feat: add logging configuration for Referat 2.3 Graylog server

1fbcbd63 · Jörg Sachse · b8d2e02d · 1fbcbd63 · 1fbcbd63 · 1fbcbd63
Verified Commit 1fbcbd63 authored 2 weeks ago by Jörg Sachse
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -54,3 +54,12 @@
    - name: save rules
      ansible.builtin.command: /usr/sbin/iptables-save        # noqa no-changed-when
      listen: "save iptables rules"
+- name: Restart Beats.
+  ansible.builtin.systemd_service:
+    name: "{{ item }}beat.service"
+    state: restarted
+  loop:
+    - "audit"
+    - "file"
+    # - "journal"
--- a/tasks/configure_graylog.yml
+++ b/tasks/configure_graylog.yml
+---
+- name: Create config directories.
+  ansible.builtin.file:
+    path: "/etc/{{ item }}"
+    state: directory
+    mode: "0o755"
+  loop:
+    - "filebeat/inputs.d"
+    - "journalbeat"
+- name: Configure Beats.
+  ansible.builtin.template:
+    src: "etc/{{ item }}.yml.j2"
+    dest: "/etc/{{ item }}.yml"
+    mode: "0o644"
+  loop:
+    - "filebeat/inputs.d/repair"
+  notify: Restart Beats.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -46,3 +46,7 @@
 - name: configure iptables Firewall
  ansible.builtin.import_tasks: "configure_iptables_externalusers.yml"
  tags: [iptables, firewall]
+- name: Configure Graylog.
+  ansible.builtin.import_tasks: "configure_graylog.yml"
+  tags: [log, logs, graylog, beats, filebeat]
--- a/templates/etc/filebeat/inputs.d/repair.yml.j2
+++ b/templates/etc/filebeat/inputs.d/repair.yml.j2
+filebeat.inputs:
+#- type: filestream
+#  id: <hostname>
+#  enabled: true
+#  paths: 
+#    - /path/to/custom/log
+- type: filestream
+  id: {{ ansible_hostname }}
+  enabled: true
+  paths:
+    - /var/log/repair/{{ ansible_hostname }}/repair_daemon.log
+# Each - is an input. Most options can be set at the input level, so
+# you can use different inputs for various configurations.
+# Below are the input specific configurations.
+# Exclude lines. A list of regular expressions to match. It drops the lines that are
+# matching any regular expression from the list.
+#exclude_lines: ['^DBG']
+# Include lines. A list of regular expressions to match. It exports the lines that are
+# matching any regular expression from the list.
+#include_lines: ['^ERR', '^WARN']
+#exclude_files: ['/var/log/some_log_to_exclude']
+# Optional additional fields. These fields can be freely picked
+# to add additional information to the crawled log files for filtering
+#fields:
+#  level: debug
+#  review: 1
+### Multiline options
+# Multiline can be used for log messages spanning multiple lines. This is common
+# for Java Stack Traces or C-Line Continuation
+# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
+#multiline.pattern: ^\[
+multiline.pattern: ^.*\s+
+# Defines if the pattern set under pattern should be negated or not. Default is false.
+#multiline.negate: false
+# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
+# that was (not) matched before or after or as long as a pattern is not matched based on negate.
+# Note: After is the equivalent to previous and before is the equivalent to to next in Logstash
+#multiline.match: after