This role manages configuration of syslog-ng
server and makes sure that it's installed.
It was tested on the following versions:
- 1.9
Currently the module was only tested on Debian.
syslog_ng_conf_file
: string, the path tosyslog-ng.conf
syslog_ng_conf_dir
: string, where are the config filessyslog_ng_user
: the owner group ofsyslog-ng.conf
syslog_ng_group
: the owner user ofsyslog-ng.conf
syslog_ng_remote_loggers
: dict of remote centralized loggers servers
Optional:
ca_certificate
: string, the root ca certificate.ca_private_key
: string, the private key from root ca certificate.syslog_cert_name
: string, name of certificate used for syslog-ng
Almost all of them has default values in defaults/main.yml
.
syslog-ng support plaintext and traffic encryption with TLS (SSL). More info
Example:
vars:
syslog_ng_remote_sources:
insecure_source:
ip: "{{ ansible_eth0.ipv4.address }}"
proto: "tcp"
port: 514
log_dir: "/space/log"
loggers:
log_auth:
filter: "facility(auth, authpriv) and not filter(f_debug);"
log_file: "$HOST/system/$YEAR/$MONTH/$DAY/auth.log"
log_apache:
filter: "facility(local6) and not filter(f_debug);"
log_file: "$HOST/application/$YEAR/$MONTH/$DAY/apache_$PROGRAM.log"
Generate And Autosign root CA:
# Generate key for root CA
openssl genrsa -des3 -out root-ca.key 2048
# Self sign CA
openssl req -new -x509 -days 3650 -key root-ca.key -out root-ca.crt
Example:
vars:
syslog_ng_remote_sources:
secure_source:
ip: "{{ ansible_eth0.ipv4.address }}"
proto: tls
port: 10514
ca_dir: "{{ syslog_ng_config_dir }}/ssl/ca"
key_file: "{{ syslog_ng_config_dir }}/ssl/{{ syslog_cert_name }}-key.pem"
cert_file: "{{ syslog_ng_config_dir }}/ssl/{{ syslog_cert_name }}-crt.pem"
log_dir: "/space/log"
loggers:
log_auth:
filter: "facility(auth, authpriv) and not filter(f_debug);"
log_file: "$HOST/system/$YEAR/$MONTH/$DAY/auth.log"
log_apache:
filter: "facility(local6) and not filter(f_debug);"
log_file: "$HOST/application/$YEAR/$MONTH/$DAY/apache_$PROGRAM.log"
syslog_cert_name: "syslog"
ca_certificate: "root-ca.pem"
ca_private_key: "root-ca-key.pem"
syslog_cert_subj:
name: 'syslog-example'
domains: ["{{ ansible_fqdn }}"]
country: 'FR'
state: 'France'
city: 'Paris'
organization: 'example'
unit: ''
email: '[email protected]'
days: 365
If you find a bug, please open an issue on GitHub.
If you want to hack some features into this role, please open an issue and we will talk about that.
ansible-syslog-ng
role was written by: