marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4d9ed22c39
ids.alfacom.it/deployment/setup_syslog_server.sh
Marco Lanzara 2041d3926f 🚀 Release v1.0.23 
- Tipo: patch
- Database schema: database-schema/schema.sql (solo struttura)
- Data: 2025-11-21 15:45:57
2025-11-21 15:45:57 +00:00

103 lines
3.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Script per configurare il server Syslog su AlmaLinux 9
# Questo script riceve i log dai router MikroTik e li salva in PostgreSQL
# Eseguire con: chmod +x setup_syslog_server.sh && sudo ./setup_syslog_server.sh
# Colori per output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
echo -e "${BLUE}📡 CONFIGURAZIONE SERVER SYSLOG PER ROUTER MIKROTIK${NC}"
echo "===================================================="
# 1. Installa rsyslog
echo -e "\n${BLUE}📦 Installazione rsyslog...${NC}"
dnf install -y rsyslog rsyslog-pgsql
# 2. Configura rsyslog per ricevere log UDP
echo -e "\n${BLUE}🔧 Configurazione rsyslog...${NC}"
cat > /etc/rsyslog.d/10-mikrotik.conf << 'EOF'
# Configurazione rsyslog per ricevere log dai router MikroTik
# Abilita ricezione UDP sulla porta 514
module(load="imudp")
input(type="imudp" port="514")
# Template per parsare log MikroTik
# Formato: timestamp hostname tag: message
template(name="MikrotikFormat" type="string"
string="%timestamp% %hostname% %syslogtag%%msg:::drop-last-lf%\n"
)
# Filtra solo log dai router MikroTik (basato su hostname o IP range)
# Salva in file temporaneo per processamento Python
if $fromhost-ip startswith '192.168.' or $fromhost-ip startswith '10.' then {
action(type="omfile" file="/var/log/mikrotik/raw.log" template="MikrotikFormat")
}
# Ruota log giornalmente
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$ActionFileEnableSync on
EOF
# 3. Crea directory log
echo -e "\n${BLUE}📁 Creazione directory log...${NC}"
mkdir -p /var/log/mikrotik
chown -R syslog:adm /var/log/mikrotik
chmod 755 /var/log/mikrotik
# 4. Configura logrotate
echo -e "\n${BLUE}🔄 Configurazione logrotate...${NC}"
cat > /etc/logrotate.d/mikrotik << 'EOF'
/var/log/mikrotik/*.log {
daily
rotate 7
compress
delaycompress
missingok
notifempty
create 0644 syslog adm
sharedscripts
postrotate
/bin/kill -HUP $(cat /var/run/syslogd.pid 2>/dev/null) 2>/dev/null || true
endscript
}
EOF
# 5. Configura firewall per porta 514/UDP
echo -e "\n${BLUE}🔥 Configurazione firewall...${NC}"
firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload
# 6. Restart rsyslog
echo -e "\n${BLUE}🔄 Restart rsyslog...${NC}"
systemctl enable rsyslog
systemctl restart rsyslog
echo -e "\n${GREEN}✅ SERVER SYSLOG CONFIGURATO!${NC}"
echo ""
echo -e "${YELLOW}📋 CONFIGURAZIONE ROUTER MIKROTIK:${NC}"
echo ""
echo -e "${BLUE}Connettiti al router MikroTik e esegui:${NC}"
echo ""
echo -e " /system logging action"
echo -e " add name=ids-server target=remote remote=<IP_QUESTO_SERVER> remote-port=514"
echo ""
echo -e " /system logging"
echo -e " add action=ids-server topics=firewall,info"
echo -e " add action=ids-server topics=account,info"
echo -e " add action=ids-server topics=system,error"
echo ""
echo -e "${YELLOW}Sostituisci <IP_QUESTO_SERVER> con l'IP di questo server AlmaLinux${NC}"
echo ""
echo -e "${BLUE}📊 VERIFICA:${NC}"
echo -e " • Test ricezione log: ${BLUE}tail -f /var/log/mikrotik/raw.log${NC}"
echo -e " • Stato rsyslog: ${BLUE}systemctl status rsyslog${NC}"
echo -e " • Porta aperta: ${BLUE}netstat -ulnp | grep 514${NC}"
Reference in New Issue View Git Blame Copy Permalink