diff --git a/roles/rsyslog/defaults/main.yaml b/roles/rsyslog/defaults/main.yaml new file mode 100644 index 0000000..6237c78 --- /dev/null +++ b/roles/rsyslog/defaults/main.yaml @@ -0,0 +1,30 @@ +--- +rsyslog_package_name: rsyslog +rsyslog_package_state: present + +rsyslog_service_name: rsyslog +rsyslog_service_state: started +rsyslog_service_enabled: true + +rsyslog_module_imuxsock_enabled: true +rsyslog_module_immark_enabled: true +rsyslog_module_imudp_enabled: true +rsyslog_module_imtcp_enabled: true + +rsyslog_load_modules: + - name: imuxsock + - name: immark + - name: imklog + params: + permitnonkernelfacility: "on" + +rsyslog_work_directory: /var/spool/rsyslog +rsyslog_include_config: /etc/rsyslog.d/*.conf + +#rsyslog_action_file_default_template: RSYSLOG_TraditionalFileFormat +rsyslog_repeated_msg_reduction: "on" + +rsyslog_default_rules_state: file +rsyslog_default_rules: [] +rsyslog_rules: [] +rsyslog_archival_format_enabled: false diff --git a/roles/rsyslog/handlers/main.yaml b/roles/rsyslog/handlers/main.yaml new file mode 100644 index 0000000..2721577 --- /dev/null +++ b/roles/rsyslog/handlers/main.yaml @@ -0,0 +1,8 @@ +--- +- name: restart rsyslog + service: + name: "{{ rsyslog_service_name }}" + state: restarted + when: rsyslog_service_enabled + +# vim:ft=yaml.ansible: diff --git a/roles/rsyslog/tasks/archival.yaml b/roles/rsyslog/tasks/archival.yaml new file mode 100644 index 0000000..96df956 --- /dev/null +++ b/roles/rsyslog/tasks/archival.yaml @@ -0,0 +1,42 @@ +--- +- name: disable default rules + set_fact: + rsyslog_default_rules_state: absent + when: rsyslog_archival_format_enabled + +- name: check status of /var/log/syslog + stat: + path: /var/log/syslog + register: st + +- name: delete files + file: + path: "{{ item }}" + state: "{{ rsyslog_archival_format_enabled | ternary('absent', 'file') }}" + when: rsyslog_archival_format_enabled and st.stat.exists and st.stat.isreg + with_items: + - /var/log/syslog + +- name: configure archival format + template: + src: archival.conf.j2 + dest: /etc/rsyslog.d/10-archival.conf + owner: root + group: root + mode: 0644 + notify: restart rsyslog + when: rsyslog_archival_format_enabled + +- name: manage archive rules + file: + path: /etc/rsyslog.d/10-archival.conf + state: "{{ rsyslog_archival_format_enabled | ternary('file', 'absent') }}" + +- name: compress log cron job + cron: + name: compress syslog + minute: "0" + hour: "1" + user: root + job: find /var/log/syslog/ -type f ! -name "*$(date +%Y%m%d)*.log" -name "*.log" -exec xz {} \; + state: "{{ rsyslog_archival_format_enabled | ternary('present', 'absent') }}" diff --git a/roles/rsyslog/tasks/main.yaml b/roles/rsyslog/tasks/main.yaml new file mode 100644 index 0000000..f2d9602 --- /dev/null +++ b/roles/rsyslog/tasks/main.yaml @@ -0,0 +1,44 @@ +- name: gather OS specific variables + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml" + - "{{ ansible_distribution }}.yaml" + - "{{ ansible_os_family }}.yaml" + +- name: install package + package: + name: "{{ rsyslog_package_name }}" + state: "{{ rsyslog_package_state }}" + +- name: configure + template: + src: rsyslog.conf.j2 + dest: /etc/rsyslog.conf + owner: root + group: root + mode: 0644 + notify: restart rsyslog + +- name: configure archival format + include: archival.yaml + +- name: configure default rules + template: + src: default.conf.j2 + dest: /etc/rsyslog.d/50-default.conf + owner: root + group: root + mode: 0644 + notify: restart rsyslog + when: rsyslog_default_rules_state == "file" + +- name: manage default rules + file: + path: /etc/rsyslog.d/50-default.conf + state: "{{ rsyslog_default_rules_state }}" + +- name: manage service + service: + name: "{{ rsyslog_service_name }}" + state: "{{ rsyslog_service_state }}" + enabled: "{{ rsyslog_service_enabled }}" diff --git a/roles/rsyslog/templates/archival.conf.j2 b/roles/rsyslog/templates/archival.conf.j2 new file mode 100644 index 0000000..558567c --- /dev/null +++ b/roles/rsyslog/templates/archival.conf.j2 @@ -0,0 +1,27 @@ +# {{ ansible_managed }} + +template( + name="FilePerDay" + type="list" +) { + constant(value="/var/log/syslog/") + property(name="hostname") + constant(value="/") + property(name="syslogfacility-text") + constant(value="/") + property(name="timereported" dateformat="year") + property(name="timereported" dateformat="month") + constant(value="/") + property(name="timereported" dateformat="year") + property(name="timereported" dateformat="month") + property(name="timereported" dateformat="day") + constant(value="-") + property(name="syslogfacility-text") + constant(value=".log") +} + +*.* action( + type="omfile" + dynafile="FilePerDay" + template="RSYSLOG_FileFormat" +) diff --git a/roles/rsyslog/templates/default.conf.j2 b/roles/rsyslog/templates/default.conf.j2 new file mode 100644 index 0000000..b245a18 --- /dev/null +++ b/roles/rsyslog/templates/default.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for rule in rsyslog_default_rules %} +{{ rule }} +{% endfor %} diff --git a/roles/rsyslog/templates/rsyslog.conf.j2 b/roles/rsyslog/templates/rsyslog.conf.j2 new file mode 100644 index 0000000..599688a --- /dev/null +++ b/roles/rsyslog/templates/rsyslog.conf.j2 @@ -0,0 +1,47 @@ +# {{ ansible_managed }} + +{% for module in rsyslog_load_modules | default([]) %} +{% if module.enabled | default(true) %} +module( + load="{{ module.name }}" +{% if module.params is defined and module.params is mapping %} +{% for k, v in module.params.items() | default({}) %} + {{ k }}="{{ v }}" +{% endfor %} +{% endif %} +) +{% endif %} +{% endfor %} + +{% if rsyslog_action_file_default_template is defined %} +$ActionFileDefaultTemplate {{ rsyslog_action_file_default_template }} +{% endif %} + +{% if rsyslog_repeated_msg_reduction is defined %} +$RepeatedMsgReduction {{ rsyslog_repeated_msg_reduction }} +{% endif %} + +{% if rsyslog_file_owner is defined %} +$FileOwner {{ rsyslog_file_owner }} +{% endif %} +{% if rsyslog_file_group is defined %} +$FileGroup {{ rsyslog_file_group }} +{% endif %} +{% if rsyslog_file_create_mode is defined %} +$FileCreateMode {{ rsyslog_file_create_mode }} +{% endif %} +{% if rsyslog_dir_create_mode is defined %} +$DirCreateMode {{ rsyslog_dir_create_mode }} +{% endif %} +{% if rsyslog_umask is defined %} +$Umask {{ rsyslog_umask }} +{% endif %} +{% if rsyslog_priv_drop_to_user is defined %} +$PrivDropToUser {{ rsyslog_priv_drop_to_user }} +{% endif %} +{% if rsyslog_priv_drop_to_group is defined %} +$PrivDropToGroup {{ rsyslog_priv_drop_to_group }} +{% endif %} + +$WorkDirectory {{ rsyslog_work_directory }} +$IncludeConfig {{ rsyslog_include_config }} diff --git a/roles/rsyslog/templates/rules.conf.j2 b/roles/rsyslog/templates/rules.conf.j2 new file mode 100644 index 0000000..3e17dd5 --- /dev/null +++ b/roles/rsyslog/templates/rules.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for rule in rsyslog_rules %} +{{ rule }} +{% endfor %} diff --git a/roles/rsyslog/vars/Debian.yaml b/roles/rsyslog/vars/Debian.yaml new file mode 100644 index 0000000..d1aa04b --- /dev/null +++ b/roles/rsyslog/vars/Debian.yaml @@ -0,0 +1,16 @@ +--- +rsyslog_file_owner: syslog +rsyslog_file_group: adm +rsyslog_file_create_mode: "0644" +rsyslog_dir_create_mode: "0755" +rsyslog_umask: "0022" +rsyslog_priv_drop_to_user: syslog +rsyslog_priv_drop_to_group: syslog + +rsyslog_default_rules: + - "auth,authpriv.* /var/log/auth.log" + - "*.*;auth,authpriv.none -/var/log/syslog" + - "kern.* -/var/log/kern.log" + - "mail.* -/var/log/mail.log" + - "mail.err /var/log/mail.err" + - "*.emerg :omusrmsg:*"