iac
/
ansible-role-syslog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

This commit is contained in:
nemunaire 2023-03-14 19:07:40 +01:00
commit 3f30a4bef3
4 changed files with 191 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
- name: reload syslog
service:
name: syslog-ng
state: reloaded

18
meta/main.yml Normal file
View File

@ -0,0 +1,18 @@
---
dependencies: []
galaxy_info:
role_name: syslog
author: 'Pierre-Olivier Mercier <nemunaire+iac@nemunai.re>'
description: Setup and configure syslog-ng to a remote syslog-ng server
license: GPL-3.0-or-later
min_ansible_version: 2.9
platforms:
- name: Alpine
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []

63
tasks/main.yml Normal file
View File

@ -0,0 +1,63 @@
---
- name: install syslog-ng package (alpine)
apk:
name:
- syslog-ng
- logrotate
state: present
update_cache: yes
when: ansible_distribution == 'Alpine'
- name: remove rsyslog package (debian)
apt:
name:
- rsyslog
state: absent
when: ansible_distribution == 'Debian'
- name: install syslog-ng package (debian)
apt:
name:
- syslog-ng
- logrotate
state: present
update_cache: yes
when: ansible_distribution == 'Debian'
- name: Copy syslog configuration
template:
src: syslog-ng.conf.j2
dest: /etc/syslog-ng/syslog-ng.conf
mode: u+rw,g+r,o+r
notify:
- reload syslog
- name: configure logrotate
lineinfile:
path: /etc/logrotate.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: "^#?/var/log/messages {}", line: "#/var/log/messages {}" }
- { regexp: "^(daily|weekly|monthly|yearly)", line: "weekly" }
- { regexp: "^(size|maxsize).*", line: "maxsize 512M" }
- name: ensure syslog is disabled
service:
name: syslog
enabled: no
state: stopped
when: ansible_distribution == 'Alpine'
- name: "ensure destination directory exists on {{ item }}"
file:
path: "/var/log/{{ inventory_hostname }}"
state: directory
delegate_to: "{{ item }}"
with_items: "{{ log_hosts }}"
- name: ensure syslog-ng is enabled
service:
name: syslog-ng
enabled: yes
state: started

105
templates/syslog-ng.conf.j2 Normal file
View File

@ -0,0 +1,105 @@
@version:3.30
@include "scl.conf"
# syslog-ng configuration file.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
# Note: It also sources additional configuration files (*.conf)
# located in /etc/syslog-ng/conf.d/.
#
# Options
#
options {
# Create destination directories if missing.
create_dirs(yes);
# The default action of syslog-ng is to log a MARK line to the file every
# 20 minutes. That's seems high for most people so turn it down to once an
# hour. Set it to zero if you don't want the functionality at all.
mark_freq(3600);
# The default action of syslog-ng is to log a STATS line to the file every
# 10 minutes. That's pretty ugly after a while. Change it to every 12 hours
# so you get a nice daily update of how many messages syslog-ng missed (0).
stats_freq(43200);
# Time to wait before a died connection is re-established (default is 60).
time_reopen(5);
# Disable DNS usage.
# syslog-ng blocks on DNS queries, so enabling DNS may lead to a DoS attack.
use_dns(no);
dns-cache(no);
# Default owner, group, and permissions for log files.
owner(root);
group(adm);
perm(0640);
# Default permissions for created directories.
dir_perm(0755);
};
source src { system(); internal(); };
filter f_auth { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail) and not message("^grsec:( From [^:]+:)? exec of.*") and not (program("named") and message("^client ")); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kern { facility(kern); };
filter f_mail { facility(mail, news); };
filter f_user { facility(user); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news) and not message("^grsec:( From [^:]+:)? exec of.*"); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_audit { message("^audit.*"); };
filter f_history { message(".*HISTORY*"); };
filter f_sshguard { facility(auth, authpriv) and not program("sshguard"); };
destination authlog { file("/var/log/auth.log"); };
destination syslog { file("/var/log/syslog"); };
destination kern { file("/var/log/kern.log"); };
destination user { file("/var/log/user.log"); };
destination mailinfo { file("/var/log/mail/mail.info"); };
destination mailwarn { file("/var/log/mail/mail.warn"); };
destination mailerr { file("/var/log/mail/mail.err"); };
destination audit { file("/var/log/audit.log"); };
destination messages { file("/var/log/messages"); };
destination emergency { file("/var/log/emergency"); };
#destination sshguard { program("/usr/sbin/sshguard -w 2a01:e35:8bb7:3c60::a -w 2a01:e35:8bb7:3c60::2" template("$DATE $FULLHOST $MSGHDR$MESSAGE\n") ); };
log { source(src); filter(f_auth); destination(authlog); };
#log { source(src); filter(f_syslog); destination(syslog); }; # Comment me!
#log { source(kernsrc); filter(f_kern); destination(kern); };
#log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
#log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
#log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(emergency); };
#log { source(src); filter(f_sshguard); destination(sshguard); };
# Remote loghost
{% for host in log_hosts %}
destination loghost{{ loop.index }} { tcp6("{{ host }}"); };
log { source(src); destination(loghost{{ loop.index }}); };
{% endfor %}
# Source additional configuration files (.conf extension only)
@include "/etc/syslog-ng/conf.d/*.conf"