Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

cflogsink

Centralized logging
Project URLRSS FeedReport issues

8,628 downloads

1,626 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 1.3.2 (latest)
  • 1.3.1
  • 1.3.0
  • 1.1.0
  • 1.0.1
  • 1.0.0
  • 0.12.3
  • 0.12.2
  • 0.12.1
released Nov 12th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >=4.7.0 <7.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'codingfuture-cflogsink', '1.3.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add codingfuture-cflogsink
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install codingfuture-cflogsink --version 1.3.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

codingfuture/cflogsink — version 1.3.2 Nov 12th 2019

cflogsink

Description

Centralized logging infrastructure.

What it does:

  • Use ElasticSearch+Logstash stack for centralized log sink.
    • Advanced tuning for all cf* modules.
    • Dedicated strictly types system log, HTTP access log and firewall log indexes.
    • Special handling of various log format cases.
    • Optimized storage field.
    • Special handling of known message formats to minimize noise.
    • Automatic error detection in regular log level.
  • Reliable real-time message delivery through rsyslog RELP.
    • Proxy host support for complex configurations
  • Supports UDP & TCP local receive (suitable for JVM services).
  • Heavy duty /dev/hdlog skipping systemd.
    • Mostly for HTTP access log and similar.
    • UDP & TCP are also available.
  • NetFilter LOG (NFLOG/ULOG) support through ulogd2
  • CLI ElastciSearch log viewer cflog:
    • Help for cases when Kibana gets broken or not available
    • Mimics ordinary log file output
    • Supports simple queries for filtering
  • Kibana installation is provided in cfwebapp module.

Technical Support

Setup

Up to date installation instructions are available in Puppet Forge: https://forge.puppet.com/codingfuture/cflogsink

Please use librarian-puppet or cfpuppetserver module to deal with dependencies.

There is a known r10k issue RK-3 which prevents automatic dependencies of dependencies installation.

Examples

Please check codingufuture/puppet-test for example of a complete infrastructure configuration and Vagrant provisioning.

Implicitly created resources

cfnetwork::describe_services:
    # if $cflogsink::repo_proxy
    'aptproxy':
        server: "tcp/${proxy_port}"
    # if cflogsink::netsyslog
    netsyslog:
        server:
            - 'tcp/514'
            - 'udp/514'
    # if cflogsink::hdsyslog
    hdsyslog:
        server:
            - 'tcp/${port}'
            - 'udp/${port}'
cfnetwork::service_ports:
    # if cflogsink::netsyslog
    'local:netsyslog': {}
    # if cflogsink::hdsyslog
    'local:hdsyslog': {}
cfnetwork::client_ports:

Class parameters

cflogsink class

The main Hiera-friendly configuration class

  • $iface = $cfsystem::service_face - interface for server instance to listen.
  • $server = false - cflogsink::endpoint option hash or just true to enable main logsink endpoint.
  • $target = false - cflogsink::client option hash or just string with hostname of centralized log sink.
  • $tls = undef - controls if connection to target has to be secured via TLS.

cflogsink::netsyslog class

Adds local UDP & TCP syslog sockets for regular use of JVM and other services which do not support UNIX domain socket.

cflogsink::hdsyslog class

Heavy Duty syslog provided through /dev/hdlog. Sutiable for HTTP access logs and similar load. This functionality skips systemd and is designed to work in pair with cflogsink::client.

  • $tune = {} - allow rsyslog ruleset queue tuning
  • $port = 515 - port to use for UDP & TCP

cflogsink::client class

Centralized logging client setup.

  • $host = ... - auto-configured based on cflogsink::target.
  • $port = ... - auto-configured based on cflogsink::target main` endpoint.
  • $tls = ... - auto-configured based on explicit cflogsink::tls. Otherwise, checks if location mismatch between client and target.
  • $timeout = 90 - session timeout.
  • $conn_timeout = 5 - connection timeout.
  • tls_compress = .. - auto-configured.
  • $tune = {} - fine tune rsyslog:
    • queue.* - go to main_queue()
    • rest goes into action() config

cflogsink::endpoint type

Configure log sink endpoint.

  • $type = 'logstash' - type of endpoint, only logstash is supported so far.
  • $config = undef - override the default configuration template.
  • $memory_weight = 100 - memory weight for automatic distribution.
  • $memory_max = undef - max memory to use in MB.
  • $cpu_weight = 100 - CPU weight for scheduling.
  • $io_weight = 100 - IO weight for scheduling.
  • $settings_tune = {} - fine tune generated configuration.
  • $iface = $cflogsink::iface - interface to bind.
  • $port = undef - port to use for insecure connections.
  • $secure_port = undef - port to use for TLS connections.
  • $internal_port = undef - port to use for internal connections.
  • $dbaccess = undef - database acccess (e.g. Elasticsearch for Logstash).
  • $extra_clients = [] - extra list of insecure clients (for cfnetwork::ipset).
  • $extra_secure_clients = [] - extra list of secure clients (for cfnetwork::ipset).

cflog_${title} CLI tool

The tool is created per cflogsink::endpoint instance. Below is example for the default one. All output goes to less which scrolls to end by default.

