--- - name: Install the rsyslog ppa on ubuntu precise or later apt_repository: repo='{{ rsyslog_ppa }}' update_cache=yes when: - is_ubuntu - rsyslog_repo_install tags: [ 'rsyslog', 'logstash' ] - name: Remove the rsyslog ppa on ubuntu precise or later apt_repository: repo='{{ rsyslog_ppa }}' update_cache=yes state=absent when: - is_ubuntu - not rsyslog_repo_install tags: [ 'rsyslog', 'logstash' ] - name: Install the rsyslog repo key on debian wheezy apt_key: keyserver=keys.gnupg.net id=AEF0CF8E state=present when: - is_debian7 - rsyslog_repo_install tags: [ 'rsyslog', 'logstash' ] - name: Install the rsyslog repository on debian wheezy apt_repository: repo="{{ rsyslog_debian_repo }}" state=present update_cache=yes when: - is_debian7 - rsyslog_repo_install tags: [ 'rsyslog', 'logstash' ] - name: Remove the rsyslog repository on debian wheezy apt_repository: repo="{{ rsyslog_debian_repo }}" state=absent update_cache=yes when: - is_debian7 - not rsyslog_repo_install tags: [ 'rsyslog', 'logstash' ] - name: Add the syslog user to the adm group so it can read all the log files user: name=syslog groups=adm tags: [ 'rsyslog', 'logstash' ] - name: Upgrade rsyslog and install the elasticsearch module apt: pkg={{ item }} state={{ rsyslog_pkg_status }} update_cache=yes cache_valid_time=1800 with_items: - rsyslog - rsyslog-elasticsearch tags: [ 'rsyslog', 'logstash' ] - name: Add a rsyslog configuration to send logfiles data to a logstash collector or directly to elasticsearch template: src=rsyslog-logstash.conf.j2 dest=/etc/rsyslog.d/90-rsyslog-logstash.conf owner=root group=root mode=0444 when: - rsyslog_repo_install - rsyslog_send_to_elasticsearch notify: Restart rsyslog tags: [ 'rsyslog', 'logstash' ] - name: Remove the rsyslog configuration to send logfiles data to a logstash collector or directly to elasticsearch file: dest=/etc/rsyslog.d/90-rsyslog-logstash.conf state=absent when: not rsyslog_send_to_elasticsearch notify: Restart rsyslog tags: [ 'rsyslog', 'logstash' ]