Skip to content

ansible role to install and configure a classic syslog-ng service for processing log files away from journald.

License

Notifications You must be signed in to change notification settings

dSchaexn/ansible-syslog-ng

 
 

Repository files navigation

Ansible Role: syslog-ng

Installs and configures a classic syslog-ng service for processing log files away from journald.

This again allows a simple, central logging service to be run on the user's own network.

This role disables journald and takes over its function!


Further development of this Ansible role has been moved to Collection bodsch.core. This repository will therefore no longer be actively maintained.


GitHub Workflow Status GitHub issues GitHub release (latest by date) Ansible Quality Score

Requirements & Dependencies

Ansible Collections

ansible-galaxy collection install bodsch.core

or

ansible-galaxy collection install --requirements-file collections.yml

tested operating systems

Tested on

  • ArchLinux
  • ArtixLinux
  • Debian based
    • Debian 10 / 11 / 12
    • Ubuntu 20.04 / 22.04

usage

syslog_options: {}

syslog_logs: {}

syslog_sources:
  src:
    - comment: messages generated by syslog-ng
      system:

syslog_message_templates: {}

syslog_journald:
  wipe_persistent: true
  config:
    Storage: volatile
    ForwardToSyslog: 'yes'

syslog_hardened: false

syslog_systemd_template: default

syslog_options

syslog_options:
  chain_hostnames: false
  create_dirs: false
  dns-cache: false
  flush_lines: 0
  group: "adm"
  keep_hostname: true
  log_fifo_size: 10000
  mark_freq: 3600
  perm: "0640"
  stats_freq: 43200
  time_reopen: 10
  ts_format: iso
  use_dns: false
  use_fqdn: false

syslog_logs

Additional log destinations to be merged with the default (syslog_defaults_logs) ones.

syslog_logs

A list of hashes, a trio of file destination, filter, log. A simplified configuration that should be sufficient for most cases.

parameter required default description
source false src source of logging messages - 'src', or 'kernsrc'
destination.file false ${key}.log log file relative to /var/log. (The basic directory is created automatically.)
destination.udp false - udp log Destination to an remote syslog server.
destination.tcp false - tcp log Destination to an remote syslog server.
filter.name false ${key} An (optional) name of the filter. If it is not specified, the ${key} is used as name.
filter.filter false program(${key}) The syslog filter. This can be a simple string or a list of strings.
The list is connected with an and.
final false false whether set a final flag

Only one log destination may be defined! So either file, or udp / tcp!

Example

syslog_logs:
  kern:
    source: kernsrc
    destination:
      file: kernel.log
    filter:
      name: kern
      filter: facility(kern)
  messages:
    file_name: messages.log
    filter:
      filter:
        - level(info..alert)
        - level(debug..notice)
        - not facility(auth, authpriv, mail, cron, kern, local7)
        - not program (syslog-ng)
        - not program (dhcpd)
        - not program(named)
  iptables:
    source: kernsrc
    destination:
      file: iptables.log
    filter:
      filter: message("^(\\[.*\..*\] |)ip6?tables.*")
    final: true
  remote:
    source: net
    template: nginx
    destination:
      file: "remote/nginx/${FULLHOST}.log"
  loghost:
    source: s_remote
    destination:
      udp:
        ip: "10.10.0.1"
        port: 514
        spoof_source: true

syslog_sources

Additional log sources to be merged with the default (syslog_defaults_sources) ones.

parameter description
comment an optional comment
$driver key is name of the source driver, typically unix_stream or file
(underscores are replaced with hyphens)
value is the driver parameter

Example

syslog_sources:
  src:
    - comment: messages generated by syslog-ng
      internal:
  kernsrc:
    - comment: messages from the kernel
      file: /proc/kmsg
  net:
    - comment: messages from syslog-clients
      udp:
  s_remote:
    - comment: remote sources on port 5140
      tcp:
        ip: 0.0.0.0
        port: 5140
      udp: 
        ip: 0.0.0.0
        port: 5140

syslog_message_templates

You can define your own templates for log files. This makes it possible to give each log file a suitable output format.

By default, a template called tmpl is created, which is defined as follows:

'${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n'

By default, each destrination is assigned this template.
If this is not desired, use_template must be set in the syslog_logs configuration.

syslog_logs:
  ansible:
    file_name: ansible.log
    filter:
      filter: program(ansible)
    use_template: false

If a destination is to have its own output format, the defined template must be specified under template.

syslog_message_templates:
  nginx: '${MSG}\n'

syslog_logs:
  remote:
    source: net
    template: ngix
    destination:
      file: "remote/${FULLHOST}.log"

Contribution

Please read Contribution

Development, Branches (Git Tags)

The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!

If you want to use something stable, please use a Tagged Version!


Author and License

  • Bodo Schulz

License

Apache

FREE SOFTWARE, HELL YEAH!

About

ansible role to install and configure a classic syslog-ng service for processing log files away from journald.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 73.3%
  • Jinja 21.2%
  • Shell 4.8%
  • Makefile 0.7%