diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2009-08-24 22:17:45 -0400 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2009-08-24 22:17:45 -0400 |
| commit | be5d59d74f6ae394ee267157331ebaa81b7b27a1 (patch) | |
| tree | 9ceae84a951332cb9a7e16cc15533d3da220553a | |
| parent | 2990acf8a0d6fef9c64a20695e543454340502cb (diff) | |
| download | pfsense-be5d59d74f6ae394ee267157331ebaa81b7b27a1.zip pfsense-be5d59d74f6ae394ee267157331ebaa81b7b27a1.tar.gz | |
Allow up to 3 remote syslog servers. Resolves #11
| -rw-r--r-- | etc/inc/system.inc | 112 | ||||
| -rwxr-xr-x | usr/local/www/diag_logs_settings.php | 74 |
2 files changed, 158 insertions, 28 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 11c5678..82ab8af 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -414,13 +414,25 @@ function system_syslogd_start() { $syslogconf .= "!apinger\n"; if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/slbd.log\n"; - if (isset($syslogcfg['vpn'])) - $syslogconf .= "*.* @{$syslogcfg['remoteserver']}\n"; + if (isset($syslogcfg['vpn'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= "*.* @{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $syslogconf .= "*.* @{$syslogcfg['remoteserver2']}\n"; + if($syslogcfg['remoteserver3']) + $syslogconf .= "*.* @{$syslogcfg['remoteserver3']}\n"; + } $syslogconf .= "!openvpn\n"; if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= "*.* {$log_directive}{$g['varlog_path']}/openvpn.log\n"; - if (isset($syslogcfg['vpn'])) - $syslogconf .= "*.* @{$syslogcfg['remoteserver']}\n"; + if (isset($syslogcfg['vpn'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= "*.* @{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $syslogconf .= "*.* @{$syslogcfg['remoteserver3']}\n"; + if($syslogcfg['remoteserver3']) + $syslogconf .= "*.* @{$syslogcfg['remoteserver3']}\n"; + } $syslogconf .= "!-{$facilitylist}\n"; if (!isset($syslogcfg['disablelocallogging'])) $syslogconf .= <<<EOD @@ -438,16 +450,42 @@ auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf *.emerg * EOD; - if (isset($syslogcfg['filter'])) - $syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n"; - if (isset($syslogcfg['vpn'])) - $syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n"; - if (isset($syslogcfg['portalauth'])) - $syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n"; - if (isset($syslogcfg['dhcp'])) - $syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n"; - if (isset($syslogcfg['system'])) - $syslogconf .= <<<EOD + if (isset($syslogcfg['filter'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= "local0.* @{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $syslogconf .= "local0.* @{$syslogcfg['remoteserver2']}\n"; + if($syslogcfg['remoteserver3']) + $syslogconf .= "local0.* @{$syslogcfg['remoteserver3']}\n"; + + } + if (isset($syslogcfg['vpn'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= "local3.* @{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $syslogconf .= "local3.* @{$syslogcfg['remoteserver2']}\n"; + if($syslogcfg['remoteserver3']) + $syslogconf .= "local3.* @{$syslogcfg['remoteserver3']}\n"; + } + if (isset($syslogcfg['portalauth'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= "local4.* @{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $syslogconf .= "local4.* @{$syslogcfg['remoteserver2']}\n"; + if($syslogcfg['remoteserver3']) + $syslogconf .= "local4.* @{$syslogcfg['remoteserver3']}\n"; + } + if (isset($syslogcfg['dhcp'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= "local7.* @{$syslogcfg['remoteserver']}\n"; + if($syslogcfg['remoteserver2']) + $syslogconf .= "local7.* @{$syslogcfg['remoteserver2']}\n"; + if($syslogcfg['remoteserver3']) + $syslogconf .= "local7.* @{$syslogcfg['remoteserver3']}\n"; + } + if (isset($syslogcfg['system'])) { + if($syslogcfg['remoteserver']) + $syslogconf .