Manage the logging into /var/log/syslog.
This commit is contained in:
parent
c24d8af806
commit
3a9ab645f6
GPG Key ID:
147ABE6CEB9E20FF
|
|
@ -36,6 +36,11 @@ rsyslog_tls_key: "{{ rsyslog_tls_certs_dir }}/cert.key"
|
|||
|
||||
rsyslog_remote_collector: '127.0.0.1'
|
||||
|
||||
rsyslog_disable_var_log_syslog: false
|
||||
# default_rsyslog_custom_rules:
|
||||
# - ':msg, contains, "icmp6_send: no reply to icmp error" ~'
|
||||
# - ':msg, contains, "[PYTHON] Can\'t call the metric handler function for" ~'
|
||||
|
||||
rsyslog_firewalld_services:
|
||||
- { service: 'syslog', state: '{{ rsyslog_enable_remote_udp }}', zone: '{{ firewalld_default_zone }}' }
|
||||
# - { service: 'syslog-tls', state: '{{ rsyslog_tls_status }}', zone: '{{ firewalld_default_zone }}' }
|
||||
|
|
@ -51,7 +56,7 @@ rsyslog_use_inotify: True
|
|||
rsyslog_file_polling_interval: 10
|
||||
|
||||
# We use logstash if the elastisearch module is not enabled
|
||||
#rsys_logstash_collector_host: logstash.t.hadoop.research-infrastructures.eu
|
||||
# rsys_logstash_collector_host: localhost
|
||||
rsys_logstash_collector_host: logstash
|
||||
rsys_logstash_collector_port: 5544
|
||||
|
||||
|
|
@ -72,7 +77,7 @@ rsyslog_action_resumeretrycount: -1
|
|||
|
||||
# The elasticsearch module bypasses logstash and talks directly to elasticsearch
|
||||
rsyslog_use_elasticsearch_module: True
|
||||
#rsys_elasticsearch_collector_host: logstash.t.hadoop.research-infrastructures.eu
|
||||
# rsys_elasticsearch_collector_host: localhost
|
||||
rsys_elasticsearch_collector_host: logstash
|
||||
rsys_elasticsearch_collector_port: 9200
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: Restart rsyslog
|
||||
service: name=rsyslog state=restarted
|
||||
|
||||
|
||||
ansible.builtin.service:
|
||||
name: rsyslog
|
||||
state: restarted
|
||||
|
|
|
|||
|
|
@ -1,13 +1,12 @@
|
|||
galaxy_info:
|
||||
author: Andrea Dell'Amico
|
||||
description: Systems Architect
|
||||
description: Installs rsyslog and some custom configurations
|
||||
company: ISTI-CNR
|
||||
|
||||
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
|
||||
|
||||
namespace: adellam
|
||||
role_name: rsyslog
|
||||
license: EUPL 1.2+
|
||||
|
||||
min_ansible_version: 2.8
|
||||
min_ansible_version: "2.9"
|
||||
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
|
|
@ -16,11 +15,12 @@ galaxy_info:
|
|||
- name: Ubuntu
|
||||
versions:
|
||||
- bionic
|
||||
- focal
|
||||
- jammy
|
||||
- name: EL
|
||||
versions:
|
||||
- 7
|
||||
|
||||
galaxy_tags:
|
||||
- users
|
||||
- "7"
|
||||
- "8"
|
||||
- "9"
|
||||
|
||||
dependencies: []
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
---
|
||||
- import_tasks: rsyslog-server.yml
|
||||
- import_tasks: rsyslog-logstash.yml
|
||||
- name: Rsyslog installation
|
||||
ansible.builtin.import_tasks: rsyslog-server.yml
|
||||
- name: Rsyslog configuration
|
||||
ansible.builtin.import_tasks: rsyslog-configuration.yml
|
||||
- name: Send logs to logstash
|
||||
ansible.builtin.import_tasks: rsyslog-logstash.yml
|
||||
when: rsyslog_send_to_elasticsearch
|
||||
|
|
|
|||
|
|
@ -0,0 +1,74 @@
|
|||
---
|
||||
- name: rsyslog-configuration | Rsyslog custom rules
|
||||
tags: rsyslog
|
||||
block:
|
||||
- name: rsyslog-configuration | Install custom rsyslog rules
|
||||
ansible.builtin.template:
|
||||
src: 10-custom_rules.conf.j2
|
||||
dest: /etc/rsyslog.d/10-custom_rules.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
when: default_rsyslog_custom_rules is defined
|
||||
notify: Restart rsyslog
|
||||
|
||||
- name: rsyslog-configuration | Configure rsyslog so that it accepts logs from remote services
|
||||
when: rsyslog_enable_remote_socket
|
||||
