Ansible Role rsyslog

This role installs and configures rsyslog. Useful for configuring log forwarding, for example to a Graylog server.

Tags

rsyslog

  • Installs and configures rsyslog.

  • Triggers: rsyslog.service restart.

rsyslog:configure

  • Deploys the configuration.

  • Triggers: rsyslog.service restart.

rsyslog:state

  • Manages the state of the systemd service.

  • Triggers: none.

Optional Role Variables

rsyslog__conf__group_var / rsyslog__conf__host_var

  • A list of rsyslog configs that should be deployed to /etc/rsyslog.d/. For the usage in host_vars / group_vars (can only be used in one group at a time).

  • Type: List of dictionaries.

  • Default: []

  • Subkeys:

    • template:

      • Mandatory. Name of the Jinja template source file to use. Have a look at the possible options here.

      • Type: String.

    • filename:

      • Mandatory. Destination filename in /etc/rsyslog.d/, and normally is equal to the name of the source template used. Will be suffixed with .conf.

      • Type: String.

    • state:

      • Optional. State of the config. Possible options: absent, present.

      • Type: String.

      • Default: 'present'

    • raw:

      • Optional. Raw content for the config.

      • Type: String.

      • Default: unset

rsyslog__service_enabled

  • Enables or disables the rsyslog service, analogous to systemctl enable/disable.

  • Type: Bool.

  • Default: true

rsyslog__service_state

  • Changes the state of the rsyslog service, analogous to systemctl start/stop/restart/reload. Possible options: started, stopped, restarted, reloaded.

  • Type: String.

  • Default: 'started'

Example:

# optional
rsyslog__conf__group_var: []
rsyslog__conf__host_var:
  - filename: 'my-old-config'
    state: 'absent'
  - filename: 'graylog'
    comment: |-
      Relay logs to Graylog
    state: 'present'
    template: 'raw'
    raw: |-
      # rsyslog v7 filter conditions:
      # contains isequal startswith regex ereregex
      # http://www.rsyslog.com/doc/v7-stable/configuration/filters.html
      if (
          $msg startswith "GSSAPI client step " or
          $msg startswith "GSSAPI server step " or
          ($programname == "kernel" and $msg startswith "RULE ") or
          ($programname == "systemd" and ($msg startswith "Created slice " or $msg startswith "Removed slice ")) or
          ($programname == "systemd" and ($msg startswith "Starting user-" or $msg startswith "Stopping user-")) or
          ($programname == "systemd" and ($msg startswith "Starting Session " or $msg startswith "Started Session ")) or
          ($programname == "systemd-logind" and ($msg startswith "New Session " or $msg startswith "Removed Session "))
      )
      then
          # ignore, do not foward
          continue
      else
          *.* @graylog.example.com:1514;RSYSLOG_SyslogProtocol23Format
rsyslog__service_enabled: true
rsyslog__service_state: 'started'

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich