Test VM for Sylog events to send to mozdefqa2
Categories
(Infrastructure & Operations :: Virtualization, task)
Tracking
(Not tracked)
People
(Reporter: phrozyn, Assigned: cknowles)
References
Details
(Whiteboard: [vm-create:1])
I'd like to request a VM to mimic syslog1.private.mdc1.mozilla.com for testing.
Nothing needs to be sent to this server at this time, but we'd like it to have syslog-ng and the nginx forwarding component for auditd events.
These will forward to mozdefqa2.private.mdc1.mozilla.com instead of the ES cluster.
I'm happy to work out the details if needed.
This VM shouldn't require more than 50GB disk, 2 GB memory, and a cpu as it's just for testing as we QA a migration to Elasticsearch 6 and mozdef updates to work with it.
|
Reporter | |
Comment 1•6 years ago
|
||
It should run centos 7 (just like syslog1)
|
Assignee | |
Comment 2•6 years ago
|
||
Got a name? syslog-eval1.private.mdc1.mozilla.com?
And I'm not sure what's needed if you want the puppet module for the syslog-ng applied (there's a lot in there with full config) - or are you just asking for the packages to be installed? I think you're asking for packages, as I don't think the syslog_ng module is set to be flexible about where to send things.
|
|
Reporter | |
Comment 3•6 years ago
|
||
That name works for me, and yeah just packages is fine I think, I remember you mentioning the module isn't built in a way that would facilitate this very well. This will be decom'd once our testing is done, so very temporary.
|
|
Assignee | |
Comment 4•6 years ago
|
||
OK. syslog-ng and nginx are installed, box is created, inventoried, tracked, puppetized. Did NOT add to nagios, due to temporary (if that changes, let me know, happy to help)
And I'm assuming this box will lead to changes/improvements in our config - happy to help roll that into puppet when the time comes.
You have sudoers access, and let me know if you need/desire anything else.
Description
•