rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

rsyslog setup split into multiple files

Browse Source
This commit is contained in:
Rene Mewissen
2025-10-07 18:15:04 +02:00
parent bece599d29
commit 0c10e0a537
1 changed files with 30 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
View File

@@ -4,6 +4,24 @@
name: rsyslog-gnutls # For TLS support name: rsyslog-gnutls # For TLS support
state: present state: present
- name: Bastionhost | rsyslog forwarding | Configure global TLS settings
ansible.builtin.copy:
dest: /etc/rsyslog.d/01-global-tls.conf
owner: root
group: root
mode: '0644'
content: |
# This file is managed by Ansible
# Defines global TLS settings for log forwarding.
global(
DefaultNetstreamDriver="gtls"
DefaultNetstreamDriverCAFile="{{ log_forwarding_ca_cert }}"
)
notify: restart rsyslog
when:
- log_forwarding_target is defined
- log_forwarding_ca_cert is defined
- name: Bastionhost | rsyslog forwarding | Configure GELF forwarding for SSH logs (for Graylog) - name: Bastionhost | rsyslog forwarding | Configure GELF forwarding for SSH logs (for Graylog)
ansible.builtin.copy: ansible.builtin.copy:
dest: /etc/rsyslog.d/60-forward-ssh-logs.conf dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
@@ -31,16 +49,16 @@
# Filter for sshd messages and apply the action # Filter for sshd messages and apply the action
if $programname == 'sshd' then { if $programname == 'sshd' then {
action(type="omfwd" action(
target="{{ log_forwarding_target }}" type="omfwd"
port="{{ log_forwarding_port | default(12201) }}" target="{{ log_forwarding_target }}"
protocol="tcp" port="{{ log_forwarding_port | default(12201) }}"
template="gelf" protocol="tcp"
StreamDriver="gtls" template="gelf"
StreamDriverMode="1" StreamDriver="gtls"
StreamDriverAuthMode="x509/name" StreamDriverMode="1"
StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}" StreamDriver.AuthMode="x509/name"
Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}" StreamDriver.PermittedPeer="{{ log_forwarding_permitted_peer }}"
) )
} }
notify: restart rsyslog notify: restart rsyslog
@@ -48,7 +66,6 @@
- log_forwarding_type == 'gelf' - log_forwarding_type == 'gelf'
- log_forwarding_target is defined - log_forwarding_target is defined
- log_forwarding_permitted_peer is defined - log_forwarding_permitted_peer is defined
- log_forwarding_ca_cert is defined
- name: Bastionhost | rsyslog forwarding | Configure standard TLS forwarding for SSH logs - name: Bastionhost | rsyslog forwarding | Configure standard TLS forwarding for SSH logs
ansible.builtin.copy: ansible.builtin.copy:
@@ -69,14 +86,12 @@
template="RSYSLOG_SyslogProtocol23Format" template="RSYSLOG_SyslogProtocol23Format"
StreamDriver="gtls" StreamDriver="gtls"
StreamDriverMode="1" StreamDriverMode="1"
StreamDriverAuthMode="x509/name" StreamDriver.AuthMode="x509/name"
StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}" StreamDriver.PermittedPeer="{{ log_forwarding_permitted_peer }}"
Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
) )
} }
notify: restart rsyslog notify: restart rsyslog
when: when:
- log_forwarding_target is defined - log_forwarding_target is defined
- log_forwarding_permitted_peer is defined - log_forwarding_permitted_peer is defined
- log_forwarding_ca_cert is defined
- log_forwarding_type == 'syslog' - log_forwarding_type == 'syslog'