Syslog.D5E.dev (Debian 12 container)

198.18.30.100 via DHCP

apt update && apt full-upgrade -y && apt autoremove -y apt-get install curl vim gnu-which sudo locales make gnupg2 samba rsyslog yq -y locale-gen en_US.UTF-8 update-locale LANG=en_US.UTF-8 update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8

Change time zone to ‘America/Montreal’

dpkg-reconfigure tzdata

Configure Syslog

All other logging (auth, syslog, daemon, user logs, etc.) still works normally.

Disable imklog (for kernel logging), In unprivileged containers, access to /proc/kmsg is denied by design. sudo vi /etc/rsyslog.conf sudo sed -i ’s/^module(load=“imklog”)/#module(load=“imklog”)/’ /etc/rsyslog.conf sudo systemctl restart rsyslog

systemctl status vector.service journalctl -xeu vector.service

logger “syslog test from $(hostname)” tail /var/log/syslog

Log anything besides private authentication messages to a single log file

.;auth, authpriv.none -/var/1og/syslog

Log commonly used facilities to their own log file

auth, authpriv.* /var/log/auth.log cron.* -/var/log/cron.log kern.* -/var/log/kern.log mail.* -/var/log/mail.log user.* -/var/log/user.log

[vector.dev] path = /etc/vector browsable = yes read only = no guest ok = no

mkdir -p /srv/sharedFolder chown nobody:nogroup /srv/sharedFolder chmod 0775 /srv/sharedFolder chgrp users /srv/sharedFolder

vi /etc/samba/smb.conf // Samba

workgroup = D5E.dev
log file = /var/log/samba/log.%m
usershare allow guests = no [sharedDrive] path = /srv/sharedFolder browsable = yes read only = no guest ok = no

[vector-config] path = /etc/vector browsable = yes read only = no guest ok = no

[vector-log] path = /etc/vector browsable = yes read only = no guest ok = no

testparm /etc/samba/smb.conf systemctl restart smbd // or systemctl restart smbd.service

smb://syslog.d5e.dev/vector-config

adduser bhdicaire (group users) smbpasswd -a bhdicaire usermod -aG sudo bhdicaire groups bhdicaire

If you have the following error when logging in a Proxmox LXC Container -bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)

sudo sed -i ‘/^# *en_US.UTF-8 UTF-8/s/^# *//’ /etc/locale.gen sudo locale-gen sudo update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8

test with ssh bhdicaire@syslog.d5e.dev on another machine ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no myuser@198.18.30.100

create a 1Password SSH item

Name: bhdicaire@syslog.d5e.dev
Generate a private key with type Ed25519

Download public key to my local machine ~/.ssh Add the host information to ~/.ssh/config Host syslog.d5e.dev IdentityFile ~/.ssh/syslog.d5e.dev.pub IdentitiesOnly yes User bhdicaire

Copy the public ssh key via the SharedDrive or the scp command below

smb://syslog.d5e.dev/SharedDrive
scp ~/.ssh/syslog.d5e.dev.pub bhdicaire@syslog.d5e.dev /srv/sharedDrive

mkdir -p /home/bhdicaire/.ssh mv /srv/sharedDrive/syslog.d5e.dev.pub /home/bhdicaire/.ssh/authorized_keys chown -R bhdicaire:bhdicaire /home/myuser/.ssh chmod 700 /home/bhdicaire/.ssh chmod 600 /home/bhdicaire/.ssh/authorized_keys chown -R bhdicaire:bhdicaire /home/bhdicaire/.ssh

-bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) locale-gen en_US.UTF-8

https://vector.dev/docs/administration/management/#apt-dpkg-rpm-yum-pacman

https://vector.dev/docs/setup/installation/package-managers/apt/ & https://github.com/vectordotdev/vector

bash -c “$(curl -L https://setup.vector.dev)” sudo apt-get install vector sudo systemctl start vector ou sudo systemctl stop vector vector –version

sudo vector –config /etc/vector/vector.yaml sudo chgrp -R users /etc/vector/ sudo chmod -R 770 /etc/vector/

smb://syslog.d5e.dev/vector.dev

sudo vector validate /etc/vector/vector.yaml

apt list –installed

Run ‘dpkg-reconfigure tzdata’ if you wish to change it.

PVE02.D5E.dev