From 3643919c0cf479da8666bd5d95b7a1d31ecbbfd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Tue, 14 Jan 2025 13:39:24 +0100
Subject: [PATCH] fix: set updated rsyslog config for central logging server

---
 handlers/main.yml                         | 18 ++++++++++++------
 tasks/configure_syslog_server_logging.yml | 14 ++++++++++----
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index f76334e..88da027 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -37,23 +37,23 @@
       listen: "save iptables rules"
 
 - name: restart exim
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: "exim4"
     state: reloaded
     enabled: true
 
 - name: restart postfix
-  ansible.builtin.service:
+  ansible.builtin.systemd_service:
     name: "postfix"
     state: reloaded
 
 - name: restart sshd
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: "sshd"
     state: reloaded
 
 - name: reload journald configuration
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: "systemd-journald"
     state: restarted
 
@@ -62,18 +62,24 @@
   changed_when: false
 
 - name: restart logrotate.service
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: "logrotate.service"
     state: reloaded
   when: ansible_os_family == "Debian"
   changed_when: false
 
 - name: restart zramswap
-  ansible.builtin.systemd:
+  ansible.builtin.systemd_service:
     name: "zramswap.service"
     state: restarted
     daemon_reload: true
 
+- name: restart rsyslog
+  ansible.builtin.systemd_service:
+    name: "rsyslog.service"
+    state: restarted:
+  changed_when: false
+
 - name: udev-Regel bekannt machen    # noqa no-changed-when
   ansible.builtin.command: "udevadm control --reload"
 
diff --git a/tasks/configure_syslog_server_logging.yml b/tasks/configure_syslog_server_logging.yml
index a6b1a9a..f973c23 100644
--- a/tasks/configure_syslog_server_logging.yml
+++ b/tasks/configure_syslog_server_logging.yml
@@ -1,15 +1,21 @@
 ---
-- name: Logging auf Syslog-Server einrichten
+- name: Configure remote syslogging to Graylog.
   ansible.builtin.lineinfile:
     dest: "/etc/rsyslog.conf"
     line: "{{ item }}"
   loop:
-    - '$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"'
-    - '*.* @{{ vault_syslog_url }}:{{ vault_syslog_port }};RSYSLOG_SyslogProtocol23Format'
-- name: Logging auf Syslog-Server einrichten
+    # we only log desired information to not bust our log server
+    # e.g. we don't want a message for every cron job run
+    - "auth,authpriv.*;daemon.6 @{{ vault_syslog_url }}:{{ vault_syslog_port }};RSYSLOG_SyslogProtocol23Format"
+  notify: restart rsyslog
+
+- name: Remove old configs for remote syslogging to Graylog.
   ansible.builtin.lineinfile:
     dest: "/etc/rsyslog.conf"
     line: "{{ item }}"
     state: absent
   loop:
     - '$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\\n"'
+    - '$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"'
+    - '*.* @sdvgraylog.slub-dresden.de:1514;RSYSLOG_SyslogProtocol23Format'
+  notify: restart rsyslog
-- 
GitLab