diff --git a/managed_setup.yml b/managed_setup.yml index f6ce74f..caa0471 100644 --- a/managed_setup.yml +++ b/managed_setup.yml @@ -36,6 +36,13 @@ - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb + - rsyslog: + user: root + group: root + service: rsyslog + configs: + - 49-shiptograylog + # prepare python for ansible pre_tasks: - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) @@ -53,6 +60,7 @@ roles: - novuso.users - user-richard + - rsyslog # - Datadog.datadog #does not support armhf architecture. should switch to fluentd or logstash tasks: diff --git a/roles/rsyslog/defaults/main.yml b/roles/rsyslog/defaults/main.yml new file mode 100644 index 0000000..4812687 --- /dev/null +++ b/roles/rsyslog/defaults/main.yml @@ -0,0 +1,8 @@ +--- +# default values + +rsyslog: + user: root + group: root + service: rsyslog + configs: [] diff --git a/roles/rsyslog/handlers/main.yml b/roles/rsyslog/handlers/main.yml new file mode 100644 index 0000000..f45cd40 --- /dev/null +++ b/roles/rsyslog/handlers/main.yml @@ -0,0 +1,9 @@ +--- +# handlers/main.yml +# define handlers here + +- name: restart rsyslog + service: name={{ rsyslog.service }} state=restarted + +- name: stop rsyslog + service: name={{ rsyslog.service }} state=stopped diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml new file mode 100644 index 0000000..ace3d7a --- /dev/null +++ b/roles/rsyslog/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# main tasks for rsyslog config + +- debug: var=rsyslog + +- name: copy custom configs + template: + src: "{{ item }}.j2" + dest: /etc/rsyslog.d/{{ item }}.conf + owner: "{{ rsyslog.user }}" + group: "{{ rsyslog.group }}" + mode: 0644 + with_items: "{{rsyslog.configs}}" + notify: + - restart rsyslog diff --git a/roles/rsyslog/templates/49-shiptograylog.j2 b/roles/rsyslog/templates/49-shiptograylog.j2 new file mode 100644 index 0000000..d8cbc1f --- /dev/null +++ b/roles/rsyslog/templates/49-shiptograylog.j2 @@ -0,0 +1 @@ +*.* @logs.xai-corp.net:514 diff --git a/roles/rsyslog/templates/50-default.conf b/roles/rsyslog/templates/50-default.conf new file mode 100644 index 0000000..db6bbf6 --- /dev/null +++ b/roles/rsyslog/templates/50-default.conf @@ -0,0 +1,68 @@ +# Default rules for rsyslog. +# +# For more information see rsyslog.conf(5) and /etc/rsyslog.conf + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +#daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +#lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +#user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +#mail.info -/var/log/mail.info +#mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Logging for INN news system. +# +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice + +# +# Some "catch-all" log files. +# +#*.=debug;\ +# auth,authpriv.none;\ +# news.none;mail.none -/var/log/debug +#*.=info;*.=notice;*.=warn;\ +# auth,authpriv.none;\ +# cron,daemon.none;\ +# mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:* + +# +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. +# +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 + +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: +# +# $ xconsole -file /dev/xconsole [...] +# +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. +# +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/xconsole