debops.rsyslog default variables¶
Sections
General configuration¶
-
rsyslog__enabled¶
Enable or disable rsyslog management.
rsyslog__enabled: True
-
rsyslog__capabilities¶
List of different capabilities to configure. See rsyslog__capabilities for more details.
rsyslog__capabilities: []
-
rsyslog__unprivileged¶
Enable or disable unprivileged rsyslogd operation. Warning, enabling this
option requires additional configuration outside of the debops.rsyslog
role. See Unprivileged syslog and encrypted connections for more details.
rsyslog__unprivileged: '{{ "True"
if (ansible_distribution in [ "Ubuntu" ])
else "False" }}'
-
rsyslog__message_reduction¶
Enable or disable message reduction. This is disabled by default so that log parsers like fail2ban can work correctly.
rsyslog__message_reduction: False
APT packages¶
-
rsyslog__base_packages¶
List of default APT packages to install.
rsyslog__base_packages: [ 'rsyslog' ]
-
rsyslog__tls_packages¶
List of APT packages required for TLS support.
rsyslog__tls_packages: [ 'rsyslog-gnutls', 'ca-certificates' ]
-
rsyslog__packages¶
List of additional APT packages to install.
rsyslog__packages: []
User, group, home, file ownership¶
-
rsyslog__user¶
The unprivileged system user account used by the rsyslogd daemon, when
unprivileged operation is enabled.
rsyslog__user: '{{ "syslog" if rsyslog__unprivileged|bool else "root" }}'
-
rsyslog__group¶
The unprivileged system group account used by the rsyslogd daemon, when
unprivileged operation is enabled.
rsyslog__group: '{{ "syslog" if rsyslog__unprivileged|bool else "root" }}'
-
rsyslog__append_groups¶
List of additional UNIX groups to add the rsyslog user into. The
ssl-cert UNIX group is used for the X.509 private key access.
rsyslog__append_groups: '{{ ["ssl-cert"] if (rsyslog__unprivileged|bool
and rsyslog__pki|bool) else [] }}'
-
rsyslog__home¶
The home directory of the rsyslog__user user, dependent on the OS
defaults. Takes effect only when the unprivileged mode is enabled.
rsyslog__home: '{{ "/home/syslog"
if (ansible_distribution in [ "Ubuntu" ])
else "/var/log" }}'
-
rsyslog__file_owner¶
The account which will be set as the owner of the log files generated by
rsyslogd. When an unprivileged mode is enabled, it should be the same as
the rsyslogd user account.
rsyslog__file_owner: '{{ rsyslog__user }}'
-
rsyslog__file_group¶
The system group which will be set as the default group of the log files
generated by rsyslogd.
rsyslog__file_group: 'adm'
-
rsyslog__default_logfiles¶
List of default logfiles managed by debops.rsyslog role. This list is
used in the debops.logrotate configuration to create log rotation, as
well as to change the file owner/group when unprivileged operation is
enabled.
rsyslog__default_logfiles:
- '/var/log/syslog'
- '/var/log/kern.log'
- '/var/log/auth.log'
- '/var/log/user.log'
- '/var/log/daemon.log'
- '/var/log/messages'
- '/var/log/mail.log'
- '/var/log/mail.info'
- '/var/log/mail.warn'
- '/var/log/mail.err'
- '/var/log/cron.log'
- '/var/log/lpr.log'
- '/var/log/debug'
- '/var/log/messages'
Encrypted communication¶
-
rsyslog__pki¶
Enable or disable support for X.509 certificates managed by debops.pki role, used for TLS connections.
rsyslog__pki: '{{ True
if (ansible_local|d() and ansible_local.pki|d() and
ansible_local.pki.enabled|bool)
else False }}'
-
rsyslog__pki_path¶
Path to the directory with PKI realms.
rsyslog__pki_path: '{{ ansible_local.pki.path
if (ansible_local|d() and ansible_local.pki|d() and
ansible_local.pki.path|d())
else "/etc/pki" }}'
-
rsyslog__pki_realm¶
Name of the PKi realm to use with rsyslogd.
rsyslog__pki_realm: '{{ ansible_local.pki.realm
if (ansible_local|d() and ansible_local.pki|d() and
ansible_local.pki.realm|d())
else "domain" }}'
-
rsyslog__pki_ca¶
Name of the root CA certificate used by the debops.rsyslog role.
