rsyslog setup split into multiple files

2025-10-07 18:15:04 +02:00
parent bece599d29
commit 0c10e0a537
1 changed files with 30 additions and 15 deletions
--- a/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
+++ b/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
@@ -4,6 +4,24 @@
    name: rsyslog-gnutls # For TLS support
    state: present

+- name: Bastionhost | rsyslog forwarding | Configure global TLS settings
+  ansible.builtin.copy:
+    dest: /etc/rsyslog.d/01-global-tls.conf
+    owner: root
+    group: root
+    mode: '0644'
+    content: |
+      # This file is managed by Ansible
+      # Defines global TLS settings for log forwarding.
+      global(
+        DefaultNetstreamDriver="gtls"
+        DefaultNetstreamDriverCAFile="{{ log_forwarding_ca_cert }}"
+      )
+  notify: restart rsyslog
+  when:
+    - log_forwarding_target is defined
+    - log_forwarding_ca_cert is defined
+
 - name: Bastionhost | rsyslog forwarding | Configure GELF forwarding for SSH logs (for Graylog)
  ansible.builtin.copy:
    dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
@@ -31,16 +49,16 @@

      # Filter for sshd messages and apply the action
      if $programname == 'sshd' then {
-          action(type="omfwd"
-                 target="{{ log_forwarding_target }}"
-                 port="{{ log_forwarding_port | default(12201) }}"
-                 protocol="tcp"
-                 template="gelf"
-                 StreamDriver="gtls"
-                 StreamDriverMode="1"
-                 StreamDriverAuthMode="x509/name"
-                 StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}"
-                 Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
+          action(
+                type="omfwd"
+                target="{{ log_forwarding_target }}"
+                port="{{ log_forwarding_port | default(12201) }}"
+                protocol="tcp"
+                template="gelf"
+                StreamDriver="gtls"
+                StreamDriverMode="1"
+                StreamDriver.AuthMode="x509/name"
+                StreamDriver.PermittedPeer="{{ log_forwarding_permitted_peer }}"
          )
      }
  notify: restart rsyslog
@@ -48,7 +66,6 @@
    - log_forwarding_type == 'gelf'
    - log_forwarding_target is defined
    - log_forwarding_permitted_peer is defined
-    - log_forwarding_ca_cert is defined

 - name: Bastionhost | rsyslog forwarding | Configure standard TLS forwarding for SSH logs
  ansible.builtin.copy:
@@ -69,14 +86,12 @@
              template="RSYSLOG_SyslogProtocol23Format"
              StreamDriver="gtls"
              StreamDriverMode="1"
-              StreamDriverAuthMode="x509/name"
-              StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}"
-              Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
+              StreamDriver.AuthMode="x509/name"
+              StreamDriver.PermittedPeer="{{ log_forwarding_permitted_peer }}"
          )
      }
  notify: restart rsyslog
  when:
    - log_forwarding_target is defined
    - log_forwarding_permitted_peer is defined
-    - log_forwarding_ca_cert is defined
    - log_forwarding_type == 'syslog'