Add rsyslog portions for further refinement
This commit is contained in:
parent
47573d1181
commit
1260f2ce54
7 changed files with 168 additions and 9 deletions
13
files/etc/logrotate.d/syslogserver
Normal file
13
files/etc/logrotate.d/syslogserver
Normal file
|
@ -0,0 +1,13 @@
|
|||
/var/log/remote/*.log
|
||||
{
|
||||
daily
|
||||
rotate 5
|
||||
missingok
|
||||
sharedscripts
|
||||
compress
|
||||
copytruncate
|
||||
minsize 100k
|
||||
postrotate
|
||||
/usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
|
||||
endscript
|
||||
}
|
|
@ -63,6 +63,11 @@
|
|||
state: restarted
|
||||
daemon_reload: true
|
||||
|
||||
- name: restart_rsyslog
|
||||
ansible.builtin.service:
|
||||
name: rsyslog
|
||||
state: restarted
|
||||
|
||||
- name: enable_crb
|
||||
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
|
||||
changed_when: "1 != 1"
|
||||
|
|
45
init-rocky-syslog-client.yml
Normal file
45
init-rocky-syslog-client.yml
Normal file
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
# This should already be taken care of in the system-config. But run this
|
||||
# manually for boxes that need it.
|
||||
- name: Setup a syslog client
|
||||
hosts: "{{ host }}"
|
||||
become: true
|
||||
vars_files:
|
||||
# Vaults required
|
||||
# vars/vaults/encpass.yml
|
||||
# vars/vaults/hostman.yml
|
||||
# vars/graylog.yml
|
||||
- vars/syslog.yml
|
||||
vars:
|
||||
syslog_type: "client"
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Setup syslog
|
||||
ansible.builtin.import_tasks: "tasks/syslog.yml"
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
ansible.builtin.file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
48
role-rocky-syslog-server.yml
Normal file
48
role-rocky-syslog-server.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
# Configure and setup graylog
|
||||
# Reccommended specs
|
||||
# CPU: 2 cores
|
||||
# Memory: 4GB
|
||||
# Storage: Yes
|
||||
- name: Install syslog server
|
||||
hosts: syslog
|
||||
become: true
|
||||
vars_files:
|
||||
# Vaults required
|
||||
# vars/vaults/encpass.yml
|
||||
# vars/vaults/hostman.yml
|
||||
# vars/graylog.yml
|
||||
- vars/syslog.yml
|
||||
vars:
|
||||
syslog_type: "server"
|
||||
|
||||
# This is to try to avoid the handler issue in pre/post tasks
|
||||
handlers:
|
||||
- import_tasks: handlers/main.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Check if ansible cannot be run here
|
||||
stat:
|
||||
path: /etc/no-ansible
|
||||
register: no_ansible
|
||||
|
||||
- name: Verify if we can run ansible
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "not no_ansible.stat.exists"
|
||||
success_msg: "We are able to run on this node"
|
||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
tasks:
|
||||
- name: Setup syslog
|
||||
ansible.builtin.import_tasks: "tasks/syslog.yml"
|
||||
|
||||
post_tasks:
|
||||
- name: Touching run file that ansible has ran here
|
||||
ansible.builtin.file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
...
|
|
@ -1,5 +1,38 @@
|
|||
---
|
||||
- name: Notice
|
||||
ansible.builtin.debug:
|
||||
msg: "Nothing to do yet"
|
||||
- name: Ensure rsyslog is installed
|
||||
ansible.builtin.package:
|
||||
name: rsyslog
|
||||
state: present
|
||||
|
||||
- name: Setup rsyslog client
|
||||
ansible.builtin.block:
|
||||
- name: Drop configuration item for syslog
|
||||
ansible.builtin.template:
|
||||
src: "etc/rsyslog.d/forwarder.conf"
|
||||
dest: "/etc/rsyslog.d/forwarder.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: restart_rsyslog
|
||||
when: syslog_type == "client"
|
||||
|
||||
- name: Setup rsyslog server
|
||||
ansible.builtin.block:
|
||||
- name: Drop configuration item for syslog
|
||||
ansible.builtin.template:
|
||||
src: "etc/rsyslog.d/receiver.conf"
|
||||
dest: "/etc/rsyslog.d/receiver.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
notify: restart_rsyslog
|
||||
|
||||
- name: Deploy logrotate file
|
||||
ansible.builtin.file:
|
||||
src: "etc/logrotate.d/syslogserver"
|
||||
dest: "/etc/logrotate.d/syslogserver"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
when: syslog_type == "server"
|
||||
...
|
||||
|
|
|
@ -1,12 +1,19 @@
|
|||
# Receive logs
|
||||
# Logs will appear as /var/log/remote/hostname.example.com-{secure,messages}.log
|
||||
module(load="imtcp")
|
||||
input(type="imtcp" port="514")
|
||||
module(load="imudp")
|
||||
input(type="imudp" port="514")
|
||||
$AllowedSender UDP, {{ allowed_rsyslog_clients|join(', ') }}
|
||||
$AllowedSender TCP, {{ allowed_rsyslog_clients|join(', ') }}
|
||||
|
||||
$template RemoteHostSyslog,"/var/log/remote/%HOSTNAME%-log
|
||||
template(name="TmplAuth" type="string" string="/var/log/remote/%FROMHOST%-secure.log")
|
||||
|
||||
$RuleSet remote
|
||||
*.* -?RemoteHostSyslog
|
||||
*.info;mail.none;authpriv.none;cron.none ?RemoteHostSyslog
|
||||
template(name="TmplMsg" type="string" string="/var/log/remote/%FROMHOST%-messages.log")
|
||||
|
||||
# Process the equivalent of /var/log/{messages,secure} on a given system
|
||||
ruleset(name="remote_1_log"){
|
||||
authpriv.* action(type="omfile" DynaFile="TmplAuth")
|
||||
*.info;mail.none;authpriv.none;cron.none action(type="omfile" DynaFile="TmplMsg")
|
||||
}
|
||||
|
||||
input(type="imtcp" port="514" ruleset="remote_1_log")
|
||||
input(type="imudp" port="514" ruleset="remote_1_log")
|
||||
|
|
8
vars/syslog.yml
Normal file
8
vars/syslog.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
# remote_rsyslog_host: set in playbook for now, please.
|
||||
allowed_rsyslog_clients:
|
||||
- "10.32.0.0/16"
|
||||
- "10.61.0.0/16"
|
||||
- "*.rockylinux.org"
|
||||
- "*.resf.org"
|
||||
...
|
Loading…
Reference in a new issue