rsyslog__pki_ca: '{{ ansible_local.pki.ca
if (ansible_local|d() and ansible_local.pki|d() and
ansible_local.pki.ca|d())
else "CA.crt" }}'
-
rsyslog__pki_crt¶
Name of the client certificate file used by the debops.rsyslog role.
rsyslog__pki_crt: '{{ ansible_local.pki.crt
if (ansible_local|d() and ansible_local.pki|d() and
ansible_local.pki.crt|d())
else "default.crt" }}'
-
rsyslog__pki_key¶
Name of the private key file used by the debops.rsyslog role.
rsyslog__pki_key: '{{ ansible_local.pki.key
if (ansible_local|d() and ansible_local.pki|d() and
ansible_local.pki.key|d())
else "default.key" }}'
-
rsyslog__default_netstream_driver¶
Specify the default netstrap driver used by the imtcp module. The
gtls will be enabled by default if the support for PKI is enabled,
otherwise ptcp will be used.
rsyslog__default_netstream_driver: '{{ "gtls"
if (rsyslog__pki|bool and
"tls" in rsyslog__capabilities)
else "ptcp" }}'
-
rsyslog__default_driver_authmode¶
Specify the default network driver authetication mode. Actualy only x509/name or anon are available:
rsyslog__default_driver_authmode: "x509/name"
-
rsyslog__send_over_tls¶
This configuration is added to the forward options when tls capability is
enabled. It's used to configure TLS options.
rsyslog__send_over_tls: |-
$ActionSendStreamDriver gtls
$ActionSendStreamDriverAuthMode {{ rsyslog__default_driver_authmode }}
{% if rsyslog__default_driver_authmode != "anon" %}
{% if rsyslog__send_permitted_peers is string %}
$ActionSendStreamDriverPermittedPeer {{ rsyslog__send_permitted_peers }}
{% else %}
{% for peer in rsyslog__send_permitted_peers %}
$ActionSendStreamDriverPermittedPeer {{ peer }}
{% endfor %}
{% endif %}
{% endif %}
$ActionSendStreamDriverMode 1
-
rsyslog__send_over_tls_only¶
Specify if you want only TLS communications.
rsyslog__send_over_tls_only: False
-
rsyslog__domain¶
The default DNS domain used to accept remote incoming logs from remote hosts.
rsyslog__domain: '{{ ansible_domain }}'
-
rsyslog__permitted_peers¶
List of hostnames, IP addresses or wildcard DNS domains which will be allowed
by the rsyslogd server to connect and send logs over TLS.
rsyslog__permitted_peers: [ '*.{{ rsyslog__domain }}' ]
-
rsyslog__send_permitted_peers¶
List of hostnames, IP addresses or wildcard DNS domains which will be
verified by the rsyslogd client and will allow to send logs to the remote
server over TLS.
rsyslog__send_permitted_peers: '{{ rsyslog__permitted_peers }}'
Firewall, UDP, TCP ports¶
-
rsyslog__udp_port¶
The incoming UDP port used for remote logging.
rsyslog__udp_port: '514'
-
rsyslog__tcp_port¶
The incoming TCP port used for remote logging.
rsyslog__tcp_port: '514'
-
rsyslog__tcp_tls_port¶
The incoming TCP TLS port used for remote logging.
rsyslog__tcp_tls_port: '6514'
-
rsyslog__allow¶
List of IP addresses or CIDR subnets which should be allowed to connect to
rsyslogd ports by the firewall. This variable should be used for all
hosts in the inventory.
rsyslog__allow: []
-
rsyslog__group_allow¶
List of IP addresses or CIDR subnets which should be allowed to connect to
rsyslogd ports by the firewall. This variable should be used for specific
group of hosts in the inventory.
rsyslog__group_allow: []
-
rsyslog__host_allow¶
List of IP addresses or CIDR subnets which should be allowed to connect to
rsyslogd ports by the firewall. This variable should be used for specific
hosts in the inventory.
rsyslog__host_allow: []
Log forwarding¶
-
rsyslog__forward¶
List of rsyslogd options that configure log forwarding for all hosts in
the inventory. See rsyslog__forward for more details.
