From bece599d2917fc4b6689e2f8ab49bf1a5d5b40fa Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Tue, 7 Oct 2025 17:41:33 +0200 Subject: [PATCH] omgelf is deprecated --- .../tasks/system_setup/rsyslog_forwarding.yml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml b/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml index 67d9850..dd17565 100644 --- a/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml +++ b/roles/bastionhost/tasks/system_setup/rsyslog_forwarding.yml @@ -4,14 +4,6 @@ name: rsyslog-gnutls # For TLS support state: present -- name: Bastionhost | rsyslog forwarding | Ensure rsyslog GELF module is installed (on RedHat family) - ansible.builtin.package: - name: rsyslog-gelf # For Graylog Extended Log Format (GELF) - state: present - when: - - log_forwarding_type == 'gelf' - - ansible_os_family == "RedHat" - - name: Bastionhost | rsyslog forwarding | Configure GELF forwarding for SSH logs (for Graylog) ansible.builtin.copy: dest: /etc/rsyslog.d/60-forward-ssh-logs.conf @@ -20,8 +12,7 @@ mode: '0644' content: | # This file is managed by Ansible - # Forward sshd logs to a remote Graylog server using GELF over TLS - module(load="omgelf") + # Forward sshd logs to a remote Graylog server using GELF (via omfwd) over TLS template(name="gelf" type="list") { constant(value="{\"version\": \"1.1\", \"host\": \"") property(name="hostname") @@ -40,7 +31,7 @@ # Filter for sshd messages and apply the action if $programname == 'sshd' then { - action(type="omgelf" + action(type="omfwd" target="{{ log_forwarding_target }}" port="{{ log_forwarding_port | default(12201) }}" protocol="tcp"