monitoring_rsyslog

xsrv.monitoring_rsyslog

This role will setup rsyslog:

• aggregation of common log files (APT/unattended-upgrades/fail2ban) to a single /var/log/syslog file
• retention policy (logrotate)
• systemd-journald storage settings
• (optional) log filtering/discarding of unwanted messages
• (optional) log forwarding over TCP/SSL/TLS

Requirements/dependencies/example playbook

See meta/main.yml

- hosts: my.CHANGEME.org
  roles:
    - nodiscc.xsrv.common # (optional) basic setup, hardening, firewall
    - nodiscc.xsrv.monitoring_rsyslog
    # - nodiscc.xsrv.monitoring # (optional) full monitoring suite including monitoring_rsyslog

See defaults/main.yml for all configuration variables

If rsyslog_enable_receive: yes, the host must be reachable by syslog clients on port 514/tcp. If rsyslog_enable_receive: yes, the host must be deployed before syslog clients in the playbook execution order (the syslog server's CA certificate must already exist in order to sign client certificates)

Tags

rsyslog - setup system log processing

License

GNU GPLv3

References

• https://stdout.root.sx/links/?searchtags=monitoring
• https://stdout.root.sx/links/?searchtags=logs