rsyslog__forward: []
-
rsyslog__group_forward¶
List of rsyslogd options that configure log forwarding for hosts in
a specific group. See rsyslog__forward for more details.
rsyslog__group_forward: []
-
rsyslog__host_forward¶
List of rsyslogd options that configure log forwarding for specific hosts
in Ansible inventory. See rsyslog__forward for more details.
rsyslog__host_forward: []
Rsyslog configuration rules¶
-
rsyslog__weight_map¶
This is a dictionary map of different configuration "types" corresponding to
numbers used to sort configuration files in /etc/rsyslog.d/ directory
(configuration order is important). You can specify a type in the
configuration by using the item.type parameter.
If you change the default weight map values, you will most likely need to
remove all files from /etc/rsyslog.d/ to reset the configuration.
See rsyslog__rules for more details.
rsyslog__weight_map:
'global': '05'
'globals': '05'
'module': '10'
'modules': '10'
'template': '20'
'templates': '20'
'output': '30'
'outputs': '30'
'service': '30'
'services': '30'
'rule': '50'
'rules': '50'
'ruleset': '50'
'rulesets': '50'
'input': '90'
'inputs': '90'
-
rsyslog__rules¶
List of YAML dictionaries, each dictionary should contain rsyslogd
configuration in a special format. See rsyslog__rules for more
details. This list should be used for configuration of all hosts in the
inventory.
rsyslog__rules: []
-
rsyslog__group_rules¶
List of YAML dictionaries, each dictionary should contain rsyslogd
configuration in a special format. See rsyslog__rules for more
details. This list should be used for configuration of a group of hosts in
the inventory.
rsyslog__group_rules: []
-
rsyslog__host_rules¶
List of YAML dictionaries, each dictionary should contain rsyslogd
configuration in a special format. See rsyslog__rules for more
details. This list should be used for configuration of specific hosts in the
inventory.
rsyslog__host_rules: []
-
rsyslog__dependent_rules¶
List of YAML dictionaries, each dictionary should contain rsyslogd
configuration in a special format. See rsyslog__rules for more
details. This list should be used for configuration by other Ansible roles.
rsyslog__dependent_rules: []
-
rsyslog__default_rules¶
List of YAML dictionaries, each dictionary should contain rsyslogd
configuration in a special format. See rsyslog__rules for more
details. This lis specifies default rsyslogd configuration enabled in the
role.
rsyslog__default_rules:
- '{{ rsyslog__conf_global_options }}'
- '{{ rsyslog__conf_local_modules }}'
- '{{ rsyslog__conf_network_modules }}'
- '{{ rsyslog__conf_common_defaults }}'
- '{{ rsyslog__conf_divert_ubuntu }}'
- '{{ rsyslog__conf_filename_templates }}'
- '{{ rsyslog__conf_remote_forward }}'
- '{{ rsyslog__conf_default_rulesets }}'
- '{{ rsyslog__conf_system_rules }}'
- '{{ rsyslog__conf_system_cron }}'
- '{{ rsyslog__conf_network_input }}'
- '{{ rsyslog__conf_dynamic_logs }}'
- '{{ rsyslog__conf_stop_remote }}'
Default configuration options¶
-
rsyslog__conf_global_options¶
Some of the global rsyslogd configuration options. See
http://www.rsyslog.com/doc/v8-stable/rainerscript/global.html for more
details.
rsyslog__conf_global_options:
- filename: '00-global.conf'
comment: 'Global options'
options: |-
global(
defaultNetstreamDriver="{{ rsyslog__default_netstream_driver }}"
{% if rsyslog__pki|bool and "tls" in rsyslog__capabilities %}
defaultNetstreamDriverCAFile="{{ rsyslog__pki_path + '/' + rsyslog__pki_realm + '/' + rsyslog__pki_ca }}"
{% if rsyslog__default_driver_authmode != "anon" or "network" in rsyslog__capabilities %}
defaultNetstreamDriverCertFile="{{ rsyslog__pki_path + '/' + rsyslog__pki_realm + '/' + rsyslog__pki_crt }}"
defaultNetstreamDriverKeyFile="{{ rsyslog__pki_path + '/' + rsyslog__pki_realm + '/' + rsyslog__pki_key }}"
{% endif %}
{% endif %}
)
-
rsyslog__conf_local_modules¶
List of rsyslogd modules that enable logs from the local system to be
received and parsed by the rsyslogd daemon.
rsyslog__conf_local_modules:
- name: 'local-modules'
type: 'modules'
sections:
- comment: 'Log messages sent to local UNIX socket'
options: '$ModLoad imuxsock'
- comment: 'Log kernel messages'
options: |-
$ModLoad imklog
$KLogPermitNonKernelFacility on
state: '{{ "present"
if (ansible_local|d() and ansible_local.cap12s|d() and
(not ansible_local.cap12s.enabled|bool or
"cap_sys_admin" in ansible_local.cap12s.list))
else "absent" }}'
- comment: 'Log periodic -- MARK -- messages'
options: |-
$ModLoad immark
$MarkMessagePeriod {{ (60 * 60) }}
state: '{{ "absent"
if ("!mark" in rsyslog__capabilities)
else "present" }}'
-
rsyslog__conf_network_modules¶
List of rsyslogd modules that receive logs from remote systems over the
network. They are enabled by the network capability.
rsyslog__conf_network_modules:
- name: 'network-modules'
type: 'modules'
state: '{{ "present"
if ("network" in rsyslog__capabilities)
else "absent" }}'
sections:
- comment: 'Enable UDP support'
options: |-
module(load="imudp")
- comment: 'Enable TCP support'
options: |-
module(load="imptcp")
- comment: 'Enable GnuTLS TCP support'
options: |-
module(
load="imtcp"
streamDriver.name="gtls"
streamDriver.mode="1"
streamDriver.authMode="{{ rsyslog__default_driver_authmode }}"
{% if rsyslog__default_driver_authmode != "anon" %}
{% if rsyslog__permitted_peers is string %}
permittedPeer="{{ rsyslog__permitted_peers }}"
{% else %}
permittedPeer=["{{ rsyslog__permitted_peers | join('","') }}"]
{% endif %}
{% endif %}
)
state: '{{ "present"
if ("tls" in rsyslog__capabilities)
else "absent" }}'
-
rsyslog__conf_network_input¶
Configuration of UDP, TCP and TCP over TLS inputs to receive logs from remote
hosts, enabled by the network capability.
rsyslog__conf_network_input:
- name: 'network-input'
type: 'input'
state: '{{ "present"
if ("network" in rsyslog__capabilities)
else "absent" }}'
sections:
- comment: 'Log messages from remote hosts over UDP'
options: |-
input(
type="imudp"
port="{{ rsyslog__udp_port }}"
ruleset="remote"
)
state: '{{ "present"
if (not rsyslog__send_over_tls_only|bool)
else "absent" }}'
- comment: 'Log messages from remote hosts over TCP'
options: |-
input(
type="imptcp"
port="{{ rsyslog__tcp_port }}"
ruleset="remote"
)
state: '{{ "present"
if (not rsyslog__send_over_tls_only|bool)
else "absent" }}'
- comment: 'Log messages from remote hosts over TLS'
options: |-
input(
type="imtcp"
name="imtls"
port="{{ rsyslog__tcp_tls_port }}"
ruleset="remote"
)
state: '{{ "present"
if ("tls" in rsyslog__capabilities)
else "absent" }}'
-
rsyslog__conf_common_defaults¶
List of common rsyslogd configuration, like new file owner/group and
permissions, work directory, configuration of message reduction.
rsyslog__conf_common_defaults:
- name: 'common-defaults'
type: 'global'
sections:
- comment: 'Set default permissions for all log files'
options: |-
$FileOwner {{ rsyslog__file_owner }}
$FileGroup {{ rsyslog__file_group }}
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
{% if rsyslog__unprivileged|bool %}
$PrivDropToUser {{ rsyslog__user }}
$PrivDropToGroup {{ rsyslog__group }}
{% endif %}
- comment: 'Where to place spool and state files'
options: |-
$WorkDirectory /var/spool/rsyslog
- comment: 'Log every message'
options: |-
$RepeatedMsgReduction {{ "on" if rsyslog__message_reduction|bool else "off" }}
-
rsyslog__conf_divert_ubuntu¶
Divert the default rsyslogd configuration provided in Ubuntu systems so
that the role can write its own version.
