Getting started¶
Initial configuration¶
The debops.rsyslog
default configuration is designed to closely resemble
the Debian rsyslog
package defaults. The same system logs will be
generated, although with slightly longer log rotation. If the operating system
is Debian, rsyslog
will be run on a privileged root
account; if the
system is Ubuntu, an unprivileged syslog
account will be used by default.
Configuration filename extensions¶
The configuration order is important, and to aid support of configuration from
other roles, the /etc/rsyslog.conf
configuration file includes other
configuration files with different filename extensions at certain points of the
configuration:
/etc/rsyslog.d/*.input
- These files define configuration of the rsyslog input modules which can be used as data sources.
/etc/rsyslog.d/*.template
- These configuration files can be used to create custom templates used by
rsyslog
in different parts of the configuration. /etc/rsyslog.d/*.conf
- These files are included by default. They are meant to be used for configuration of the local system logs, the extension is used to preserve compatibility with Debian package conventions.
/etc/rsyslog.d/*.output
- These files define configuration of the rsyslog output modules which can be used as targets by various local and remote rulesets defined later on.
/etc/rsyslog.d/*.ruleset
- These configuration files are meant to be used to define log matching rules specific to a given system, to store logs in different files.
/etc/rsyslog.d/*.remote
- These configuration files are meant to store configuration for logs coming
from other systems over the network. These rules will be defined in
a separate "ruleset" called
remote
which is used by the UDP and TCP input modules. This way the local (system) logs and remote logs from other hosts can be managed separately and shouldn't mix with each other.
Quick start: log forwarding¶
Log forwarding tells rsyslogd server to send all or specific syslog messages to another syslog server(s). The debops.rsyslog role is tailored for configuring log forwarding over TLS to a central syslog server using DNS SRV resource records.
The role checks if the _syslog._tcp.{{ rsyslog__domain }}
DNS SRV resource
record exists. If it's found, the host is not configured to receive logs via
rsyslog__remote_enabled
variable and the debops.pki role has
been configured on the host, the debops.rsyslog will generate
configuration for each target server that will send syslog messages over TLS to
port 6514 by default. This configuration can be found and changed in the
rsyslog__default_forward
and the rsyslog__default_rules
variables.
Quick start: receiving remote logs¶
The role does not configure rsyslogd service to receive log messages
from the network by default. To enable this, you can specify a list of allowed
IP addresses and/or CIDR subnets which are allowed to send syslog messages
using the rsyslog__allow
, rsyslog__group_allow
and/or
rsyslog__host_allow
variables. Defining these in the inventory will
tell the role to configure rsyslog to accept remote logs and store
them in subdirectories under the /var/log/remote/
directory. The
debops.ferm and the debops.logrotate roles will be used to
configure the IPTables firewall and log rotation respectively.
This behaviour is controlled by the rsyslog__remote_enabled
variable.
Example inventory¶
The debops.rsyslog role is included by default in the DebOps
common.yml
playbook and does not need to be specifically enabled.
To enable the debops.rsyslog
role on a given host or group of hosts not
managed by DebOps, you need to add that host to the
[debops_service_rsyslog]
Ansible inventory group:
[debops_service_rsyslog]
hostname
Example playbook¶
Here's an example playbook which uses debops.rsyslog
role:
---
- name: Manage rsyslog service
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_all_hosts', 'debops_service_rsyslog' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: etc_services
tags: [ 'role::etc_services', 'skip::etc_services' ]
etc_services__dependent_list:
- '{{ rsyslog__etc_services__dependent_list }}'
- role: apt_preferences
tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ rsyslog__apt_preferences__dependent_list }}'
- role: ferm
tags: [ 'role::ferm', 'skip::ferm' ]
ferm__dependent_rules:
- '{{ rsyslog__ferm__dependent_rules }}'
- role: cron
tags: [ 'role::cron', 'skip::cron' ]
- role: logrotate
tags: [ 'role::logrotate', 'skip::logrotate' ]
logrotate__dependent_config:
- '{{ rsyslog__logrotate__dependent_config }}'
- role: rsyslog
tags: [ 'role::rsyslog', 'skip::rsyslog' ]