= <<<EOD *.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver']} news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver']} security.* @{$syslogcfg['remoteserver']} @@ -455,12 +493,52 @@ auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver']} *.emerg @{$syslogcfg['remoteserver']} EOD; + + if (isset($syslogcfg['system'])) { + if($syslogcfg['remoteserver2']) + $syslogconf .= <<<EOD +*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver2']} +news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver2']} +security.* @{$syslogcfg['remoteserver2']} +auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver2']} +*.emerg @{$syslogcfg['remoteserver2']} + +EOD; + + if (isset($syslogcfg['system'])) { + if($syslogcfg['remoteserver3']) + $syslogconf .= <<<EOD +*.notice;kern.debug;lpr.info;mail.crit; @{$syslogcfg['remoteserver3']} +news.err;local0.none;local3.none;local7.none @{$syslogcfg['remoteserver3']} +security.* @{$syslogcfg['remoteserver3']} +auth.info;authpriv.info;daemon.info @{$syslogcfg['remoteserver3']} +*.emerg @{$syslogcfg['remoteserver3']} + +EOD; + +} if (isset($syslogcfg['logall'])) { - $syslogconf .= <<<EOD + if($syslogcfg['remoteserver']) + $syslogconf .= <<<EOD *.* @{$syslogcfg['remoteserver']} EOD; - } + +} + if($syslogcfg['remoteserver2']) + $syslogconf .= <<<EOD +*.* @{$syslogcfg['remoteserver2']} + +EOD; + +} + if($syslogcfg['remoteserver3']) + $syslogconf .= <<<EOD +*.* @{$syslogcfg['remoteserver3']} + +EOD; + +} fwrite($fd, $syslogconf); fclose($fd); // Are we logging to a least one remote server ? @@ -1199,4 +1277,4 @@ function enable_watchdog() { } } -?> +?>
\ No newline at end of file diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php index b744258..02253c0 100755 --- a/usr/local/www/diag_logs_settings.php +++ b/usr/local/www/diag_logs_settings.php @@ -43,6 +43,8 @@ require("guiconfig.inc"); $pconfig['reverse'] = isset($config['syslog']['reverse']); $pconfig['nentries'] = $config['syslog']['nentries']; $pconfig['remoteserver'] = $config['syslog']['remoteserver']; +$pconfig['remoteserver3'] = $config['syslog']['remoteserver2']; +$pconfig['remoteserver3'] = $config['syslog']['remoteserver3']; $pconfig['filter'] = isset($config['syslog']['filter']); $pconfig['dhcp'] = isset($config['syslog']['dhcp']); $pconfig['portalauth'] = isset($config['syslog']['portalauth']); @@ -66,6 +68,16 @@ if ($_POST) { if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) { $input_errors[] = "A valid IP address must be specified."; } + if ($_POST['enable'] && $_POST['remoteserver2'] && !is_ipaddr($_POST['remoteserver2'])) { + $input_errors[] = "A valid IP address must be specified for remote syslog server #2."; + } + if ($_POST['enable'] && $_POST['remoteserver3'] && !is_ipaddr($_POST['remoteserver3'])) { + $input_errors[] = "A valid IP address must be specified for remote syslog server #3."; + } + if ($_POST['enable'] && !is_ipaddr($_POST['remoteserver'])) { + $input_errors[] = "A valid IP address must be specified."; + } + if (($_POST['nentries'] < 5) || ($_POST['nentries'] > 2000)) { $input_errors[] = "Number of log entries to show must be between 5 and 2000."; } @@ -74,6 +86,8 @@ if ($_POST) { $config['syslog']['reverse'] = $_POST['reverse'] ? true : false; $config['syslog']['nentries'] = (int)$_POST['nentries']; $config['syslog']['remoteserver'] = $_POST['remoteserver']; + $config['syslog']['remoteserver2'] = $_POST['remoteserver2']; + $config['syslog']['remoteserver3'] = $_POST['remoteserver3']; $config['syslog']['filter'] = $_POST['filter'] ? true : false; $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; @@ -85,8 +99,11 @@ if ($_POST) { $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); $config['syslog']['nologdefaultblock'] = $_POST['logdefaultblock'] ? false : true; $config['syslog']['rawfilter'] = $_POST['rawfilter'] ? true : false; - if($config['syslog']['enable'] == false) + if($config['syslog']['enable'] == false) { unset($config['syslog']['remoteserver']); + unset($config['syslog']['remoteserver2']); + unset($config['syslog']['remoteserver3']); + } write_config(); @@ -110,6 +127,8 @@ include("head.inc"); function enable_change(enable_over) { if (document.iform.enable.checked || enable_over) { document.iform.remoteserver.disabled = 0; + document.iform.remoteserver2.disabled = 0; + document.iform.remoteserver3.disabled = 0; document.iform.filter.disabled = 0; document.iform.dhcp.disabled = 0; document.iform.portalauth.disabled = 0; @@ -117,6 +136,8 @@ function enable_change(enable_over) { document.iform.system.disabled = 0; } else { document.iform.remoteserver.disabled = 1; + document.iform.remoteserver2.disabled = 1; + document.iform.remoteserver3.disabled = 1; document.iform.filter.disabled = 1; document.iform.dhcp.disabled = 1; document.iform.portalauth.disabled = 1; @@ -181,20 +202,51 @@ function enable_change(enable_over) { </tr> <tr> <td width="22%" valign="top" class="vtable"> </td> - <td width="78%" class="vtable"> <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> - <strong>Enable syslog'ing to remote syslog server</strong></td> - </tr> - <tr> - <td width="22%" valign="top" class="vtable"> </td> <td width="78%" class="vtable"> <input name="disablelocallogging" type="checkbox" id="disablelocallogging" value="yes" <?php if ($pconfig['disablelocallogging']) echo "checked"; ?> onClick="enable_change(false)"> <strong>Disable writing log files to the local ram disk</strong></td> </tr> <tr> - <td width="22%" valign="top" class="vncell">Remote syslog - server</td> - <td width="78%" class="vtable"> <input name="remoteserver" id="remoteserver" type="text" class="formfld host" size="20" value="<?=htmlspecialchars($pconfig['remoteserver']);?>"> - <br> - IP address of remote syslog server<br> <br> <input name="system" id="system" type="checkbox" value="yes" onclick="enable_change(false)" <?php if ($pconfig['system']) echo "checked"; ?>> + <td width="22%" valign="top" class="vtable"> </td> + <td width="78%" class="vtable"> <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> + <strong>Enable syslog'ing to remote syslog server</strong></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Remote syslog servers</td> + <td width="78%" class="vtable"> + <table> + <tr> + <td> + Server 1 + </td> + <td> + <input name="remoteserver" id="remoteserver" type="text" class="formfld host" size="20" value="<?=htmlspecialchars($pconfig['remoteserver']);?>"> + </td> + </tr> + <tr> + <td> + Server 2 + </td> + <td> + <input name="remoteserver2" id="remoteserver2" type="text" class="formfld host" size="20" value="<?=htmlspecialchars($pconfig['remoteserver2']);?>"> + </td> + </tr> + <tr> + <td> + Server 3 + </td> + <td> + <input name="remoteserver3" id="remoteserver3" type="text" class="formfld host" size="20" value="<?=htmlspecialchars($pconfig['remoteserver3']);?>"> + </td> + </tr> + <tr> + <td> + + </td> + <td> + IP addresses of remote syslog servers + </td> + </table> + <input name="system" id="system" type="checkbox" value="yes" onclick="enable_change(false)" <?php if ($pconfig['system']) echo "checked"; ?>> system events <br> <input name="filter" id="filter" type="checkbox" value="yes" <?php if ($pconfig['filter']) echo "checked"; ?>> firewall events<br> <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?php if ($pconfig['dhcp']) echo "checked"; ?>> DHCP service events<br> <input name="portalauth" id="portalauth" type="checkbox" value="yes" <?php if ($pconfig['portalauth']) echo "checked"; ?>> |
