40 lines
1.3 KiB
YAML
40 lines
1.3 KiB
YAML
---
|
|
- name: Bastionhost | rsyslog forwarding | Ensure rsyslog-gnutls is installed
|
|
ansible.builtin.package:
|
|
name: rsyslog-gnutls
|
|
state: present
|
|
|
|
- name: Bastionhost | rsyslog forwarding | Configure forwarding for SSH logs
|
|
ansible.builtin.copy:
|
|
dest: /etc/rsyslog.d/60-forward-ssh-logs.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
content: |
|
|
# This file is managed by Ansible
|
|
# Forward sshd logs to a remote log server
|
|
|
|
# Define the template for forwarding
|
|
template(name="RSYSLOG_SyslogProtocol23Format" type="string" string="<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n")
|
|
|
|
# Setup forwarding action
|
|
action(
|
|
type="omfwd"
|
|
target="{{ log_forwarding_target }}"
|
|
port="{{ log_forwarding_port | default(6514) }}"
|
|
protocol="tcp"
|
|
template="RSYSLOG_SyslogProtocol23Format"
|
|
StreamDriver="gtls"
|
|
StreamDriverMode="1" # Run in TLS-only mode
|
|
StreamDriverAuthMode="x509/name"
|
|
)
|
|
|
|
# Filter for sshd messages and apply the action
|
|
if $programname == 'sshd' then {
|
|
call-action
|
|
}
|
|
notify: restart rsyslog
|
|
when:
|
|
- log_forwarding_target is defined
|
|
- log_forwarding_permitted_peer is defined
|
|
- log_forwarding_ca_cert is defined |