Added graylog and feed logs to it from vyos.
This commit is contained in:
parent
994042141d
commit
d0d4337677
4 changed files with 14 additions and 4 deletions
|
|
@ -221,9 +221,9 @@ set firewall ipv4 name local-servers rule 100 description 'Rule: accept_k8s_api'
|
|||
set firewall ipv4 name local-servers rule 100 destination port '6443'
|
||||
set firewall ipv4 name local-servers rule 100 protocol 'tcp'
|
||||
set firewall ipv4 name local-servers rule 200 action 'accept'
|
||||
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_vector_syslog'
|
||||
set firewall ipv4 name local-servers rule 200 destination group address-group 'k8s_vector_aggregator'
|
||||
set firewall ipv4 name local-servers rule 200 destination port '6001'
|
||||
set firewall ipv4 name local-servers rule 200 description 'Rule: accept_graylog_syslog'
|
||||
set firewall ipv4 name local-servers rule 200 destination group address-group 'graylog'
|
||||
set firewall ipv4 name local-servers rule 200 destination port '1514'
|
||||
set firewall ipv4 name local-servers rule 200 protocol 'tcp'
|
||||
set firewall ipv4 name local-servers rule 999 action 'drop'
|
||||
set firewall ipv4 name local-servers rule 999 description 'Rule: drop_invalid'
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ set firewall group address-group k8s_nodes address '10.1.1.41-10.1.1.46' # worke
|
|||
set firewall group address-group k8s_api address '10.5.0.2'
|
||||
set firewall group address-group k8s_ingress address '10.45.0.1' # external nginx
|
||||
set firewall group address-group k8s_ingress address '10.45.0.3' # internal nginx
|
||||
set firewall group address-group k8s_vector_aggregator address '10.45.0.2'
|
||||
set firewall group address-group graylog address '10.1.1.5'
|
||||
set firewall group address-group nas address '10.1.1.11-10.1.1.12'
|
||||
set firewall group address-group unifi_devices address '10.1.0.11'
|
||||
set firewall group address-group unifi_devices address '10.1.0.12'
|
||||
|
|
|
|||
|
|
@ -37,6 +37,10 @@ set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 name-serv
|
|||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 start '10.1.1.200'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 range 0 stop '10.1.1.254'
|
||||
|
||||
# Logging
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard ip-address '10.1.1.5'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping graybeard mac-address 'a0:42:3f:2f:a9:69'
|
||||
|
||||
# NAS
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar ip-address '10.1.1.11'
|
||||
set service dhcp-server shared-network-name SERVERS subnet 10.1.1.0/24 static-mapping elessar mac-address '00:11:32:87:f6:1d'
|
||||
|
|
|
|||
|
|
@ -19,3 +19,9 @@ set system task-scheduler task backup-config crontab-spec '30 0 * * *'
|
|||
set system task-scheduler task backup-config executable path '/config/scripts/custom-config-backup.sh'
|
||||
|
||||
set system time-zone 'America/Chicago'
|
||||
|
||||
# Syslog to graylog
|
||||
set system syslog host 10.1.1.5 facility kern level 'warning'
|
||||
set system syslog host 10.1.1.5 protocol 'udp'
|
||||
set system syslog host 10.1.1.5 port '1514'
|
||||
set system syslog host 10.1.1.5 format 'octet-counted'
|
||||
|
|
|
|||
Reference in a new issue