[Bug report] "create directory for syslog clients" create unexpected directory

Ansible Role: `syslog-ng`

Installs and configures a classic syslog-ng service for processing log files away from journald.

This again allows a simple, central logging service to be run on the user's own network.

This role disables journald and takes over its function!

Further development of this Ansible role has been moved to Collection bodsch.core. This repository will therefore no longer be actively maintained.

Requirements & Dependencies

Ansible Collections

bodsch.core

ansible-galaxy collection install bodsch.core

or

ansible-galaxy collection install --requirements-file collections.yml

tested operating systems

Tested on

ArchLinux
ArtixLinux
Debian based
- Debian 10 / 11 / 12
- Ubuntu 20.04 / 22.04

usage

syslog_options: {}

syslog_logs: {}

syslog_sources:
  src:
    - comment: messages generated by syslog-ng
      system:

syslog_message_templates: {}

syslog_journald:
  wipe_persistent: true
  config:
    Storage: volatile
    ForwardToSyslog: 'yes'

syslog_hardened: false

syslog_systemd_template: default

`syslog_options`

syslog_options:
  chain_hostnames: false
  create_dirs: false
  dns-cache: false
  flush_lines: 0
  group: "adm"
  keep_hostname: true
  log_fifo_size: 10000
  mark_freq: 3600
  perm: "0640"
  stats_freq: 43200
  time_reopen: 10
  ts_format: iso
  use_dns: false
  use_fqdn: false

`syslog_logs`

Additional log destinations to be merged with the default (syslog_defaults_logs) ones.

syslog_logs

A list of hashes, a trio of file destination, filter, log. A simplified configuration that should be sufficient for most cases.

parameter	required	default	description
`source`	`false`	`src`	source of logging messages - 'src', or 'kernsrc'
`destination.file`	`false`	`${key}.log`	log file relative to `/var/log`. (The basic directory is created automatically.)
`destination.udp`	`false`	`-`	`udp` log Destination to an remote syslog server.
`destination.tcp`	`false`	`-`	`tcp` log Destination to an remote syslog server.
`filter.name`	`false`	`${key}`	An (optional) name of the filter. If it is not specified, the `${key}` is used as name.
`filter.filter`	`false`	`program(${key})`	The syslog filter. This can be a simple string or a list of strings. The list is connected with an `and`.
`final`	`false`	`false`	whether set a final flag

Only one log destination may be defined! So either file, or udp / tcp!

Example

syslog_logs:
  kern:
    source: kernsrc
    destination:
      file: kernel.log
    filter:
      name: kern
      filter: facility(kern)
  messages:
    file_name: messages.log
    filter:
      filter:
        - level(info..alert)
        - level(debug..notice)
        - not facility(auth, authpriv, mail, cron, kern, local7)
        - not program (syslog-ng)
        - not program (dhcpd)
        - not program(named)
  iptables:
    source: kernsrc
    destination:
      file: iptables.log
    filter:
      filter: message("^(\\[.*\..*\] |)ip6?tables.*")
    final: true
  remote:
    source: net
    template: nginx
    destination:
      file: "remote/nginx/${FULLHOST}.log"
  loghost:
    source: s_remote
    destination:
      udp:
        ip: "10.10.0.1"
        port: 514
        spoof_source: true

`syslog_sources`

Additional log sources to be merged with the default (syslog_defaults_sources) ones.

parameter	description
`comment`	an optional comment
`$driver`	key is name of the source driver, typically `unix_stream` or `file` (underscores are replaced with hyphens) value is the driver parameter

Example

syslog_sources:
  src:
    - comment: messages generated by syslog-ng
      internal:
  kernsrc:
    - comment: messages from the kernel
      file: /proc/kmsg
  net:
    - comment: messages from syslog-clients
      udp:
  s_remote:
    - comment: remote sources on port 5140
      tcp:
        ip: 0.0.0.0
        port: 5140
      udp: 
        ip: 0.0.0.0
        port: 5140

`syslog_message_templates`

You can define your own templates for log files. This makes it possible to give each log file a suitable output format.

By default, a template called tmpl is created, which is defined as follows:

'${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n'

By default, each destrination is assigned this template.
If this is not desired, use_template must be set in the syslog_logs configuration.

syslog_logs:
  ansible:
    file_name: ansible.log
    filter:
      filter: program(ansible)
    use_template: false

If a destination is to have its own output format, the defined template must be specified under template.

syslog_message_templates:
  nginx: '${MSG}\n'

syslog_logs:
  remote:
    source: net
    template: ngix
    destination:
      file: "remote/${FULLHOST}.log"

Contribution

Please read Contribution

Development, Branches (Git Tags)

The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!

If you want to use something stable, please use a Tagged Version!

Author and License

Bodo Schulz

License

Apache

FREE SOFTWARE, HELL YEAH!

bodsch / ansible-syslog-ng Goto Github PK

ansible-syslog-ng's Introduction

Ansible Role: syslog-ng

Requirements & Dependencies

tested operating systems

usage

syslog_options

syslog_logs

Example

syslog_sources

Example

syslog_message_templates

Contribution

Development, Branches (Git Tags)

Author and License

License

ansible-syslog-ng's People

Contributors

Stargazers

Watchers

Forkers

ansible-syslog-ng's Issues

Recommend Projects

Recommend Topics

Recommend Org

Ansible Role: `syslog-ng`

`syslog_options`

`syslog_logs`

`syslog_sources`

`syslog_message_templates`