From f8adde8376d177d148ceeb372e05c58ae28f95dd Mon Sep 17 00:00:00 2001
From: OHV-IT <dgsoft.de@googlemail.com>
Date: Tue, 24 Nov 2020 23:53:48 +0100
Subject: [PATCH] Update

---
 rsyslog/rsyslog.conf | 110 +++++++++++++++++++++++++++++++++++++++++++
 sql/table.sql        |  32 +++++++++++++
 2 files changed, 142 insertions(+)
 create mode 100644 rsyslog/rsyslog.conf
 create mode 100644 sql/table.sql

diff --git a/rsyslog/rsyslog.conf b/rsyslog/rsyslog.conf
new file mode 100644
index 0000000..9f35f84
--- /dev/null
+++ b/rsyslog/rsyslog.conf
@@ -0,0 +1,110 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+$MaxMessageSize 64k
+$ActionQueueFileName fwdRule1   # unique name prefix for spool files
+$ActionQueueMaxDiskSpace 1g    # 1gb space limit (use as much as possible)
+$ActionQueueSaveOnShutdown on   # save messages to disk on shutdown
+$ActionQueueType LinkedList    # run asynchronously
+$ActionResumeRetryCount -1 
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+$template LogFormat,"{\"PRIO\":\"%pri%\",\"TIME\":\"%$day%.%$month%.%$year% %TIMESTAMP:19:12:date-rfc3339%\",\"HOST\":\"%HOSTNAME%\",\"APP\":\"%app-name%\",\"PID\":\"%procid%\",\"MSG\":\"%msg:::json%\"}\n"
+
+
+# Demo Replace IP with your Server IP
+
+*.err;kern.warning;auth.notice;mail.crit @0.0.0.0;LogFormat
+#security.* @0.0.0.0;LogFormat
+#*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err @0.0.0.0;LogFormat
+
+
+
+
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	news.none;mail.none	-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail,news.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
diff --git a/sql/table.sql b/sql/table.sql
new file mode 100644
index 0000000..040f9ed
--- /dev/null
+++ b/sql/table.sql
@@ -0,0 +1,32 @@
+CREATE TABLE  "SYSLOG" 
+   (	"ID" NUMBER, 
+	"REMOTEIP" VARCHAR2(250), 
+	"APPNAME" VARCHAR2(50), 
+	"ZEIT" VARCHAR2(40), 
+	"HOSTNAME" VARCHAR2(250), 
+	"PID" NUMBER, 
+	"PRIORITY" NUMBER, 
+	"MESSAGE" VARCHAR2(2000), 
+	"SYSDATUM" TIMESTAMP (6), 
+	"GUID" VARCHAR2(40), 
+	 CONSTRAINT "SYSLOG_PK" PRIMARY KEY ("ID")
+  USING INDEX  ENABLE
+   )   NO INMEMORY
+/
+
+
+CREATE OR REPLACE EDITIONABLE TRIGGER  "BI_SYSLOG" 
+  before insert on "SYSLOG"               
+  for each row  
+begin 
+  if :NEW."ID" is null then 
+    select "SYSLOG_SEQ1".nextval into :NEW."ID" from sys.dual; 
+    :NEW."SYSDATUM" := systimestamp;
+  end if; 
+end; 
+
+/
+ALTER TRIGGER  "BI_SYSLOG" ENABLE
+/
+
+