rsyslog__conf_divert_ubuntu:
- filename: '20-ufw.conf'
divert: True
divert_to: '65-ufw.system'
state: '{{ "present"
if (ansible_distribution in [ "Ubuntu" ])
else "absent" }}'
- filename: '50-default.conf'
divert: True
state: '{{ "present"
if (ansible_distribution in [ "Ubuntu" ])
else "absent" }}'
-
rsyslog__conf_filename_templates¶
List of rsyslogd templates which are used to generate dynamic filenames
for remote logs, based on hostnames. You can add additional template
configuration by writing it in the /etc/rsyslog.d/*.template files, they
will be included by the main configuration.
rsyslog__conf_filename_templates:
- name: 'templates'
type: 'template'
sections:
- comment: 'Remote host system logs'
options: |-
template(
name="RemoteHostSyslog"
type="string"
string="/var/log/remote/hosts/%HOSTNAME%/syslog"
)
- comment: 'Remote host auth logs'
options: |-
template(
name="RemoteHostAuthLog"
type="string"
string="/var/log/remote/hosts/%HOSTNAME%/auth.log"
)
- comment: 'Remote host cron logs'
options: |-
template(
name="RemoteHostCronLog"
type="string"
string="/var/log/remote/hosts/%HOSTNAME%/cron.log"
)
- comment: 'Remote service auth logs'
options: |-
template(
name="RemoteServiceAuthLog"
type="string"
string="/var/log/remote/services/auth/auth.log"
)
- comment: 'Remote service cron logs'
options: |-
template(
name="RemoteServiceCronLog"
type="string"
string="/var/log/remote/services/cron/cron.log"
)
- comment: 'Remote service mail logs'
options: |-
template(
name="RemoteServiceMailLog"
type="string"
string="/var/log/remote/services/mail/mail.log"
)
- comment: 'Include custom templates'
options: |-
$IncludeConfig /etc/rsyslog.d/*.template
- comment: 'Use traditional timestamp format'
options: |-
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
rsyslog__conf_additional_templates¶
List of additional rsyslogd templates which are used for remote logs.
See rsyslog__conf_additional_templates
rsyslog__conf_additional_templates: []
-
rsyslog__conf_remote_forward¶
Enable log forwardin to another rsyslogd instance if it's enabled in
rsyslog__forward variables. See rsyslog__forward for more details.
rsyslog__conf_remote_forward:
- filename: '20-remote-forward.system'
state: '{{ "present"
if (rsyslog__forward|d() or rsyslog__group_forward|d() or rsyslog__host_forward|d())
else "absent" }}'
sections:
- comment: 'Forward logs over TLS by default'
options: '{{ rsyslog__send_over_tls }}'
state: '{{ "present"
if (rsyslog__pki|bool and
"tls" in rsyslog__capabilities)
else "absent" }}'
- comment: 'Forward logs to specified hosts'
options: |-
{% for element in (rsyslog__forward + rsyslog__group_forward + rsyslog__host_forward) %}
{{ element }}
{% endfor %}
-
rsyslog__conf_default_rulesets¶
The rsyslogd configuration can contain multiple rulesets, each one
connected to an input channel (see
http://www.rsyslog.com/doc/v8-stable/concepts/multi_ruleset.html for more
details).
By default debops.rsyslog use the default ruleset for local
system logs, and defines a separate remote ruleset for logs incoming over
the network from remote hosts. The local log rules are stored in
/etc/rsyslog.d/*.system configuration files, and remote log rules are
stored in /etc/rsyslog.d/*.remote configuration files.
rsyslog__conf_default_rulesets:
- name: 'default-rulesets'
type: 'rules'
sections:
- comment: 'Rules for the local system logs'
options: |-
$IncludeConfig /etc/rsyslog.d/*.system
- comment: 'Rules for logs incoming from remote hosts'
options: |-
ruleset(name="remote") {
$IncludeConfig /etc/rsyslog.d/*.remote
}
-
rsyslog__conf_system_rules¶
A set of default rsyslog options which store local system logs in files
located in /var/log/ directory. This is mostly the same as the default
rsyslogd configuration provided in Debian/Ubuntu installations.
rsyslog__conf_system_rules:
- filename: '50-default.system'
sections:
- comment: 'Standard log files, split by facility'
options: |-
auth,authpriv.* /var/log/auth.log
*.*;cron,auth,authpriv.none -/var/log/syslog
cron.* -/var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
- comment: 'Copy of the local log files to complete remote logs'
options: |-
auth,authpriv.* ?RemoteHostAuthLog
auth,authpriv.* ?RemoteServiceAuthLog
*.*;cron,auth,authpriv.none -?RemoteHostSyslog
cron.* -?RemoteHostCronLog
cron.* -?RemoteServiceCronLog
mail.* -?RemoteServiceMailLog
state: '{{ "present"
if ("remote-files" in rsyslog__capabilities)
else "absent" }}'
- comment: |-
Logging for the mail system. Split it up so that
it is easy to write scripts to parse these files
options: |-
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
- comment: 'Logging for INN news system'
options: |-
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
state: '{{ "absent"
if ("!news" in rsyslog__capabilities)
else "present" }}'
- comment: 'Some "catch-all" log files'
options: |-
*.=debug;\
auth,authpriv.none;\
mail,news.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
- comment: 'Emergencies are sent to everybody logged in'
options: |-
*.emerg :omusrmsg:*
- comment: 'Send selected logs to xconsole'
options: |-
daemon.*;mail.*;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
state: '{{ "present"
if ("xconsole" in rsyslog__capabilities)
else "absent" }}'
-
rsyslog__conf_dynamic_logs¶
List of rsyslogd rules which maintain dynamic log files in
/var/log/remote/ directory. These log files will store logs incoming from
other, remote hosts.
rsyslog__conf_dynamic_logs:
- filename: '40-dynamic-cron.remote'
options: |
if ($msg contains "pam_unix(cron:session): session opened for user") then {
action(type="omfile" DynaFile="RemoteHostCronLog")
action(type="omfile" DynaFile="RemoteServiceCronLog")
stop
} else if ($msg contains "pam_unix(cron:session): session closed for user") then {
action(type="omfile" DynaFile="RemoteHostCronLog")
action(type="omfile" DynaFile="RemoteServiceCronLog")
stop
}
state: '{{ "present"
if ("remote-files" in rsyslog__capabilities)
else "absent" }}'
- filename: '50-dynamic-logs.remote'
comment: 'Store remote logs in separate logfiles'
options: |-
auth,authpriv.* ?RemoteHostAuthLog
auth,authpriv.* ?RemoteServiceAuthLog
*.*;cron,auth,authpriv.none -?RemoteHostSyslog
cron.* -?RemoteHostCronLog
cron.* -?RemoteServiceCronLog
mail.* -?RemoteServiceMailLog
state: '{{ "present"
if ("remote-files" in rsyslog__capabilities)
else "absent" }}'
-
rsyslog__conf_stop_remote¶
The older rsyslogd versions do not support empty rulesets. This
configuration file is used to allow empty remote ruleset when remote log
support is disabled, and should be included in the configuration at the very
end.
rsyslog__conf_stop_remote:
- filename: 'zz-stop.remote'
comment: |-
This is a workaround to support empty "remote" ruleset on
older versions of rsyslog package.
http://comments.gmane.org/gmane.comp.sysutils.rsyslog/15616
options: |-
stop
-
rsyslog__conf_system_cron¶
Configuration for system cron logs. This will ensure that cron logs
will be stored in separate /var/log/cron.log file and won't clutter auth
or syslog logs.
rsyslog__conf_system_cron:
filename: '40-cron.system'
options: |
if ($msg contains "pam_unix(cron:session): session opened for user") then {
action(type="omfile" file="/var/log/cron.log")
{% if 'remote-files' in rsyslog__capabilities %}
action(type="omfile" DynaFile="RemoteHostCronLog")
action(type="omfile" DynaFile="RemoteServiceCronLog")
{% endif %}
stop
} else if ($msg contains "pam_unix(cron:session): session closed for user") then {
action(type="omfile" file="/var/log/cron.log")
{% if 'remote-files' in rsyslog__capabilities %}
action(type="omfile" DynaFile="RemoteHostCronLog")
action(type="omfile" DynaFile="RemoteServiceCronLog")
{% endif %}
stop
}
Log rotation¶
-
rsyslog__rotation_period_system¶
How often to rotate local system logs
rsyslog__rotation_period_system: 'weekly'
-
rsyslog__rotation_count_system¶
How many old logfiles to keep for local system logs.
rsyslog__rotation_count_system: '8'
-
rsyslog__rotation_period_remote¶
How often to rotate remote logs.
rsyslog__rotation_period_remote: 'monthly'
-
rsyslog__rotation_count_remote¶
How many old logfiles to keep for remote logs.
rsyslog__rotation_count_remote: '12'
Configuration for other Ansible roles¶
-
rsyslog__etc_services__dependent_list¶
Configuration for debops.etc_services Ansible role.
rsyslog__etc_services__dependent_list:
- name: 'syslog-tls'
port: '{{ rsyslog__tcp_tls_port }}'
protocol: [ 'tcp' ]
comment: 'Syslog over TLS [RFC5425]'
state: '{{ "present"
if (ansible_distribution_release in ["wheezy"])
else "absent" }}'
-
rsyslog__apt_preferences__dependent_list¶
Configuration for debops.apt_preferences Ansible role, to install newer
version of rsyslog package on older systems.
rsyslog__apt_preferences__dependent_list:
- package: 'rsyslog rsyslog-* libestr0'
backports: [ 'wheezy' ]
reason: 'Version parity with Debian Jessie'
role: 'debops.rsyslog'
-
rsyslog__ferm__dependent_rules¶
Configuration for debops.ferm Ansible role.
rsyslog__ferm__dependent_rules:
- type: 'accept'
dport: [ '514' ]
protocols: [ 'udp', 'tcp' ]
saddr: '{{ rsyslog__allow + rsyslog__group_allow + rsyslog__host_allow }}'
role: 'rsyslog'
accept_any: False
rule_state: '{{ "present"
if ("network" in rsyslog__capabilities and not rsyslog__send_over_tls_only|bool)
else "absent" }}'
- type: 'accept'
dport: [ 'syslog-tls' ]
saddr: '{{ rsyslog__allow + rsyslog__group_allow + rsyslog__host_allow }}'
role: 'rsyslog'
accept_any: False
rule_state: '{{ "present"
if ("network" in rsyslog__capabilities and
"tls" in rsyslog__capabilities)
else "absent" }}'
-
rsyslog__logrotate__dependent_config¶
Configuration for debops.logrotate Ansible role.
rsyslog__logrotate__dependent_config:
- filename: '000rsyslog-unprivileged'
comment: 'The rsyslog daemon is run unprivileged'
options: |
su root {{ rsyslog__group }}
state: '{{ "present" if rsyslog__unprivileged|bool
else "absent" }}'
- filename: 'rsyslog'
divert: True
sections:
- logs: '/var/log/syslog'
options: |
rotate {{ rsyslog__rotation_count_system }}
{{ rsyslog__rotation_period_system }}
missingok
notifempty
delaycompress
compress
postrotate: |
{{ "invoke-rc.d rsyslog rotate > /dev/null"
if (ansible_distribution_release in
([ "wheezy", "jessie", "stretch",
"precise", "trusty" ]))
else "/usr/lib/rsyslog/rsyslog-rotate" }}
- logs: '{{ rsyslog__default_logfiles | difference(["/var/log/syslog"]) }}'
options: |
rotate {{ rsyslog__rotation_count_system }}
{{ rsyslog__rotation_period_system }}
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate: |
{{ "invoke-rc.d rsyslog rotate > /dev/null"
if (ansible_distribution_release in
([ "wheezy", "jessie", "stretch",
"precise", "trusty" ]))
else "/usr/lib/rsyslog/rsyslog-rotate" }}
- filename: 'rsyslog-remote'
logs: [ '/var/log/remote/*/*/syslog', '/var/log/remote/*/*/*.log' ]
options: |
rotate {{ rsyslog__rotation_count_remote }}
{{ rsyslog__rotation_period_remote }}
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate: |
{{ "invoke-rc.d rsyslog rotate > /dev/null"
if (ansible_distribution_release in
([ "wheezy", "jessie", "stretch",
"precise", "trusty" ]))
else "/usr/lib/rsyslog/rsyslog-rotate" }}