From 7fd1b5ff5d86914f7b006af5f23e40792a666ea3 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Mon, 1 Mar 2021 01:27:56 +0100 Subject: [PATCH] Add rsyslog_collector role --- roles/rsyslog_collector/defaults/main.yml | 4 ++ roles/rsyslog_collector/meta/main.yml | 4 ++ roles/rsyslog_collector/tasks/main.yml | 24 +++++++++ .../templates/10-collector.conf.j2 | 53 +++++++++++++++++++ 4 files changed, 85 insertions(+) create mode 100644 roles/rsyslog_collector/defaults/main.yml create mode 100644 roles/rsyslog_collector/meta/main.yml create mode 100644 roles/rsyslog_collector/tasks/main.yml create mode 100644 roles/rsyslog_collector/templates/10-collector.conf.j2 diff --git a/roles/rsyslog_collector/defaults/main.yml b/roles/rsyslog_collector/defaults/main.yml new file mode 100644 index 0000000..d0f9337 --- /dev/null +++ b/roles/rsyslog_collector/defaults/main.yml @@ -0,0 +1,4 @@ +--- +rsyslog_inputs: [] +rsyslog_collector_base_dir: /var/log/remote +... diff --git a/roles/rsyslog_collector/meta/main.yml b/roles/rsyslog_collector/meta/main.yml new file mode 100644 index 0000000..8e7f44c --- /dev/null +++ b/roles/rsyslog_collector/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: rsyslog_common +... diff --git a/roles/rsyslog_collector/tasks/main.yml b/roles/rsyslog_collector/tasks/main.yml new file mode 100644 index 0000000..d0487e6 --- /dev/null +++ b/roles/rsyslog_collector/tasks/main.yml @@ -0,0 +1,24 @@ +--- +- name: Install rsyslog-relp if needed + become: true + apt: + name: rsyslog-relp + state: latest + when: "rsyslog_inputs | selectattr('proto', 'eq', 'relp') | list" + +- name: Ensure log storage directory exists + become: true + file: + path: "{{ rsyslog_collector_base_dir }}" + state: directory + +- name: Deploy rsyslog input configuration file + become: true + template: + src: 10-collector.conf.j2 + dest: /etc/rsyslog.d/10-collector.conf + owner: root + group: root + mode: u=rw,g=r,o=r + notify: Restart rsyslog +... diff --git a/roles/rsyslog_collector/templates/10-collector.conf.j2 b/roles/rsyslog_collector/templates/10-collector.conf.j2 new file mode 100644 index 0000000..793e519 --- /dev/null +++ b/roles/rsyslog_collector/templates/10-collector.conf.j2 @@ -0,0 +1,53 @@ +{{ ansible_managed | comment }} + +module(load="mmrm1stspace") + +{% + set input_modules = { + "relp": "imrelp", + "udp": "imudp", + } +%} + +{% + for module in rsyslog_inputs + | map(attribute="proto") + | map("extract", input_modules) + | list + | unique +%} +module(load="{{ module }}") +{% endfor %} + +template(name="incomingFilename" type="list") { + constant(value="{{ rsyslog_collector_base_dir }}/") + property(name="fromhost-ip") + constant(value="/") + property(name="timegenerated" dateFormat="year") + constant(value="-") + property(name="timegenerated" dateFormat="month") + constant(value="-") + property(name="timegenerated" dateFormat="day") + constant(value=".log") +} + +ruleset(name="handleIncomingLogs") { + action(type="mmrm1stspace") + action( + type="omfile" + dynaFile="incomingFilename" + template="RSYSLOG_FileFormat" + ) +} + +# TODO: add protocol-specific options (eg. TLS) +{% for input in rsyslog_inputs %} +input( + type="{{ input_modules[input.proto] }}" +{% if "address" in input %} + address="{{ input.address }}" +{% endif %} + port="{{ input.port }}" + ruleset="handleIncomingLogs" +) +{% endfor %}