- Notifications
You must be signed in to change notification settings - Fork3
ansible role to install and configure a classic syslog-ng service for processing log files away from journald.
License
bodsch/ansible-syslog-ng
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Installs and configures a classic syslog-ng service for processing log files away from journald.
This again allows a simple, central logging service to be run on the user's own network.
This role disables journald and takes over its function!
Further development of this Ansible role has been moved to Collectionbodsch.core.This repository will therefore no longer be actively maintained.
Ansible Collections
ansible-galaxy collection install bodsch.core
or
ansible-galaxy collection install --requirements-file collections.yml
Tested on
- ArchLinux
- ArtixLinux
- Debian based
- Debian 10 / 11 / 12
- Ubuntu 20.04 / 22.04
syslog_options:{}syslog_logs:{}syslog_sources:src: -comment:messages generated by syslog-ngsystem:syslog_message_templates:{}syslog_journald:wipe_persistent:trueconfig:Storage:volatileForwardToSyslog:'yes'syslog_hardened:falsesyslog_systemd_template:default
syslog_options:chain_hostnames:falsecreate_dirs:falsedns-cache:falseflush_lines:0group:"adm"keep_hostname:truelog_fifo_size:10000mark_freq:3600perm:"0640"stats_freq:43200time_reopen:10ts_format:isouse_dns:falseuse_fqdn:false
Additional log destinations to be merged with thedefault (syslog_defaults_logs) ones.
syslog_logs
A list of hashes, a trio of file destination, filter, log.A simplified configuration that should be sufficient for most cases.
| parameter | required | default | description |
|---|---|---|---|
source | false | src | source of logging messages - 'src', or 'kernsrc' |
destination.file | false | ${key}.log | log file relative to/var/log. (The basic directory is created automatically.) |
destination.udp | false | - | udp log Destination to an remote syslog server. |
destination.tcp | false | - | tcp log Destination to an remote syslog server. |
filter.name | false | ${key} | An (optional) name of the filter. If it is not specified, the${key} is used as name. |
filter.filter | false | program(${key}) | The syslog filter. This can be a simple string or a list of strings. The list is connected with an and. |
final | false | false | whether set a final flag |
Only one log destination may be defined!So either
file, orudp/tcp!
syslog_logs:kern:source:kernsrcdestination:file:kernel.logfilter:name:kernfilter:facility(kern)messages:file_name:messages.logfilter:filter: -level(info..alert) -level(debug..notice) -not facility(auth, authpriv, mail, cron, kern, local7) -not program (syslog-ng) -not program (dhcpd) -not program(named)iptables:source:kernsrcdestination:file:iptables.logfilter:filter:message("^(\\[.*\..*\] |)ip6?tables.*")final:trueremote:source:nettemplate:nginxdestination:file:"remote/nginx/${FULLHOST}.log"loghost:source:s_remotedestination:udp:ip:"10.10.0.1"port:514spoof_source:true
Additional log sources to be merged with thedefault (syslog_defaults_sources) ones.
| parameter | description |
|---|---|
comment | an optional comment |
$driver | key is name of the source driver, typicallyunix_stream orfile(underscores are replaced with hyphens) value is the driver parameter |
syslog_sources:src: -comment:messages generated by syslog-nginternal:kernsrc: -comment:messages from the kernelfile:/proc/kmsgnet: -comment:messages from syslog-clientsudp:s_remote: -comment:remote sources on port 5140tcp:ip:0.0.0.0port:5140udp:ip:0.0.0.0port:5140
You can define your own templates for log files.This makes it possible to give each log file a suitable output format.
By default, a template calledtmpl is created, which is defined as follows:
'${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n'
By default, each destrination is assigned this template.
If this is not desired,use_template must be set in thesyslog_logs configuration.
syslog_logs:ansible:file_name:ansible.logfilter:filter:program(ansible)use_template:false
If a destination is to have its own output format, the defined template must be specified undertemplate.
syslog_message_templates:nginx:'${MSG}\n'syslog_logs:remote:source:nettemplate:ngixdestination:file:"remote/${FULLHOST}.log"
Please readContribution
Themaster Branch is myWorking Horse includes the "latest, hot shit" and can be complete broken!
If you want to use something stable, please use aTagged Version!
- Bodo Schulz
FREE SOFTWARE, HELL YEAH!
About
ansible role to install and configure a classic syslog-ng service for processing log files away from journald.