diff --git a/group_vars/all.yaml b/group_vars/all.yaml index 21618b1..3ebfac3 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -2,3 +2,4 @@ checks: nsca_server: 192.168.122.107 nsca_password: HISTORY_PURGED_SECRET +RSYSLOG_SERVER: internal.monitoring.atlantishq.de diff --git a/roles/rsyslog-client/tasks/main.yaml b/roles/rsyslog-client/tasks/main.yaml new file mode 100644 index 0000000..a2c8dde --- /dev/null +++ b/roles/rsyslog-client/tasks/main.yaml @@ -0,0 +1,20 @@ +- name: Install Dependecies + apt: + pkg: + - rsyslog + state: present + with_items: + +- name: Rsyslog Main config + template: + src: rsyslog.conf.j2 + dest: /etc/rsyslog.conf + mode: 0755 + notify: + - restart rsyslog + +- name: Enable and start rsyslog + systemd: + name: rsyslog.service + state: started + enabled: yes diff --git a/roles/rsyslog-client/templates/rsyslog.conf.j2 b/roles/rsyslog-client/templates/rsyslog.conf.j2 new file mode 100644 index 0000000..6b94773 --- /dev/null +++ b/roles/rsyslog-client/templates/rsyslog.conf.j2 @@ -0,0 +1,94 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +#module(load="imudp") +#input(type="imudp" port="514") + +# provides TCP syslog reception +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +#*.emerg :omusrmsg:* + +*. * @@{{ RSYSLOG_SERVER }}:514 diff --git a/roles/rsyslog-server/tasks/main.yaml b/roles/rsyslog-server/tasks/main.yaml new file mode 100644 index 0000000..1e965f3 --- /dev/null +++ b/roles/rsyslog-server/tasks/main.yaml @@ -0,0 +1,29 @@ +- name: Install Dependecies + apt: + pkg: + - rsyslog + - rsyslog-psql + state: present + with_items: + +- name: Rsyslog Main config + template: + src: rsyslog.conf.j2 + dest: /etc/rsyslog.conf + mode: 0755 + notify: + - restart rsyslog + +- name: Rsyslog Database config + template: + src: psql.conf.j2 + dest: /etc/rsyslog.d/psql.conf + mode: 0755 + notify: + - restart rsyslog + +- name: Enable and start nsca-ng + systemd: + name: rsyslog.service + state: started + enabled: yes diff --git a/roles/rsyslog-server/templates/rsyslog.conf.j2 b/roles/rsyslog-server/templates/rsyslog.conf.j2 new file mode 100644 index 0000000..f261a99 --- /dev/null +++ b/roles/rsyslog-server/templates/rsyslog.conf.j2 @@ -0,0 +1,96 @@ +# /etc/rsyslog.conf configuration file for rsyslog +# +# For more information install rsyslog-doc and see +# /usr/share/doc/rsyslog-doc/html/configuration/index.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +#module(load="imudp") +#input(type="imudp" port="514") + +# provides TCP syslog reception +module(load="imtcp") +input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + + +############### +#### RULES #### +############### + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail.none -/var/log/messages + +$CreateDirs on +$template RemoteLogs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log" +*.* ?RemoteLogs + +# +# Emergencies are sent to everybody logged in. +# +#*.emerg :omusrmsg:*