feat: add logging configuration for Referat 2.3 Graylog server

961901e9 · Jörg Sachse · b5c142ae · 961901e9 · 961901e9 · 961901e9
Verified Commit 961901e9 authored 1 week ago by Jörg Sachse
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -27,3 +27,10 @@
 - name: daemon-reload
  ansible.builtin.systemd:
    daemon_reload: true
+
+- name: Restart Beats.
+  ansible.builtin.systemd_service:
+    name: "{{ item }}beat.service"
+    state: restarted
+  loop:
+    - "file"
--- a/tasks/configure_graylog.yml
+++ b/tasks/configure_graylog.yml
+---
+- name: Create config directories.
+  ansible.builtin.file:
+    path: "/etc/{{ item }}"
+    state: directory
+    mode: "0o755"
+  loop:
+    - "journalbeat"
+
+- name: Configure Beats.
+  ansible.builtin.template:
+    src: "etc/{{ item }}.yml.j2"
+    dest: "/etc/{{ item }}.yml"
+    mode: "0o644"
+  loop:
+    - "filebeat/inputs.d/iesample"
+  notify: Restart Beats.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -34,3 +34,7 @@
 - name: iptables-Regeln für externe Produzenten setzen
  ansible.builtin.import_tasks: "configure_iptables_externalusers.yml"
  tags: [iptables]
+
+- name: Configure Graylog.
+  ansible.builtin.import_tasks: "configure_graylog.yml"
+  tags: [log, logs, graylog, beats, filebeat]
--- a/templates/etc/filebeat/inputs.d/iesample.yml.j2
+++ b/templates/etc/filebeat/inputs.d/iesample.yml.j2
+filebeat.inputs:
+- type: journald
+  id: check_ie_sample.service
+  seek: cursor
+  cursor_seek_fallback: tail
+  transports: [journal]
+  paths:
+    - '/var/log/journal/'
+#    - '/run/log/journal/'
+#  units: check_ie_sample.service
+#  include_matches.match:
+#    - _SYSTEMD_UNIT=check_ie_sample.service
+
+# Each - is an input. Most options can be set at the input level, so
+# you can use different inputs for various configurations.
+# Below are the input specific configurations.
+
+
+# Exclude lines. A list of regular expressions to match. It drops the lines that are
+# matching any regular expression from the list.
+  #exclude_lines: ['^DBG']
+  #exclude_lines: ['\[DEBUG\]']
+  # Include lines. A list of regular expressions to match. It exports the lines that are
+  # matching any regular expression from the list.
+  #include_lines: ['^ERR', '^WARN']
+  #exclude_files: ['/var/log/some_log_to_exclude']
+  # Optional additional fields. These fields can be freely picked
+  # to add additional information to the crawled log files for filtering
+  #fields:
+  #  level: debug
+  #  review: 1
+
+  ### Multiline options
+  # Multiline can be used for log messages spanning multiple lines. This is common
+  # for Java Stack Traces or C-Line Continuation
+  # The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
+  #multiline.pattern: ^\[
+  multiline.pattern: ^\s+
+  # Defines if the pattern set under pattern should be negated or not. Default is false.
+  #multiline.negate: false
+  # Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
+  # that was (not) matched before or after or as long as a pattern is not matched based on negate.
+  # Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
+  #multiline.match: after