rene/ansible-pull
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use GELF for log

Browse Source
This commit is contained in:
Rene Mewissen
2025-10-07 17:04:28 +02:00
parent ab9d723eae
commit 5617f99096
2 changed files with 127 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml
View File

@@ -1,10 +1,16 @@
---
- name: Bastionhost | rsyslog forwarding | Ensure rsyslog-gnutls is installed
- name: Bastionhost | rsyslog forwarding | Ensure rsyslog TLS module is installed
ansible.builtin.package:
name: rsyslog-gnutls
name: rsyslog-gnutls # For TLS support
state: present
- name: Bastionhost | rsyslog forwarding | Configure forwarding for SSH logs
- name: Bastionhost | rsyslog forwarding | Ensure rsyslog GELF module is installed for Graylog
ansible.builtin.package:
name: rsyslog-gelf # For Graylog Extended Log Format (GELF)
state: present
when: log_forwarding_type == 'gelf'
- name: Bastionhost | rsyslog forwarding | Configure GELF forwarding for SSH logs (for Graylog)
ansible.builtin.copy:
dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
owner: root
@@ -12,12 +18,56 @@
mode: '0644'
content: |
# This file is managed by Ansible
# Forward sshd logs to a remote log server
# Forward sshd logs to a remote Graylog server using GELF over TLS
module(load="omgelf")
template(name="gelf" type="list") {
constant(value="{\"version\": \"1.1\", \"host\": \"")
property(name="hostname")
constant(value="\", \"short_message\": \"")
property(name="msg" format="json")
constant(value="\", \"timestamp\": ")
property(name="timereported" dateFormat="unixtimestamp")
constant(value=", \"level\": ")
property(name="syslogseverity")
constant(value=", \"_facility\": \"")
property(name="syslogfacility-text")
constant(value="\", \"_program\": \"")
property(name="programname")
constant(value="\"}")
}
# Define the template for forwarding
# Filter for sshd messages and apply the action
if $programname == 'sshd' then {
action(type="omgelf"
target="{{ log_forwarding_target }}"
port="{{ log_forwarding_port | default(12201) }}"
protocol="tcp"
template="gelf"
StreamDriver="gtls"
StreamDriverMode="1"
StreamDriverAuthMode="x509/name"
StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}"
Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
)
}
notify: restart rsyslog
when:
- log_forwarding_type == 'gelf'
- log_forwarding_target is defined
- log_forwarding_permitted_peer is defined
- log_forwarding_ca_cert is defined
- name: Bastionhost | rsyslog forwarding | Configure standard TLS forwarding for SSH logs
ansible.builtin.copy:
dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
owner: root
group: root
mode: '0644'
content: |
# This file is managed by Ansible
# Forward sshd logs to a remote syslog server using RFC5424 over TLS
template(name="RSYSLOG_SyslogProtocol23Format" type="string" string="<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n")
# Setup forwarding action
if $programname == 'sshd' then {
action(
type="omfwd"
target="{{ log_forwarding_target }}"
@@ -25,16 +75,15 @@
protocol="tcp"
template="RSYSLOG_SyslogProtocol23Format"
StreamDriver="gtls"
StreamDriverMode="1" # Run in TLS-only mode
StreamDriverMode="1"
StreamDriverAuthMode="x509/name"
StreamDriverPermittedPeer="{{ log_forwarding_permitted_peer }}"
Action.sendStreamDriverCaFile="{{ log_forwarding_ca_cert }}"
)
# Filter for sshd messages and apply the action
if $programname == 'sshd' then {
call-action
}
notify: restart rsyslog
when:
- log_forwarding_target is defined
- log_forwarding_permitted_peer is defined
- log_forwarding_ca_cert is defined
- log_forwarding_type == 'syslog'