It's essential in case of emergency when Kibana output is not available.

By default size limit is 10000 messages. They are counted from the newest. Amount of skipped messages can be seet with <from> argument.

Day, month and year selection can be done through index name.

Usage:

Usage: cflog_main <index> [<query> [<from> [<size>]]]
Known indexes: 'access', 'fw' and 'log'

Lookup latest logs for all hosts:

$ cflog_main log
...
2018-03-15T16:04:05.824Z        web.example.com notice  Received disconnect from 10.0.2.2 port 39233:11: disconnected by user
2018-03-15T16:04:05.824Z        web.example.com notice  Disconnected from 10.0.2.2 port 39233
2018-03-15T16:04:05.825Z        web.example.com notice  pam_unix(sshd:session): session closed for user vagrant
....
2018-03-15T16:04:13.802Z        web2.example.com        notice  Disconnected from 10.0.2.2 port 53173
2018-03-15T16:04:13.803Z        web2.example.com        notice  pam_unix(sshd:session): session closed for user vagrant
...
2018-03-15T16:04:56.815Z        puppet.example.com      notice  rexec line 25: Deprecated option RhostsRSAAuthentication
...

Lookup firewall logs for particular month and host:

$ cflog_main fw-2018.03 host:maint.example.com
... 
2018-03-15T16:10:11.397Z        maint.example.com       OUT-unknown: IN= OUT=eth1 MAC= SRC=:: DST=ff02::16 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
2018-03-15T16:10:11.397Z        maint.example.com       OUT-unknown: IN= OUT=eth1 MAC= SRC=:: DST=ff02::16 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
2018-03-15T16:10:11.397Z        maint.example.com       OUT-unknown: IN= OUT=eth1 MAC= SRC=:: DST=ff02::16 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
2018-03-15T16:10:11.397Z        maint.example.com       OUT-unknown: IN= OUT=eth1 MAC= SRC=:: DST=ff02::16 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
2018-03-15T16:10:11.397Z        maint.example.com       OUT-vagrant: IN= OUT=eth0 MAC= SRC=:: DST=ff02::16 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
2018-03-15T16:10:11.397Z        maint.example.com       OUT-vagrant: IN= OUT=eth0 MAC= SRC=:: DST=ff02::16 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICMPv6 TYPE=143 CODE=0
2018-03-15T16:10:13.125Z        maint.example.com       OUT-vagrant: IN= OUT=eth0 MAC= SRC=fe80::a00:27ff:fe8d:c04d DST=ff02::16 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=
2018-03-15T16:10:13.125Z        maint.example.com       OUT-main: IN= OUT=eth1 MAC= SRC=fe80::a00:27ff:fea8:e56a DST=ff02::16 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICM
2018-03-15T16:10:13.125Z        maint.example.com       OUT-vagrant: IN= OUT=eth0 MAC= SRC=fe80::a00:27ff:fe8d:c04d DST=ff02::16 LEN=76 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=
2018-03-15T16:10:13.125Z        maint.example.com       OUT-main: IN= OUT=eth1 MAC= SRC=fe80::a00:27ff:fea8:e56a DST=ff02::16 LEN=96 TC=0 HOPLIMIT=1 FLOWLBL=0 PROTO=ICM

Lookup access logs for particular application:

$ cflog_main access app:cfpuppetserver
...
2018-03-15T16:07:44.803Z                200     130     puppetback.example.com  GET /puppet/v3/node/db.example.com?environment=production&configured_environment=product
2018-03-15T16:07:44.941Z                200     36      puppetback.example.com  GET /puppet/v3/file_metadatas/pluginfacts?environment=production&links=follow&recurse=tr
2018-03-15T16:07:45.885Z                200     729     puppetback.example.com  GET /puppet/v3/file_metadatas/plugins?environment=production&links=follow&recurse=true&s
2018-03-15T16:07:46.175Z                200     24      puppetback.example.com  GET /puppet/v3/file_content/plugins/puppet/provider/cflogsink_endpoint/cflogsink.rb?envi
2018-03-15T16:07:46.230Z                200     24      puppetback.example.com  GET /puppet/v3/file_content/plugins/puppet/provider/cflogsink_endpoint/cflogsink.rb?envi
2018-03-15T16:07:46.357Z                200     27      puppetback.example.com  GET /puppet/v3/file_metadatas/locales?environment=production&links=follow&recurse=true&s
2018-03-15T16:08:10.808Z                200     23096   puppetback.example.com  POST /puppet/v3/catalog/db.example.com?environment=production
2018-03-15T16:08:29.039Z                200     2467    puppetback.example.com  PUT /puppet/v3/report/db.example.com?environment=production&