Manage the logging into /var/log/syslog.
This commit is contained in:
parent
c24d8af806
commit
3a9ab645f6
|
@ -36,6 +36,11 @@ rsyslog_tls_key: "{{ rsyslog_tls_certs_dir }}/cert.key"
|
||||||
|
|
||||||
rsyslog_remote_collector: '127.0.0.1'
|
rsyslog_remote_collector: '127.0.0.1'
|
||||||
|
|
||||||
|
rsyslog_disable_var_log_syslog: false
|
||||||
|
# default_rsyslog_custom_rules:
|
||||||
|
# - ':msg, contains, "icmp6_send: no reply to icmp error" ~'
|
||||||
|
# - ':msg, contains, "[PYTHON] Can\'t call the metric handler function for" ~'
|
||||||
|
|
||||||
rsyslog_firewalld_services:
|
rsyslog_firewalld_services:
|
||||||
- { service: 'syslog', state: '{{ rsyslog_enable_remote_udp }}', zone: '{{ firewalld_default_zone }}' }
|
- { service: 'syslog', state: '{{ rsyslog_enable_remote_udp }}', zone: '{{ firewalld_default_zone }}' }
|
||||||
# - { service: 'syslog-tls', state: '{{ rsyslog_tls_status }}', zone: '{{ firewalld_default_zone }}' }
|
# - { service: 'syslog-tls', state: '{{ rsyslog_tls_status }}', zone: '{{ firewalld_default_zone }}' }
|
||||||
|
@ -51,7 +56,7 @@ rsyslog_use_inotify: True
|
||||||
rsyslog_file_polling_interval: 10
|
rsyslog_file_polling_interval: 10
|
||||||
|
|
||||||
# We use logstash if the elastisearch module is not enabled
|
# We use logstash if the elastisearch module is not enabled
|
||||||
#rsys_logstash_collector_host: logstash.t.hadoop.research-infrastructures.eu
|
# rsys_logstash_collector_host: localhost
|
||||||
rsys_logstash_collector_host: logstash
|
rsys_logstash_collector_host: logstash
|
||||||
rsys_logstash_collector_port: 5544
|
rsys_logstash_collector_port: 5544
|
||||||
|
|
||||||
|
@ -72,7 +77,7 @@ rsyslog_action_resumeretrycount: -1
|
||||||
|
|
||||||
# The elasticsearch module bypasses logstash and talks directly to elasticsearch
|
# The elasticsearch module bypasses logstash and talks directly to elasticsearch
|
||||||
rsyslog_use_elasticsearch_module: True
|
rsyslog_use_elasticsearch_module: True
|
||||||
#rsys_elasticsearch_collector_host: logstash.t.hadoop.research-infrastructures.eu
|
# rsys_elasticsearch_collector_host: localhost
|
||||||
rsys_elasticsearch_collector_host: logstash
|
rsys_elasticsearch_collector_host: logstash
|
||||||
rsys_elasticsearch_collector_port: 9200
|
rsys_elasticsearch_collector_port: 9200
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
- name: Restart rsyslog
|
- name: Restart rsyslog
|
||||||
service: name=rsyslog state=restarted
|
ansible.builtin.service:
|
||||||
|
name: rsyslog
|
||||||
|
state: restarted
|
||||||
|
|
|
@ -1,13 +1,12 @@
|
||||||
galaxy_info:
|
galaxy_info:
|
||||||
author: Andrea Dell'Amico
|
author: Andrea Dell'Amico
|
||||||
description: Systems Architect
|
description: Installs rsyslog and some custom configurations
|
||||||
company: ISTI-CNR
|
company: ISTI-CNR
|
||||||
|
namespace: adellam
|
||||||
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
|
role_name: rsyslog
|
||||||
|
|
||||||
license: EUPL 1.2+
|
license: EUPL 1.2+
|
||||||
|
|
||||||
min_ansible_version: 2.8
|
min_ansible_version: "2.9"
|
||||||
|
|
||||||
# To view available platforms and versions (or releases), visit:
|
# To view available platforms and versions (or releases), visit:
|
||||||
# https://galaxy.ansible.com/api/v1/platforms/
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
@ -16,11 +15,12 @@ galaxy_info:
|
||||||
- name: Ubuntu
|
- name: Ubuntu
|
||||||
versions:
|
versions:
|
||||||
- bionic
|
- bionic
|
||||||
|
- focal
|
||||||
|
- jammy
|
||||||
- name: EL
|
- name: EL
|
||||||
versions:
|
versions:
|
||||||
- 7
|
- "7"
|
||||||
|
- "8"
|
||||||
galaxy_tags:
|
- "9"
|
||||||
- users
|
|
||||||
|
|
||||||
dependencies: []
|
dependencies: []
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
---
|
---
|
||||||
- import_tasks: rsyslog-server.yml
|
- name: Rsyslog installation
|
||||||
- import_tasks: rsyslog-logstash.yml
|
ansible.builtin.import_tasks: rsyslog-server.yml
|
||||||
|
- name: Rsyslog configuration
|
||||||
|
ansible.builtin.import_tasks: rsyslog-configuration.yml
|
||||||
|
- name: Send logs to logstash
|
||||||
|
ansible.builtin.import_tasks: rsyslog-logstash.yml
|
||||||
when: rsyslog_send_to_elasticsearch
|
when: rsyslog_send_to_elasticsearch
|
||||||
|
|
|
@ -0,0 +1,74 @@
|
||||||
|
---
|
||||||
|
- name: rsyslog-configuration | Rsyslog custom rules
|
||||||
|
tags: rsyslog
|
||||||
|
block:
|
||||||
|
- name: rsyslog-configuration | Install custom rsyslog rules
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: 10-custom_rules.conf.j2
