#!/bin/bash # Script per configurare il server Syslog su AlmaLinux 9 # Questo script riceve i log dai router MikroTik e li salva in PostgreSQL # Eseguire con: chmod +x setup_syslog_server.sh && sudo ./setup_syslog_server.sh # Colori per output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' echo -e "${BLUE}📡 CONFIGURAZIONE SERVER SYSLOG PER ROUTER MIKROTIK${NC}" echo "====================================================" # 1. Installa rsyslog echo -e "\n${BLUE}📦 Installazione rsyslog...${NC}" dnf install -y rsyslog rsyslog-pgsql # 2. Configura rsyslog per ricevere log UDP echo -e "\n${BLUE}🔧 Configurazione rsyslog...${NC}" cat > /etc/rsyslog.d/10-mikrotik.conf << 'EOF' # Configurazione rsyslog per ricevere log dai router MikroTik # Abilita ricezione UDP sulla porta 514 module(load="imudp") input(type="imudp" port="514") # Template per parsare log MikroTik # Formato: timestamp hostname tag: message template(name="MikrotikFormat" type="string" string="%timestamp% %hostname% %syslogtag%%msg:::drop-last-lf%\n" ) # Filtra solo log dai router MikroTik (basato su hostname o IP range) # Salva in file temporaneo per processamento Python if $fromhost-ip startswith '192.168.' or $fromhost-ip startswith '10.' then { action(type="omfile" file="/var/log/mikrotik/raw.log" template="MikrotikFormat") } # Ruota log giornalmente $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $ActionFileEnableSync on EOF # 3. Crea directory log echo -e "\n${BLUE}📁 Creazione directory log...${NC}" mkdir -p /var/log/mikrotik chown -R syslog:adm /var/log/mikrotik chmod 755 /var/log/mikrotik # 4. Configura logrotate echo -e "\n${BLUE}🔄 Configurazione logrotate...${NC}" cat > /etc/logrotate.d/mikrotik << 'EOF' /var/log/mikrotik/*.log { daily rotate 7 compress delaycompress missingok notifempty create 0644 syslog adm sharedscripts postrotate /bin/kill -HUP $(cat /var/run/syslogd.pid 2>/dev/null) 2>/dev/null || true endscript } EOF # 5. Configura firewall per porta 514/UDP echo -e "\n${BLUE}🔥 Configurazione firewall...${NC}" firewall-cmd --permanent --add-port=514/udp firewall-cmd --reload # 6. Restart rsyslog echo -e "\n${BLUE}🔄 Restart rsyslog...${NC}" systemctl enable rsyslog systemctl restart rsyslog echo -e "\n${GREEN}✅ SERVER SYSLOG CONFIGURATO!${NC}" echo "" echo -e "${YELLOW}📋 CONFIGURAZIONE ROUTER MIKROTIK:${NC}" echo "" echo -e "${BLUE}Connettiti al router MikroTik e esegui:${NC}" echo "" echo -e " /system logging action" echo -e " add name=ids-server target=remote remote= remote-port=514" echo "" echo -e " /system logging" echo -e " add action=ids-server topics=firewall,info" echo -e " add action=ids-server topics=account,info" echo -e " add action=ids-server topics=system,error" echo "" echo -e "${YELLOW}Sostituisci con l'IP di questo server AlmaLinux${NC}" echo "" echo -e "${BLUE}📊 VERIFICA:${NC}" echo -e " • Test ricezione log: ${BLUE}tail -f /var/log/mikrotik/raw.log${NC}" echo -e " • Stato rsyslog: ${BLUE}systemctl status rsyslog${NC}" echo -e " • Porta aperta: ${BLUE}netstat -ulnp | grep 514${NC}"