tags: ['syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf']
|
||||
block:
|
||||
- name: rsyslog-configuration | Install the rsyslog configuration that enables the remote socket
|
||||
ansible.builtin.template:
|
||||
src: rsyslog-remote-socket.conf.j2
|
||||
dest: /etc/rsyslog.d/10-rsyslog-remote-socket.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Restart rsyslog
|
||||
|
||||
- name: rsyslog-configuration | Install a logrotate configuration for the logs from remote
|
||||
ansible.builtin.template:
|
||||
src: remote-logrotate.j2
|
||||
dest: /etc/logrotate.d/rsyslog-remote
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Restart rsyslog
|
||||
|
||||
- name: rsyslog-configuration | Configure rsyslog to send logs to a remote collector
|
||||
when: rsyslog_enable_send_to_remote
|
||||
tags: ['syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf']
|
||||
block:
|
||||
- name: rsyslog-configuration | Install the rsyslog client configuration
|
||||
ansible.builtin.template:
|
||||
src: rsyslog-send-to-remote.conf.j2
|
||||
dest: /etc/rsyslog.d/10-rsyslog-send-to-remote.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0444"
|
||||
notify: Restart rsyslog
|
||||
|
||||
- name: rsyslog-configuration | Manage the logging into /var/log/syslog
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
tags: ['syslog', 'rsyslog', 'rsyslog_log_syslog', 'rsyslog_conf']
|
||||
block:
|
||||
- name: rsyslog-configuration | Disable logging into /var/log/syslog
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/rsyslog.d/50-default.conf
|
||||
regexp: '^*.*;auth,authpriv.none'
|
||||
line: '*.*;auth,authpriv.none -/var/log/syslog'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: Restart rsyslog
|
||||
when: rsyslog_disable_var_log_syslog
|
||||
|
||||
- name: rsyslog-configuration | Enable logging into /var/log/syslog
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/rsyslog.d/50-default.conf
|
||||
regexp: '^# *.*;auth,authpriv.none'
|
||||
line: '*.*;auth,authpriv.none -/var/log/syslog'
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: Restart rsyslog
|
||||
when: not rsyslog_disable_var_log_syslog
|
||||
|
|
@ -103,28 +103,6 @@
|
|||
- rsyslog_tls_status == 'enabled'
|
||||
tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]
|
||||
|
||||
- name: Configure rsyslog so that it accepts logs from remote services
|
||||
block:
|
||||
- name: Install the rsyslog configuration that enables the remote socket
|
||||
template: src=rsyslog-remote-socket.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-remote-socket.conf
|
||||
notify: Restart rsyslog
|
||||
|
||||
- name: Install a logrotate configuration for the logs from remote
|
||||
template: src=remote-logrotate.j2 dest=/etc/logrotate.d/rsyslog-remote owner=root group=root mode='0644'
|
||||
|
||||
when: rsyslog_enable_remote_socket
|
||||
tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf' ]
|
||||
|
||||
- name: Configure rsyslog to send logs to a remote collector
|
||||
block:
|
||||
- name: Install the rsyslog client configuration
|
||||
template: src=rsyslog-send-to-remote.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-send-to-remote.conf
|
||||
notify: Restart rsyslog
|
||||
|
||||
when: rsyslog_enable_send_to_remote
|
||||
tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf' ]
|
||||
|
||||
|
||||
- name: Configure SELinux and firewalld on RHEL/CentOS
|
||||
block:
|
||||
- name: SELinux udp port
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
{% if default_rsyslog_custom_rules is defined %}
|
||||
{% for entry in default_rsyslog_custom_rules %}
|
||||
{{ entry }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
Loading…
Reference in New Issue