diff --git a/pillar/logrotate/init.sls b/pillar/logrotate/init.sls deleted file mode 100644 index f8a54f442..000000000 --- a/pillar/logrotate/init.sls +++ /dev/null @@ -1,13 +0,0 @@ -logrotate: - conf: | - daily - rotate 14 - missingok - copytruncate - compress - create - extension .log - dateext - dateyesterday - group_conf: | - su root socore \ No newline at end of file diff --git a/salt/logrotate/defaults.yaml b/salt/logrotate/defaults.yaml index 841094d84..68095fcbd 100644 --- a/salt/logrotate/defaults.yaml +++ b/salt/logrotate/defaults.yaml @@ -1,6 +1,6 @@ logrotate: config: - /opt/so/log/idstools/*.log: + /opt/so/log/idstools/*_x_log: - daily - rotate 14 - missingok @@ -10,7 +10,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/nginx/*.log: + /opt/so/log/nginx/*_x_log: - daily - rotate 14 - missingok @@ -20,7 +20,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/soc/*.log: + /opt/so/log/soc/*_x_log: - daily - rotate 14 - missingok @@ -30,7 +30,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/kratos/*.log: + /opt/so/log/kratos/*_x_log: - daily - rotate 14 - missingok @@ -40,7 +40,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/kibana/*.log: + /opt/so/log/kibana/*_x_log: - daily - rotate 14 - missingok @@ -50,7 +50,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/influxdb/*.log: + /opt/so/log/influxdb/*_x_log: - daily - rotate 14 - missingok @@ -60,7 +60,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/elastalert/*.log: + /opt/so/log/elastalert/*_x_log: - daily - rotate 14 - missingok @@ -70,7 +70,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/soctopus/*.log: + /opt/so/log/soctopus/*_x_log: - daily - rotate 14 - missingok @@ -80,7 +80,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/curator/*.log: + /opt/so/log/curator/*_x_log: - daily - rotate 14 - missingok @@ -90,7 +90,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/fleet/*.log: + /opt/so/log/fleet/*_x_log: - daily - rotate 14 - missingok @@ -100,7 +100,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/suricata/*.log: + /opt/so/log/suricata/*_x_log: - daily - rotate 14 - missingok @@ -110,7 +110,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/mysql/*.log: + /opt/so/log/mysql/*_x_log: - daily - rotate 14 - missingok @@ -120,7 +120,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/telegraf/*.log: + /opt/so/log/telegraf/*_x_log: - daily - rotate 14 - missingok @@ -130,7 +130,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/redis/*.log: + /opt/so/log/redis/*_x_log: - daily - rotate 14 - missingok @@ -140,7 +140,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/sensoroni/*.log: + /opt/so/log/sensoroni/*_x_log: - daily - rotate 14 - missingok @@ -150,7 +150,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/stenographer/*.log: + /opt/so/log/stenographer/*_x_log: - daily - rotate 14 - missingok @@ -190,7 +190,7 @@ logrotate: - extension .log - dateext - dateyesterday - /nsm/idh/*.log: + /nsm/idh/*_x_log: - daily - rotate 14 - missingok @@ -200,7 +200,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/playbook/*.log: + /opt/so/log/playbook/*_x_log: - daily - rotate 14 - missingok @@ -211,7 +211,7 @@ logrotate: - dateext - dateyesterday - su root socore - /nsm/strelka/log/strelka.log: + /nsm/strelka/log/strelka_x_log: - daily - rotate 14 - missingok @@ -221,7 +221,7 @@ logrotate: - extension .log - dateext - dateyesterday - /opt/so/log/sensor_clean.log: + /opt/so/log/sensor_clean_x_log: - daily - rotate 2 - missingok diff --git a/salt/logrotate/etc/rotate.conf.jinja b/salt/logrotate/etc/rotate.conf.jinja index 60852af38..2822019e9 100644 --- a/salt/logrotate/etc/rotate.conf.jinja +++ b/salt/logrotate/etc/rotate.conf.jinja @@ -1,5 +1,5 @@ {%- for file, opts in CONFIG.items() %} -{{ file }} +{{ file | replace("_x_", ".")}} { {%- for opt in opts %} {{ opt }} diff --git a/salt/logrotate/soc_logrotate.yaml b/salt/logrotate/soc_logrotate.yaml index a300ec38e..5b9fd720f 100644 --- a/salt/logrotate/soc_logrotate.yaml +++ b/salt/logrotate/soc_logrotate.yaml @@ -1,29 +1,163 @@ logrotate: config: - /opt/so/log/idstools/*.log: &rotateopts + "/opt/so/log/idstools/*_x_log": description: List of logrotate options for this file. + title: /opt/so/log/idstools/*.log advanced: True multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/nginx/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/nginx/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/soc/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/soc/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/kratos/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/kratos/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/kibana/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/kibana/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/influxdb/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/influxdb/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/elastalert/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/elastalert/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/soctopus/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/soctopus/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/curator/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/curator/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/fleet/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/fleet/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/suricata/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/suricata/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/mysql/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/mysql/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/telegraf/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/telegraf/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/redis/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/redis/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/sensoroni/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/sensoroni/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/stenographer/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/stenographer/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/salt/so-salt-minion-check": + description: List of logrotate options for this file. + title: /opt/so/log/salt/so-salt-minion-check + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/salt/minion": + description: List of logrotate options for this file. + title: /opt/so/log/salt/minion + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/salt/master": + description: List of logrotate options for this file. + title: /opt/so/log/salt/master + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/nsm/idh/*_x_log": + description: List of logrotate options for this file. + title: /nsm/idh/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/playbook/*_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/playbook/*.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/nsm/strelka/log/strelka_x_log": + description: List of logrotate options for this file. + title: /nsm/strelka/log/strelka.log + advanced: True + multiline: True + global: True + forcedType: "[]string" + "/opt/so/log/sensor_clean_x_log": + description: List of logrotate options for this file. + title: /opt/so/log/sensor_clean.log + advanced: True + multiline: True + global: True forcedType: "[]string" - /opt/so/log/nginx/*.log: *rotateopts - /opt/so/log/soc/*.log: *rotateopts - /opt/so/log/kratos/*.log: *rotateopts - /opt/so/log/kibana/*.log: *rotateopts - /opt/so/log/influxdb/*.log: *rotateopts - /opt/so/log/elastalert/*.log: *rotateopts - /opt/so/log/soctopus/*.log: *rotateopts - /opt/so/log/curator/*.log: *rotateopts - /opt/so/log/fleet/*.log: *rotateopts - /opt/so/log/suricata/*.log: *rotateopts - /opt/so/log/mysql/*.log: *rotateopts - /opt/so/log/telegraf/*.log: *rotateopts - /opt/so/log/redis/*.log: *rotateopts - /opt/so/log/sensoroni/*.log: *rotateopts - /opt/so/log/stenographer/*.log: *rotateopts - /opt/so/log/salt/so-salt-minion-check: *rotateopts - /opt/so/log/salt/minion: *rotateopts - /opt/so/log/salt/master: *rotateopts - /nsm/idh/*.log: *rotateopts - /opt/so/log/playbook/*.log: *rotateopts - /nsm/strelka/log/strelka.log: *rotateopts - /opt/so/log/sensor_clean.log: *rotateopts