mailcow-dockerized-docs/docs/firststeps-syslog.md

94 Zeilen
2,3 KiB
Markdown

2017-06-23 18:57:50 +02:00
!!! warning
You will lose the integrated fail2ban functionality when using a logging driver other than json (default).
2017-06-23 19:02:12 +02:00
!!! warning
In newer versions of mailcow: dockerized we decided to set a max. log size. You need to remove all "logging: xy" lines and options from docker-compose.yml to be able to start the stack.
Example:
2017-07-04 06:44:23 +02:00
2017-07-04 06:37:21 +02:00
```
2017-06-23 19:02:12 +02:00
logging:
options:
max-size: "5m"
```
2017-07-04 06:27:14 +02:00
!!! info
2017-06-23 19:02:12 +02:00
If you prefere the udp protocol use:
```
$ModLoad imudp
$UDPServerRun 524
```
at `rsyslog.conf` and `"syslog-address": "udp://127.0.0.1:524"` at `daemon.json`.
2017-05-23 12:39:10 +02:00
Enable Rsyslog to receive logs on 524/tcp at `rsyslog.conf`:
2017-05-06 00:22:26 +02:00
```
# This setting depends on your Rsyslog version and configuration format.
# For most Debian derivates it will work like this...
$ModLoad imtcp
$TCPServerAddress 127.0.0.1
$InputTCPServerRun 524
# ...while for Ubuntu 16.04 it looks like this:
module(load="imtcp")
input(type="imtcp" address="127.0.0.1" port="524")
# No matter your Rsyslog version, you should set this option to off
# if you plan to use Fail2ban
$RepeatedMsgReduction off
```
Restart rsyslog after enabling the TCP listener.
Now setup Docker daemon to start with the syslog driver.
This enables the syslog driver for all containers!
2017-05-23 12:39:10 +02:00
Linux users can add or change the configuration in `/etc/docker/daemon.json`. Windows users please have a look at the [docker documentation](https://docs.docker.com/engine/reference/commandline/dockerd//#windows-configuration-file) :
2017-05-06 00:22:26 +02:00
```
2017-05-23 12:39:10 +02:00
{
2017-05-06 00:22:26 +02:00
...
2017-05-23 12:39:10 +02:00
"log-driver": "syslog",
"log-opts": {
"syslog-address": "tcp://127.0.0.1:524"
}
2017-05-06 00:22:26 +02:00
...
2017-05-23 12:39:10 +02:00
}
2017-05-06 00:22:26 +02:00
```
Restart the Docker daemon and run `docker-compose down && docker-compose up -d` to recreate the containers.
2017-06-23 19:02:12 +02:00
### Fail2ban with Docker syslog logging driver
**This only applies to syslog-enabled Docker environments.**
Open `/etc/fail2ban/filter.d/common.conf` and search for the prefix_line parameter, change it to ".*":
```
__prefix_line = .*
```
Create `/etc/fail2ban/jail.d/dovecot.conf`...
```
[dovecot]
enabled = true
filter = dovecot
logpath = /var/log/syslog
chain = FORWARD
```
and `jail.d/postfix-sasl.conf`:
```
[postfix-sasl]
enabled = true
filter = postfix-sasl
logpath = /var/log/syslog
chain = FORWARD
```
Restart Fail2ban.