From 0261e875679f1bf63c8d689da7fc7e014597885d Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Sat, 4 Feb 2023 01:23:43 -0500 Subject: initial commit --- roles/rsyslog_server/defaults/main.yml | 14 ++++ roles/rsyslog_server/handlers/main.yml | 10 +++ roles/rsyslog_server/tasks/main.yml | 74 +++++++++++++++++ roles/rsyslog_server/templates/etc/rsyslog.conf.j2 | 97 ++++++++++++++++++++++ roles/rsyslog_server/vars/main.yml | 20 +++++ 5 files changed, 215 insertions(+) create mode 100644 roles/rsyslog_server/defaults/main.yml create mode 100644 roles/rsyslog_server/handlers/main.yml create mode 100644 roles/rsyslog_server/tasks/main.yml create mode 100644 roles/rsyslog_server/templates/etc/rsyslog.conf.j2 create mode 100644 roles/rsyslog_server/vars/main.yml (limited to 'roles/rsyslog_server') diff --git a/roles/rsyslog_server/defaults/main.yml b/roles/rsyslog_server/defaults/main.yml new file mode 100644 index 0000000..7931580 --- /dev/null +++ b/roles/rsyslog_server/defaults/main.yml @@ -0,0 +1,14 @@ +rsyslog_owner: root +rsyslog_group: root +rsyslog_file_mode: '0640' +rsyslog_dir_mode: '0750' + +rsyslog_port: 514 +rsyslog_relp_port: 20514 +rsyslog_relp_tls_port: 10514 + +rsyslog_gzip_on_calendar: daily +rsyslog_gzip_days_ago: 7 + +rsyslog_permitted_peers: + - '*.{{ ansible_domain }}' diff --git a/roles/rsyslog_server/handlers/main.yml b/roles/rsyslog_server/handlers/main.yml new file mode 100644 index 0000000..fdad349 --- /dev/null +++ b/roles/rsyslog_server/handlers/main.yml @@ -0,0 +1,10 @@ +- name: restart rsyslog + systemd: + name: rsyslog + state: restarted + +- name: reload syslog-gzip timer + systemd: + name: syslog-gzip.timer + daemon-reload: yes + state: restarted diff --git a/roles/rsyslog_server/tasks/main.yml b/roles/rsyslog_server/tasks/main.yml new file mode 100644 index 0000000..2a77388 --- /dev/null +++ b/roles/rsyslog_server/tasks/main.yml @@ -0,0 +1,74 @@ +- name: install rsyslog + dnf: + name: '{{ rsyslog_packages }}' + state: present + +- name: request TLS certificate + include_role: + name: getcert_request + vars: + certificate_service: syslog + certificate_path: '{{ rsyslog_certificate_path }}' + certificate_key_path: '{{ rsyslog_certificate_key_path }}' + certificate_hook: systemctl restart rsyslog + +- name: generate config file + template: + src: etc/rsyslog.conf.j2 + dest: /etc/rsyslog.conf + notify: restart rsyslog + +- name: create syslog-gzip systemd timer + include_role: + name: systemd_timer + vars: + timer_name: syslog-gzip + timer_description: Compress old syslog files + timer_after: nss-user-lookup.target + timer_on_calendar: '{{ rsyslog_gzip_on_calendar }}' + timer_user: '{{ rsyslog_owner }}' + timer_group: '{{ rsyslog_group }}' + timer_exec: find {{ rsyslog_storage_dir }} -type f -mtime +{{ rsyslog_gzip_days_ago }} -not -name '*.gz' -exec gzip {} ; + +- name: create syslog-update-today-symlink timer + include_role: + name: systemd_timer + vars: + timer_name: syslog-update-today-symlink + timer_description: Update today symlink in syslog dir + timer_after: nss-user-lookup.target + timer_on_calendar: daily + timer_user: '{{ rsyslog_owner }}' + timer_group: '{{ rsyslog_group }}' + timer_shell: yes + timer_exec: ln -sfT "$(date +%Y/%m/%d)" {{ rsyslog_storage_dir }}/today + +- name: create remote log directory + file: + path: '{{ rsyslog_storage_dir }}' + state: directory + +- name: create today symlink + systemd: + name: syslog-update-today-symlink.service + state: started + changed_when: no + +- name: enable rsyslog + systemd: + name: rsyslog + enabled: yes + state: started + +- name: open firewall ports + firewalld: + port: '{{ item }}' + permanent: yes + immediate: yes + state: enabled + loop: + - '{{ rsyslog_port }}/tcp' + - '{{ rsyslog_port }}/udp' + - '{{ rsyslog_relp_port }}/tcp' + - '{{ rsyslog_relp_tls_port }}/tcp' + tags: firewalld diff --git a/roles/rsyslog_server/templates/etc/rsyslog.conf.j2 b/roles/rsyslog_server/templates/etc/rsyslog.conf.j2 new file mode 100644 index 0000000..174e966 --- /dev/null +++ b/roles/rsyslog_server/templates/etc/rsyslog.conf.j2 @@ -0,0 +1,97 @@ +module(load="imklog") +module(load="imuxsock" SysSock.name="/run/systemd/journal/syslog") +module(load="imudp") +module(load="imtcp") +module(load="imfile") +module(load="imrelp" tls.tlslib="openssl") + +global( + workDirectory="/var/lib/rsyslog" + parser.escapecontrolcharactertab="off" +) + +module(load="builtin:omfile" + template="RSYSLOG_TraditionalFileFormat" + dirCreateMode="{{ rsyslog_dir_mode }}" + dirOwner="{{ rsyslog_owner }}" + dirGroup="{{ rsyslog_group }}" + fileCreateMode="{{ rsyslog_file_mode }}" + fileOwner="{{ rsyslog_owner }}" + fileGroup="{{ rsyslog_group }}") + +include(file="/etc/rsyslog.d/*.conf" mode="optional") + +template(name="RemoteLogSavePath" type="list") { + constant(value="{{ rsyslog_storage_dir }}/") + property(name="timegenerated" dateFormat="year") constant(value="/") + property(name="timegenerated" dateFormat="month") constant(value="/") + property(name="timegenerated" dateFormat="day") constant(value="/") + property(name="fromhost" caseConversion="lower") constant(value="/") + property(name="$.filename" caseConversion="lower") +} + +template(name="HttpdAccessLog_FileFormat" type="string" + string="%HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" +) + +ruleset(name="RemoteLog") { + # default filename + set $.filename = "messages.log"; + + # drop any debug messages + if not prifilt("*.info") then { + stop + } + + # program-specific overrides + if $syslogtag == {{ (rsyslog_log_by_tag + rsyslog_access_log_by_tag) | to_json }} then { + if $syslogtag == {{ rsyslog_log_by_tag | to_json }} then { + set $.filename = $syslogtag & ".log"; + } else if prifilt("*.=info") then { + set $.filename = $syslogtag & "-access.log"; + } else { + set $.filename = $syslogtag & "-error.log"; + } + + action(type="omfile" + template="HttpdAccessLog_FileFormat" + dynaFile="RemoteLogSavePath" + dynaFileCacheSize="1024" + asyncWriting="on" + flushOnTXEnd="off" + flushInterval="1" + ioBufferSize="64k") + } else { + action(type="omfile" + template="RSYSLOG_FileFormat" + dynaFile="RemoteLogSavePath" + dynaFileCacheSize="1024" + asyncWriting="on" + flushOnTXEnd="off" + flushInterval="1" + ioBufferSize="64k") + } +} + +input(type="imtcp" port="{{ rsyslog_port }}" ruleset="RemoteLog") +input(type="imudp" port="{{ rsyslog_port }}" ruleset="RemoteLog") +input(type="imrelp" port="{{ rsyslog_relp_port }}" ruleset="RemoteLog") +input(type="imrelp" + port="{{ rsyslog_relp_tls_port }}" + tls="on" + tls.caCert="{{ rsyslog_certificate_ca_path }}" + tls.myCert="{{ rsyslog_certificate_path }}" + tls.myPrivKey="{{ rsyslog_certificate_key_path }}" + tls.authMode="name" + tls.permittedPeer=["{{ rsyslog_permitted_peers | join('", "') }}"] + ruleset="RemoteLog") + + +# EL defaults +*.info;mail.none;authpriv.none;cron.none /var/log/messages +authpriv.* /var/log/secure +mail.* -/var/log/maillog +cron.* /var/log/cron +*.emerg :omusrmsg:* +uucp,news.crit /var/log/spooler +local7.* /var/log/boot.log diff --git a/roles/rsyslog_server/vars/main.yml b/roles/rsyslog_server/vars/main.yml new file mode 100644 index 0000000..3cd223c --- /dev/null +++ b/roles/rsyslog_server/vars/main.yml @@ -0,0 +1,20 @@ +rsyslog_packages: + - rsyslog + - rsyslog-doc + - rsyslog-relp + - rsyslog-openssl + +rsyslog_log_by_tag: + - unifi + - airsonic + +rsyslog_access_log_by_tag: + - httpd + - nginx + - slapd + +rsyslog_certificate_path: /etc/pki/rsyslog/syslog.pem +rsyslog_certificate_key_path: /etc/pki/rsyslog/syslog.key +rsyslog_certificate_ca_path: /etc/ipa/ca.crt + +rsyslog_storage_dir: /var/log/remote -- cgit