Default variable details¶
debops.rsyslog default variables have more extensive configuration
than simple strings or lists, here you can find documentation and examples for
The default configuration provided in the
debops.rsyslog role supports
a few different usage scenarios. To make it easier to enable them as needed,
a separate list of "capabilities" is checked by Ansible to see if specific
keywords are present; this allows for easy selection of different operation
With the empty list of capabilities, the
debops.rsyslog role should
configure a local syslog server which stores the logs in a standard set of
files located in
The different capabilities that can be enabled in the list:
- Enable support for receiving the logs over the network, via UDP or TCP
connections. By default you also need to specify the CIDR subnets or IP
addresses which are allowed through the firewall using
- Enable storage of remote logs as files in
/var/log/remote/directory. If this is not enabled, by default remote logs will be discarded due to being directed to a separate
- Enable support for TLS connections to the
rsyslogserver, both as a forwarder and as a receiver. This option depends on availability of X.509 certificates managed by debops.pki role.
- Enable log output to
rsyslogddaemon needs to run in privileged mode, or additional steps need to be taken to allow access to the
- Disable the periodic
-- MARK --messages in the logs, by default they will be emitted every hour.
- Disable storage of the
news.*logs to separate log files.
rsyslog__host_forward variables are lists used to define forwarding rules
rsyslog. Because the daemon configuration is ordered, the forward
statements should be set in a specific place in the configuration. You can of
course define your own forwarding rules instead of using these specific
variables, if you wish.
You can check the rsyslog remote forward documentation to see how to forward logs to other hosts. Each configuration entry should be specified in a separate YAML list element. Some examples:
Forward all logs over UDP to remote log server:
rsyslog__forward: - '*.* @logs.example.org'
Forward logs to different hosts over TCP:
rsyslog__forward: - 'mail.* @@mail-logs.example.org' - '*.*;mail.none @@no-mail-logs.example.org'
Forward logs over TCP with TLS encryption using default configuration:
# Enable TLS encryption rsyslog__capabilities: [ 'tls' ] # Forward logs over TLS rsyslog__forward: [ '*.* @@logs.example.org:6514' ]
rsyslog configuration is defined in YAML dictionaries. The role uses
a simple set of keys and values to allow conditional activation or deactivation
of parts of the
rsyslogd configuration. Each configuration section will be
defined in a separate file located in
/etc/rsyslog.d/ directory. List of
- Optional, boolean. If specified and
debops.rsyslogwill use the dpkg-divert command to move specified originaL configuration file out of the way before generating the configuration from a template. This parameter can be used to modify the
rsyslogdconfiguration provided by the system packages. It should only be used with the
filenameparameter, otherwise there might be unforseen consequences.
- Optional. If the
divertparemter is enabled, using this parameter you can specify the filename to divert the file to. The diversion will be confined to
/etc/rsyslog.d/directory. This can be used to change the order of the configuration files if needed.
- Optional. Full name of the file in which to store the given configuration. If
debops.rsyslogwill generate a filename based on a set of alternative parameters.
- Optional. Specify the type of the configuration a given entry defines. This
will be mapped to
rsyslog__weight_mapvariable to a "weight" number which will determine ordering of the configuration files in
- Optional. Specify custom name of the configuration file, appended to the "weight" number.
- A custom "extension" added after the dot to the generated filename; different
suffixes are included in different parts of the configuration. If not
.confwill be used by default.
- Optional. This is a list of YAML dictionaries with configuration definition
which should be included in the given file. If this option is present, some
of the known parameters on the main level are ignored, and only configuration
sectionslist will be set in the configuration file.
The parameters below can be used in the main list or in the
- Optional. A comment added at the beginning of the file.
- Required. YAML text block which contains the
- Optional. Either
absent. If undefined or
presenta given configuration file or configuration section will be present, if
absent, given configuration file or section will be removed. This parameter can be used to conditionally enable or disable parts of the configuration.
You can see many examples of the rules in
defaults/main.yml file of the