|
||||||
|
dest: /etc/rsyslog.d/10-custom_rules.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
when: default_rsyslog_custom_rules is defined
|
||||||
|
notify: Restart rsyslog
|
||||||
|
|
||||||
|
- name: rsyslog-configuration | Configure rsyslog so that it accepts logs from remote services
|
||||||
|
when: rsyslog_enable_remote_socket
|
||||||
|
tags: ['syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf']
|
||||||
|
block:
|
||||||
|
- name: rsyslog-configuration | Install the rsyslog configuration that enables the remote socket
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: rsyslog-remote-socket.conf.j2
|
||||||
|
dest: /etc/rsyslog.d/10-rsyslog-remote-socket.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
notify: Restart rsyslog
|
||||||
|
|
||||||
|
- name: rsyslog-configuration | Install a logrotate configuration for the logs from remote
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: remote-logrotate.j2
|
||||||
|
dest: /etc/logrotate.d/rsyslog-remote
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
notify: Restart rsyslog
|
||||||
|
|
||||||
|
- name: rsyslog-configuration | Configure rsyslog to send logs to a remote collector
|
||||||
|
when: rsyslog_enable_send_to_remote
|
||||||
|
tags: ['syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf']
|
||||||
|
block:
|
||||||
|
- name: rsyslog-configuration | Install the rsyslog client configuration
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: rsyslog-send-to-remote.conf.j2
|
||||||
|
dest: /etc/rsyslog.d/10-rsyslog-send-to-remote.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0444"
|
||||||
|
notify: Restart rsyslog
|
||||||
|
|
||||||
|
- name: rsyslog-configuration | Manage the logging into /var/log/syslog
|
||||||
|
when: ansible_distribution == "Ubuntu"
|
||||||
|
tags: ['syslog', 'rsyslog', 'rsyslog_log_syslog', 'rsyslog_conf']
|
||||||
|
block:
|
||||||
|
- name: rsyslog-configuration | Disable logging into /var/log/syslog
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/rsyslog.d/50-default.conf
|
||||||
|
regexp: '^*.*;auth,authpriv.none'
|
||||||
|
line: '*.*;auth,authpriv.none -/var/log/syslog'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart rsyslog
|
||||||
|
when: rsyslog_disable_var_log_syslog
|
||||||
|
|
||||||
|
- name: rsyslog-configuration | Enable logging into /var/log/syslog
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/rsyslog.d/50-default.conf
|
||||||
|
regexp: '^# *.*;auth,authpriv.none'
|
||||||
|
line: '*.*;auth,authpriv.none -/var/log/syslog'
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
notify: Restart rsyslog
|
||||||
|
when: not rsyslog_disable_var_log_syslog
|
|
@ -103,28 +103,6 @@
|
||||||
- rsyslog_tls_status == 'enabled'
|
- rsyslog_tls_status == 'enabled'
|
||||||
tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]
|
tags: [ 'syslog', 'rsyslog', 'remote_syslog' ]
|
||||||
|
|
||||||
- name: Configure rsyslog so that it accepts logs from remote services
|
|
||||||
block:
|
|
||||||
- name: Install the rsyslog configuration that enables the remote socket
|
|
||||||
template: src=rsyslog-remote-socket.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-remote-socket.conf
|
|
||||||
notify: Restart rsyslog
|
|
||||||
|
|
||||||
- name: Install a logrotate configuration for the logs from remote
|
|
||||||
template: src=remote-logrotate.j2 dest=/etc/logrotate.d/rsyslog-remote owner=root group=root mode='0644'
|
|
||||||
|
|
||||||
when: rsyslog_enable_remote_socket
|
|
||||||
tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf' ]
|
|
||||||
|
|
||||||
- name: Configure rsyslog to send logs to a remote collector
|
|
||||||
block:
|
|
||||||
- name: Install the rsyslog client configuration
|
|
||||||
template: src=rsyslog-send-to-remote.conf.j2 dest=/etc/rsyslog.d/10-rsyslog-send-to-remote.conf
|
|
||||||
notify: Restart rsyslog
|
|
||||||
|
|
||||||
when: rsyslog_enable_send_to_remote
|
|
||||||
tags: [ 'syslog', 'rsyslog', 'remote_syslog', 'rsyslog_conf' ]
|
|
||||||
|
|
||||||
|
|
||||||
- name: Configure SELinux and firewalld on RHEL/CentOS
|
- name: Configure SELinux and firewalld on RHEL/CentOS
|
||||||
block:
|
block:
|
||||||
- name: SELinux udp port
|
- name: SELinux udp port
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
{% if default_rsyslog_custom_rules is defined %}
|
||||||
|
{% for entry in default_rsyslog_custom_rules %}
|
||||||
|
{{ entry }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue