ansible-roles/rsyslog-logstash/tasks/main.yml

---
- name: Install the rsyslog ppa on ubuntu precise or later
  apt_repository: repo='{{ rsyslog_ppa }}' update_cache=yes
  when:
    - is_ubuntu
    - rsyslog_repo_install
  tags: [ 'rsyslog', 'logstash' ]

- name: Remove the rsyslog ppa on ubuntu precise or later
  apt_repository: repo='{{ rsyslog_ppa }}' update_cache=yes state=absent
  when:
    - is_ubuntu
    - not rsyslog_repo_install
  tags: [ 'rsyslog', 'logstash' ]

- name: Install the rsyslog repo key on debian wheezy
  apt_key: keyserver=keys.gnupg.net id=AEF0CF8E state=present
  when:
    - is_debian7
    - rsyslog_repo_install
  tags: [ 'rsyslog', 'logstash' ]

- name: Install the rsyslog repository on debian wheezy
  apt_repository: repo="{{ rsyslog_debian_repo }}" state=present update_cache=yes
  when:
    - is_debian7
    - rsyslog_repo_install
  tags: [ 'rsyslog', 'logstash' ]
  
- name: Remove the rsyslog repository on debian wheezy
  apt_repository: repo="{{ rsyslog_debian_repo }}" state=absent update_cache=yes
  when:
    - is_debian7
    - not rsyslog_repo_install
  tags: [ 'rsyslog', 'logstash' ]

- name: Add the syslog user to the adm group so it can read all the log files
  user: name=syslog groups=adm
  tags: [ 'rsyslog', 'logstash' ]
  
- name: Upgrade rsyslog and install the elasticsearch module
  apt: pkg={{ item }} state={{ rsyslog_pkg_status }} update_cache=yes cache_valid_time=1800
  with_items:
    - rsyslog
    - rsyslog-elasticsearch
  tags: [ 'rsyslog', 'logstash' ]

- name: Add a rsyslog configuration to send logfiles data to a logstash collector or directly to elasticsearch
  template: src=rsyslog-logstash.conf.j2 dest=/etc/rsyslog.d/90-rsyslog-logstash.conf owner=root group=root mode=0444
  when:
    - rsyslog_repo_install
    - rsyslog_send_to_elasticsearch
  notify: Restart rsyslog
  tags: [ 'rsyslog', 'logstash' ]

- name: Remove the rsyslog configuration to send logfiles data to a logstash collector or directly to elasticsearch
  file: dest=/etc/rsyslog.d/90-rsyslog-logstash.conf state=absent
  when: not rsyslog_send_to_elasticsearch
  notify: Restart rsyslog
  tags: [ 'rsyslog', 'logstash' ]