---
- name: Add the syslog user to the adm group so it can read all the log files
  user: name=syslog groups=adm
  tags: [ 'rsyslog', 'logstash' ]
  
- name: Upgrade rsyslog and install the elasticsearch module
  apt: pkg={{ item }} state={{ rsyslog_pkg_status }} update_cache=yes cache_valid_time=1800
  with_items:
    - rsyslog
    - rsyslog-elasticsearch
  tags: [ 'rsyslog', 'logstash' ]

- name: Add a rsyslog configuration to send logfiles data to a logstash collector or directly to elasticsearch
  template: src=rsyslog-logstash.conf.j2 dest=/etc/rsyslog.d/90-rsyslog-logstash.conf owner=root group=root mode=0444
  when: rsyslog_send_to_elasticsearch | bool
  notify: Restart rsyslog
  tags: [ 'rsyslog', 'logstash' ]

- name: Remove the rsyslog configuration to send logfiles data to a logstash collector or directly to elasticsearch
  file: dest=/etc/rsyslog.d/90-rsyslog-logstash.conf state=absent
  when: not rsyslog_send_to_elasticsearch | bool
  notify: Restart rsyslog
  tags: [ 'rsyslog', 'logstash' ]