MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 --decode) elif [[ $varUname == 'Darwin' ]]; then - enabler=$(echo MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 -D) + enabler=$(echo MWVjNGU4ZTEtZmJiMi00N2U3LTkyOWItNzVhMWJmZjVmZmUw | base64 --decode) fi if [ $? -ne 0 ]; then diff --git a/Modular Scripts/File Monitoring/configure-file-monitoring.sh b/Modular Scripts/File Monitoring/configure-file-monitoring.sh index c372785..e6678b9 100644 --- a/Modular Scripts/File Monitoring/configure-file-monitoring.sh +++ b/Modular Scripts/File Monitoring/configure-file-monitoring.sh @@ -9,7 +9,7 @@ source configure-linux.sh "being-invoked" #name of the current script SCRIPT_NAME=configure-file-monitoring.sh #version of the current script -SCRIPT_VERSION=1.12 +SCRIPT_VERSION=1.13 #file to monitor (contains complete path and file name) provided by user LOGGLY_FILE_TO_MONITOR= @@ -411,20 +411,38 @@ write21ConfFileContents() " fi - imfileStr+=" - # File access file: - \$InputFileName $FILE_TO_MONITOR - \$InputFileTag $LOGGLY_FILE_TO_MONITOR_ALIAS: - \$InputFileStateFile stat-$STATE_FILE_ALIAS - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - #Add a tag for file events - \$template $CONF_FILE_FORMAT_NAME,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 $TAG] %msg%\n\" - if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then @@logs-01.loggly.com:514;$CONF_FILE_FORMAT_NAME - if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then ~ - " - + rsyslog_version="$(rsyslogd -v)" + r_ver=${rsyslog_version:9:1} + if [ $r_ver -le 6 ] + then + imfileStr+=" + # File access file: + \$InputFileName $FILE_TO_MONITOR + \$InputFileTag $LOGGLY_FILE_TO_MONITOR_ALIAS: + \$InputFileStateFile stat-$STATE_FILE_ALIAS + \$InputFileSeverity info + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + #Add a tag for file events + \$template $CONF_FILE_FORMAT_NAME,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 $TAG] %msg%\n\" + if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then @@logs-01.loggly.com:514;$CONF_FILE_FORMAT_NAME + if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then ~ + " + else + imfileStr+=" + # File access file: + \$InputFileName $FILE_TO_MONITOR + \$InputFileTag $LOGGLY_FILE_TO_MONITOR_ALIAS + \$InputFileStateFile stat-$STATE_FILE_ALIAS + \$InputFileSeverity info + \$InputFilePersistStateInterval 20000 + \$InputRunFileMonitor + #Add a tag for file events + template (name=\"$CONF_FILE_FORMAT_NAME\" type=\"string\" string=\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 $TAG] %msg%\n\") + if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then action(type=\"omfwd\" protocol=\"tcp\" target=\"logs-01.loggly.com\" port=\"514\" template=\"$CONF_FILE_FORMAT_NAME\") + if \$programname == '$LOGGLY_FILE_TO_MONITOR_ALIAS' then ~ + " + fi #write to 21-.conf file sudo cat << EOIPFW >> $FILE_SYSLOG_CONFFILE $imfileStr diff --git a/Modular Scripts/Tomcat/configure-tomcat.sh b/Modular Scripts/Tomcat/configure-tomcat.sh index 6a93d0d..de18de7 100644 --- a/Modular Scripts/Tomcat/configure-tomcat.sh +++ b/Modular Scripts/Tomcat/configure-tomcat.sh @@ -9,7 +9,7 @@ source configure-linux.sh "being-invoked" #name of the current script SCRIPT_NAME=configure-tomcat.sh #version of the current script -SCRIPT_VERSION=1.3 +SCRIPT_VERSION=1.6 #minimum version of tomcat to enable log rotation MIN_TOMCAT_VERSION=6.0.33.0 @@ -98,6 +98,9 @@ installLogglyConfForTomcat() #update logging.properties file for log rotation updateLoggingPropertiesFile + #update server.xml to add renameOnRotate + updateServerXML + #multiple tags addTagsInConfiguration @@ -109,7 +112,7 @@ installLogglyConfForTomcat() #log success message logMsgToConfigSysLog "SUCCESS" "SUCCESS: Tomcat successfully configured to send logs via Loggly." -} + } #executing script to remove loggly configuration for tomcat removeLogglyConfForTomcat() @@ -130,6 +133,9 @@ removeLogglyConfForTomcat() #remove 21tomcat.conf file remove21TomcatConfFile + + #restore original server.xml from backup + restoreServerXML #restore original loggly properties file from backup restoreLogglyPropertiesFile @@ -137,7 +143,7 @@ removeLogglyConfForTomcat() logMsgToConfigSysLog "INFO" "INFO: Rollback completed." } -#identify if tomcat6 or tomcat7 is installed on your system +#identify if tomcat6/ tomcat7/ tomcat8 is installed on your system deduceAndCheckTomcatHomeAndVersion() { @@ -175,6 +181,25 @@ deduceAndCheckTomcatHomeAndVersion() #checks if the deduced tomcat7 home is correct or not checkIfValidTomcatHome validTomcatHome fi + + #if tomcat6 home is not valid one, move on to check for tomcat8 + if [ "$validTomcatHome" = "false" ]; then + + LOGGLY_CATALINA_HOME= + + #lets check if tomcat6 is installed on the system + SERVICE=tomcat8 + + #try to deduce tomcat home considering tomcat6 + assumeTomcatHome $SERVICE + + #initialize validTomcatHome variable with value true. This value will be toggled + #in the function checkIfValidTomcatHome fails + validTomcatHome="true" + + #checks if the deduced tomcat7 home is correct or not + checkIfValidTomcatHome validTomcatHome + fi if [ "$validTomcatHome" = "true" ]; then logMsgToConfigSysLog "INFO" "INFO: CATALINA HOME: $LOGGLY_CATALINA_HOME" @@ -218,6 +243,8 @@ deduceAndCheckTomcatHomeAndVersion() SERVICE=tomcat7 elif [ "$tomcatMajorVersion" = "6" ]; then SERVICE=tomcat6 + elif [ "$tomcatMajorVersion" = "8" ]; then + SERVICE=tomcat8 fi else logMsgToConfigSysLog "ERROR" "ERROR: Provided Catalina Home is not correct. Please recheck." @@ -230,14 +257,18 @@ assumeTomcatHome() { #if user has not provided the catalina home if [ "$LOGGLY_CATALINA_HOME" = "" ]; then - case "$LINUX_DIST" in - *"Ubuntu"* ) + LINUX_DIST_IN_LOWER_CASE=$(echo $LINUX_DIST | tr "[:upper:]" "[:lower:]") + case "$LINUX_DIST_IN_LOWER_CASE" in + *"ubuntu"* ) LOGGLY_CATALINA_HOME="/var/lib/$1" ;; - *"RedHat"* ) + *"redhat"* ) + LOGGLY_CATALINA_HOME="/usr/share/$1" + ;; + *"centos"* ) LOGGLY_CATALINA_HOME="/usr/share/$1" ;; - *"CentOS"* ) + *"amazon"* ) LOGGLY_CATALINA_HOME="/usr/share/$1" ;; esac @@ -313,8 +344,8 @@ getTomcatVersion() checkIfSupportedTomcatVersion() { tomcatMajorVersion=${TOMCAT_VERSION%%.*} - if [[ ($tomcatMajorVersion -ne 6 ) && ($tomcatMajorVersion -ne 7) ]]; then - logMsgToConfigSysLog "ERROR" "ERROR: This script only supports Tomcat version 6 or 7." + if [[ ($tomcatMajorVersion -ne 6 ) && ($tomcatMajorVersion -ne 7) && ($tomcatMajorVersion -ne 8) ]]; then + logMsgToConfigSysLog "ERROR" "ERROR: This script only supports Tomcat version 6, 7 or 8." exit 1 fi } @@ -428,6 +459,25 @@ EOIPFW } +#add renameOnRotate to true in the Valve element to stop access logs +#log rotation +updateServerXML() +{ + + if ! grep -q 'renameOnRotate="true"' "$LOGGLY_CATALINA_HOME/conf/server.xml"; + then + + #Creating backup of server.xml to server.xml.bk + logMsgToConfigSysLog "INFO" "INFO: Creating backup of server.xml to server.xml.bk" + sudo cp $LOGGLY_CATALINA_HOME/conf/server.xml $LOGGLY_CATALINA_HOME/conf/server.xml.bk + if grep -q '"localhost_access_log."' "$LOGGLY_CATALINA_HOME/conf/server.xml"; + then + sed -i 's/"localhost_access_log."/"localhost_access_log"/g' $LOGGLY_CATALINA_HOME/conf/server.xml + fi + sed -i 's/"localhost_access_log"/"localhost_access_log"\ renameOnRotate="true"/g' $LOGGLY_CATALINA_HOME/conf/server.xml + logMsgToConfigSysLog "INFO" "INFO: Disabled log rotation for localhost_access_log file in server.xml" + fi +} addTagsInConfiguration() { #split tags by comman(,) @@ -475,83 +525,93 @@ write21TomcatFileContents() sudo chmod o+w $TOMCAT_SYSLOG_CONFFILE imfileStr="\$ModLoad imfile - \$WorkDirectory $RSYSLOG_DIR - " +\$WorkDirectory $RSYSLOG_DIR +" if [[ "$LINUX_DIST" == *"Ubuntu"* ]]; then imfileStr+="\$PrivDropToGroup adm - " +" fi imfileStr+=" - #parameterized token here....... - #Add a tag for tomcat events - \$template LogglyFormatTomcat,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 $TAG] %msg%\n\" - - # catalina.out - \$InputFileName $LOGGLY_CATALINA_LOG_HOME/catalina.out - \$InputFileTag catalina-out - \$InputFileStateFile stat-catalina-out - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - if \$programname == 'catalina-out' then @@logs-01.loggly.com:514;LogglyFormatTomcat - if \$programname == 'catalina-out' then ~ - - # initd.log - \$InputFileName $LOGGLY_CATALINA_LOG_HOME/initd.log - \$InputFileTag initd - \$InputFileStateFile stat-initd - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - if \$programname == 'initd' then @@logs-01.loggly.com:514;LogglyFormatTomcat - if \$programname == 'initd' then ~ - " +#parameterized token here....... +#Add a tag for tomcat events +\$template LogglyFormatTomcat,\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [$LOGGLY_AUTH_TOKEN@41058 $TAG] %msg%\n\" + +# catalina.out +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/catalina.out +\$InputFileTag catalina-out +\$InputFileStateFile stat-catalina-out +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'catalina-out' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'catalina-out' then ~ + +# initd.log +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/initd.log +\$InputFileTag initd +\$InputFileStateFile stat-initd +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'initd' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'initd' then ~ +" #if log rotation is enabled i.e. tomcat version is greater than or equal to #6.0.33.0, then add the following lines to tomcat syslog conf file if [ $(compareVersions $TOMCAT_VERSION $MIN_TOMCAT_VERSION 4) -ge 0 ]; then imfileStr+=" - # catalina.log - \$InputFileName $LOGGLY_CATALINA_LOG_HOME/catalina.log - \$InputFileTag catalina-log - \$InputFileStateFile stat-catalina-log - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - if \$programname == 'catalina-log' then @@logs-01.loggly.com:514;LogglyFormatTomcat - if \$programname == 'catalina-log' then ~ - - # host-manager.log - \$InputFileName $LOGGLY_CATALINA_LOG_HOME/host-manager.log - \$InputFileTag host-manager - \$InputFileStateFile stat-host-manager - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - if \$programname == 'host-manager' then @@logs-01.loggly.com:514;LogglyFormatTomcat - if \$programname == 'host-manager' then ~ - - # localhost.log - \$InputFileName $LOGGLY_CATALINA_LOG_HOME/localhost.log - \$InputFileTag localhost-log - \$InputFileStateFile stat-localhost-log - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - if \$programname == 'localhost-log' then @@logs-01.loggly.com:514;LogglyFormatTomcat - if \$programname == 'localhost-log' then ~ - - # manager.log - \$InputFileName $LOGGLY_CATALINA_LOG_HOME/manager.log - \$InputFileTag manager - \$InputFileStateFile stat-manager - \$InputFileSeverity info - \$InputFilePersistStateInterval 20000 - \$InputRunFileMonitor - if \$programname == 'manager' then @@logs-01.loggly.com:514;LogglyFormatTomcat - if \$programname == 'manager' then ~ - " +# catalina.log +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/catalina.log +\$InputFileTag catalina-log +\$InputFileStateFile stat-catalina-log +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'catalina-log' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'catalina-log' then ~ + +# host-manager.log +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/host-manager.log +\$InputFileTag host-manager +\$InputFileStateFile stat-host-manager +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'host-manager' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'host-manager' then ~ + +# localhost.log +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/localhost.log +\$InputFileTag localhost-log +\$InputFileStateFile stat-localhost-log +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'localhost-log' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'localhost-log' then ~ + +# manager.log +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/manager.log +\$InputFileTag manager +\$InputFileStateFile stat-manager +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'manager' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'manager' then ~ + +# localhost_access_log.txt +\$InputFileName $LOGGLY_CATALINA_LOG_HOME/localhost_access_log.txt +\$InputFileTag tomcat-access +\$InputFileStateFile stat-tomcat-access +\$InputFileSeverity info +\$InputFilePersistStateInterval 20000 +\$InputRunFileMonitor +if \$programname == 'tomcat-access' then @@logs-01.loggly.com:514;LogglyFormatTomcat +if \$programname == 'tomcat-access' then ~ +" fi #change the tomcat-21 file to variable from above and also take the directory of the tomcat log file. @@ -623,6 +683,17 @@ restoreLogglyPropertiesFile() restartTomcat } +restoreServerXML() +{ + if [ -f "$LOGGLY_CATALINA_HOME/conf/server.xml.bk" ]; + then + logMsgToConfigSysLog "INFO" "INFO: Restoring server.xml file from backup" + sudo rm -rf $LOGGLY_CATALINA_HOME/conf/server.xml + sudo cp $LOGGLY_CATALINA_HOME/conf/server.xml.bk $LOGGLY_CATALINA_HOME/conf/server.xml + sudo rm -rf $LOGGLY_CATALINA_HOME/conf/server.xml.bk + fi +} + #remove 21tomcat.conf file remove21TomcatConfFile() { diff --git a/README.md b/README.md index ae135c5..7863b22 100644 --- a/README.md +++ b/README.md @@ -15,3 +15,4 @@ You can view the **READMEs** of the various installation scripts at the followin 4. Tomcat Configuration Script 5. S3 Bucket Configuration Script 6. Nginx Script +7. Mac Script