Monday, September 26, 2022

Handling FirewallD logs with Rsyslog

Lately I'm working on a project for work that's involving standing up Syslog servers for various sources such as Cisco FTD's, WLC's and other Linux servers. We have standardized on FirewallD and Ubuntu (cue the lols) I know, I know.. an uncommon pairing. But it works fine and while I'll admit not quite as easy to manage as UFW it's pretty solid.

Anyway, one problem I've had with FirewallD is how to handle it's own logging functions. By default it's conf file only supports the enabling or disabling of logging denied packets. Everything else seems to be split between kern.log and syslog however it seems the facility on all of them is 'kernel'. I want all of it to be sent to a specific log file, in this case /var/log/firewalld.log. 

Today I finally figured out how:


if ($programname == 'kernel') and ($msg contains "FwD ") then { Action (type="omfile" file="/var/log/firewalld") stop }


Message contains "FwD" is included because everyone one of my rich rules in FirewallD has a 'log prefix' of "FwD" then usually I tag on a bit extra like "SSH In", or "SNMP In" so my logs are easier to read.



Posted by at No comments:
Labels: , ,

Friday, May 6, 2022

Setting system DNS servers using Ansible

 So I've got a project at work that's allowing me to use more Ansible.. and I love it!  Anyway we've been using Cisco's Umbrella appliances for safe DNS services but now they are going away. So.. what to do about all the servers currently using those servers in a static fashion?

So in this situation Windows was actually a bit easier. We have three main sites and a few smaller locations that do not contain their own DNS servers. So this play associates the smaller sites subnets with the nearest main site. So after much assistance from #ansible on Libera.Chat here is what I have:


---
- name: Replacing Umbrella DNS on Windows
hosts: "{{ targets }}"
become: yes
become_method: runas
tasks:

- name: Edit Site1 DNS Settings on all network interfaces
win_dns_client:
adapter_names: '*'
ipv4_addresses:
- 10.10.16.11
- 10.10.16.12
log_path: C:\dns_log.txt
when: "(ansible_ip_addresses | ipaddr('10.10.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.25.0.0/16') | list)"

- name: Edit Site2 DNS Settings on all network interfaces
win_dns_client:
adapter_names: '*'
ipv4_addresses:
- 10.11.16.11
- 10.11.16.12
log_path: C:\dns_log.txt
when: "(ansible_ip_addresses | ipaddr('10.11.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.30.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.20.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.18.0.0/16') | list)"

- name: Edit Site3 DNS Settings on all network interfaces
win_dns_client:
adapter_names: '*'
ipv4_addresses:
- 10.13.16.11
- 10.13.16.12
log_path: C:\dns_log.txt
when: "(ansible_ip_addresses | ipaddr('10.13.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.22.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.21.0.0/16') | list)
or (ansible_ip_addresses | ipaddr('10.44.0.0/16') | list)"

Next post I'll make is handling Linux.  thanks!

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)