fix: set updated rsyslog config for central logging server

3643919c · Jörg Sachse · e3cc2974 · 3643919c · 3643919c
Commit 3643919c authored 5 months ago by Jörg Sachse
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -37,23 +37,23 @@
      listen: "save iptables rules"
 - name: restart exim
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
    name: "exim4"
    state: reloaded
    enabled: true
 - name: restart postfix
-  ansible.builtin.service:
+  ansible.builtin.systemd_service:
    name: "postfix"
    state: reloaded
 - name: restart sshd
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
    name: "sshd"
    state: reloaded
 - name: reload journald configuration
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
    name: "systemd-journald"
    state: restarted
@@ -62,18 +62,24 @@
  changed_when: false
 - name: restart logrotate.service
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
    name: "logrotate.service"
    state: reloaded
  when: ansible_os_family == "Debian"
  changed_when: false
 - name: restart zramswap
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
    name: "zramswap.service"
    state: restarted
    daemon_reload: true
+- name: restart rsyslog
+  ansible.builtin.systemd_service:
+    name: "rsyslog.service"
+    state: restarted:
+  changed_when: false
 - name: udev-Regel bekannt machen    # noqa no-changed-when
  ansible.builtin.command: "udevadm control --reload"

--- a/tasks/configure_syslog_server_logging.yml
+++ b/tasks/configure_syslog_server_logging.yml
 ---
- name: Logging auf Syslog-Server einrichten
+- name: Configure remote syslogging to Graylog.
  ansible.builtin.lineinfile:
    dest: "/etc/rsyslog.conf"
    line: "{{ item }}"
  loop:
-    - '$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"'
+    # we only log desired information to not bust our log server
-    - '*.* @{{ vault_syslog_url }}:{{ vault_syslog_port }};RSYSLOG_SyslogProtocol23Format'
+    # e.g. we don't want a message for every cron job run
- name: Logging auf Syslog-Server einrichten
+    - "auth,authpriv.*;daemon.6 @{{ vault_syslog_url }}:{{ vault_syslog_port }};RSYSLOG_SyslogProtocol23Format"
+  notify: restart rsyslog
+- name: Remove old configs for remote syslogging to Graylog.
  ansible.builtin.lineinfile:
    dest: "/etc/rsyslog.conf"
    line: "{{ item }}"
    state: absent
  loop:
    - '$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\\n"'
+    - '$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"'
+    - '*.* @sdvgraylog.slub-dresden.de:1514;RSYSLOG_SyslogProtocol23Format'
+  notify: restart rsyslog