Ansible Role: syslog-ng

Installs and configures a classic syslog-ng service for processing log files away from journald.

This again allows a simple, central logging service to be run on the user's own network.

This role disables journald and takes over its function!

Requirements & Dependencies

Ansible Collections

• bodsch.core

ansible-galaxy collection install bodsch.core

or

ansible-galaxy collection install --requirements-file collections.yml

tested operating systems

Tested on

• ArchLinux
• ArtixLinux
• Debian based
  • Debian 10 / 11
  • Ubuntu 20.04

usage

syslog_options: {}

syslog_logs: {}

syslog_sources:
  src:
    - comment: messages generated by syslog-ng
      system:

syslog_message_templates: {}

syslog_journald:
  wipe_persistent: true
  config:
    Storage: volatile
    ForwardToSyslog: 'yes'

syslog_hardened: false

syslog_systemd_template: default

syslog_options

syslog_options:
  chain_hostnames: false
  create_dirs: false
  dns-cache: false
  flush_lines: 0
  group: "adm"
  keep_hostname: true
  log_fifo_size: 10000
  mark_freq: 3600
  perm: "0640"
  stats_freq: 43200
  time_reopen: 10
  ts_format: iso
  use_dns: false
  use_fqdn: false

syslog_logs

Additional log destinations to be merged with the default (syslog_defaults_logs) ones.

syslog_logs

A list of hashes, a trio of file destination, filter, log. A simplified configuration that should be sufficient for most cases.

parameter	required	default	description
source	false	src	source of logging messages - 'src', or 'kernsrc'
destination.file	false	${key}.log	log file relative to /var/log. (The basic directory is created automatically.)
destination.udp	false	-	udp log Destination to an remote syslog server.
destination.tcp	false	-	tcp log Destination to an remote syslog server.
filter.name	false	${key}	An (optional) name of the filter. If it is not specified, the ${key} is used as name.
filter.filter	false	program(${key})	The syslog filter. This can be a simple string or a list of strings. The list is connected with an and.
final	false	false	whether set a final flag

Only one log destination may be defined! So either file, or udp / tcp!

Example

syslog_logs:
  kern:
    source: kernsrc
    destination:
      file: kernel.log
    filter:
      name: kern
      filter: facility(kern)
  messages:
    file_name: messages.log
    filter:
      filter:
        - level(info..alert)
        - level(debug..notice)
        - not facility(auth, authpriv, mail, cron, kern, local7)
        - not program (syslog-ng)
        - not program (dhcpd)
        - not program(named)
  iptables:
    source: kernsrc
    destination:
      file: iptables.log
    filter:
      filter: message("^(\\[.*\..*\] |)ip6?tables.*")
    final: true
  remote:
    source: net
    template: nginx
    destination:
      file: "remote/nginx/${FULLHOST}.log"
  loghost:
    source: s_remote
    destination:
      udp:
        ip: "10.10.0.1"
        port: 514
        spoof_source: true

syslog_sources

Additional log sources to be merged with the default (syslog_defaults_sources) ones.

parameter	description
comment	an optional comment
$driver	key is name of the source driver, typically unix_stream or file (underscores are replaced with hyphens) value is the driver parameter

Example

syslog_sources:
  src:
    - comment: messages generated by syslog-ng
      internal:
  kernsrc:
    - comment: messages from the kernel
      file: /proc/kmsg
  net:
    - comment: messages from syslog-clients
      udp:
  s_remote:
    - comment: remote sources on port 5140
      tcp:
        ip: 0.0.0.0
        port: 5140
      udp: 'ip(0.0.0.0) port(5140)'      

syslog_message_templates

You can define your own templates for log files. This makes it possible to give each log file a suitable output format.

By default, a template called tmpl is created, which is defined as follows:

'${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n'

By default, each destrination is assigned this template.
If this is not desired, use_template must be set in the syslog_logs configuration.

syslog_logs:
  ansible:
    file_name: ansible.log
    filter:
      filter: program(ansible)
    use_template: false

If a destination is to have its own output format, the defined template must be specified under template.

syslog_message_templates:
  nginx: '${MSG}\n'

syslog_logs:
  remote:
    source: net
    template: ngix
    destination:
      file: "remote/${FULLHOST}.log"

Contribution

Please read Contribution

Development, Branches (Git Tags)

The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!

If you want to use something stable, please use a Tagged Version!

---

Author and License

• Bodo Schulz

License

Apache

FREE SOFTWARE, HELL YEAH!