107
roles/bastionhost/vars/main.yml
View File

@@ -1,51 +1,58 @@
$ANSIBLE_VAULT;1.1;AES256
31303030333134323161353832663732376564373537326630313238613438353738616534363962
6565356166353639646166666262386334313266663239330a333335663566616564333030313839
66316237636561656539336532633061626530343532613937633963663061623735623163623332
3138313066303533310a326665386136633935636138366437333234336561373639616437643833
66373738633630336465633265616638316538366138356366353938316638366164363639653331
34653232386164343931616130383437383861343436316535383866316636373862356337323632
66353438643562393864633830373339306263356662353039383163613163333230383065336432
35333533333965616265663866303733653635643464666462323531663635373436613430313664
37653337333832613638323935666135643733373362646561616463623334323933663965363637
65636634613061656163366236356232363439376630656237386435316430636538326632633337
31663133663135383735646665623235623135393035343130343237336564646563353666653630
37376166333431646237303239396235373232316466663235386131666564323431626138623066
62356564613333383339323038363938626666343064373830393535346163616130626434346330
65303139623539316530323365336161346339633236346637636233393465363366333933396366
61336235343733643265643434353533383561363166623463386334343235616136646433393766
32393563353963323561626630303266333462663836623632663532356233633731393835333936
65383862386161656332663534343730383532666533623038323663663639366630663137643230
34646132616230666633376365326234373030356430383666376637653764313732383433656537
31313936326463343262626135306535366163653737623839376132383431376633313233643132
30633830383331343261363232616439396331343966643433363639616630323633633634663230
39363830326433643130653832333334356430353661633365613035646538366236383532306336
36366463306538626333373838396566323839373536666138376666323431336665303230393864
32626239613531303734306533383735623934306162633365343364343964313332346362653238
64323862626138663463646433653135623462613166373933336337326561303538333331316634
61646334333532626234303435393265306233396563663431346635663237646563353765623362
64373733323561333764353336336432383166316666366636333330393635666230316161613565
38653139666635616136333362663564633135383235356232333264623766646433636331376136
62333534353035616332313233613333306239313734306136633161623333343531656362623533
39646635633730613238386232646561306664303463386635633565333531353266373063626636
30303432663234333731303163393464366665336265313733613730343930633630323938346639
31313761623033316437663538306564336561363239333638373739336561316364353639633766
37323038643261386637376637656662393133653034396530663937643930356530333763306538
64646336373463353332613566366366383134386633643831616237343036346434646437623231
39316465666266633438303630343831663666306437376331613962366339393264323333353931
66373738633062323438323131636566373230303336366439643537643436383835353136626230
33663961303539373031383430393035353734643666623536313938313739646438653462353635
64613062663438663932383530656366343566653865306666653163363637613535386262316161
34363937306264646662343030666463396133356537346565643035646563373633653033316331
62633065396135383439343364646638313339393236623736643332613431663630646332613264
36373365346163653837643464626362643061373534663933666234663835356166363033656133
66383033643030653966636163316366613233663438376431373235336330633361633231346637
36396334623466646438383436356630303632626638623231366635636132643935306338373632
37323130323036633733383530633061656361353539373465393639353565373331613462356430
61383862366135616630643932626661386662376133663236363861666362336634303265393739
63643862383065336331353964633763633462386230656336626639363063653134356232376264
31373334396338643163313065353336623062636532363862653432636162353564633635656338
37396262633637646464666261626363316661363633623331313631393634363333353736646161
32653739303831353965333535303737633965336135663965656630343037646630333062303934
35383939633961663636326131383866646435333037326235626666336663386664343336343732
3930663532336264363037366161613439336230623032303431
64326232656662363236303965383864333836363137313433396134613539386264376137353565
3239383563386164373464393432376537326630626531640a663262323433623435623439313461
32393336333365306232393462346261373837656561376561323361353666316136363665316162
6664653639623861620a386130626432376339656232326666393230323132633964616263653933
34373236653935653366653466636538323166373638643939666634356664303431396330663565
37623365323262323734393730643661376365666235336633356231396238376236383364303532
66303335313637363738353835613536376136376265373135386665353230393361366463643863
61396461343834316139353066366561306437643436646639643433623066663236323930656538
31383666383666636635663565653765353835316562343834616331383535663761653235323339
65343832613433316134346537346261306233343434313032653039646637303131323039393135
32393332383563656439663862383663323339646333323233373833363434353435373863396366
34613966646331616231353135646336393533393862343838383066643838653536366239313162
35333238333162613032333833343564363935326230666165316438646638303664363534303966
36633865336435613164363462396366616239613465393966646338346234663532303961376439
30653534316538376130363236386133396132653432316565633439613533373939656333653330
65393334373064663162306131343664393836376137636563633836633330363438666266636163
61343166633665623663636463386538623031323533323436623365343066653161306465333130
39393533643234663537616361333835356466313361333436636632646566376137653437626638
30306636373338383730613136613433643535613963326362313336393762626334313833613463
35623263326233326661643965356639663237363265656161306639373032666630336534363936
36373631623136336534633235353230383238303330653830666561633836626562366230313737
35623163613538343932316537373133633234393933373830633836626465383735393734623839
64376561313434353861613037323436333734613034356563623763353136363832333233356166
31386462396261373361383830386162353465653866396162356263316337353634373836666631
33643366616463613236666138393434363833373132393038386464633935626136666162636137
34303766363731323762363335623764363137613762326230346666386230393862646636363864
61663938653433383533633133626166393366623366656663636336393039643430653635353635
38343235366530343536666238613261353231623332626365366538303637653036656632313932
34666236383031656639656462353935626463333666373164333166613930666333393261643431
61633064333938326366636437396666643730653738636564393436333238363131303331646337
39316337303066316432373162636265663561383936333036646464623839386266353330306135
38323639616137303162643161656465306334356331393536616433353032656563636566313861
39303637376639383439303766626664363331646562633230356430343734336465613835643965
37346338346430313065333930303239613231353161643736613932656133663363343132653438
66393361373461383732373633313736353638326439646332663737613033616166643730336632
31376463663731646138663635633136663035356661313266393662653965633262353464643466
32343638353262376137353364646235346534333436626363383336356233336666623837376236
61663238636235613161386236656436396461373762396639366432363533323938353165393638
35383137303733643633613933346362643061373336636635396565303463363337646530393435
39616536626462323264363466393331653862303333613135333437386334346538313239343631
32333132633332346365373336396636333661663336316234643461343039346663643832643161
66366135636563626335656236333666626266336430653830346165623065613064646636396239
34366366386132366265656334336537613932303131346639303161373561656164366439386662
33393738363062376433373837343137646131313363633664353437643565653538363934323533
32663363323939616262303562346337666163383661363538613738636130653566363133633939
35383736623165353961383337663030366562326539363735323763633437666234363238636133
35653039326133316435353264313035663832343462316239666139373231383134363636666335
34333263616164393762346632636232623535313838393931663732383764363634373463393763
38396233303332336465663865626234666364613930663262653031386233376435636662643338
61626331353036316636363965656262393634396139373937636362326531633330303733303161
33336266376533303030646361313966336162343039306364623233646333323361343064633832
37353032626532636430316466346630616535303561646434356664343535643262306234366233
33393532643634663266336663373235303864343261393136303665643461653165313534346464
31336565316566346130323465613730666631653338393234343562633062663739646630303638
37613663373837656563353163666164306635646531353462653864653538656463633361636464
36353538623365663562323661353536666362376634636233396666393538663131303638653164
6238