adoralaura/ansible-syslog-receiver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

first commit

Browse source
This commit is contained in:
Adora Laura Kalb 2024-01-19 08:25:49 +01:00
commit aadde72275
Signed by: adoralaura
GPG key ID: 7A4552166FC8C056
11 changed files with 365 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

160
.gitignore vendored Normal file
View file

@ -0,0 +1,160 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

18
Makefile Normal file
View file

@ -0,0 +1,18 @@
.PHONY: all venv clean
ALL_TARGETS := venv
PYTHON_BIN?=python3
all: $(ALL_TARGETS)
venv: venv/bin/activate
venv/bin/activate: requirements.txt
test -d venv || $(PYTHON_BIN) -m venv venv
. venv/bin/activate; pip install --upgrade pip wheel
. venv/bin/activate; pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org -r requirements.txt
touch venv/bin/activate
clean:
test -d venv && rm -rf venv || exit 0

3
production.yaml Normal file
View file

@ -0,0 +1,3 @@
rsyslog_receiver:
hosts:
syslog.lauka-home.net:

1
readme.md Normal file
View file

@ -0,0 +1 @@
# ansible-public-dns

2
requirements.in Normal file
View file

@ -0,0 +1,2 @@
ansible
pip-tools

53
requirements.txt Normal file
View file

@ -0,0 +1,53 @@
#
# This file is autogenerated by pip-compile with Python 3.9
# by the following command:
#
# pip-compile --output-file=requirements.txt requirements.in
#
ansible==8.7.0
# via -r requirements.in
ansible-core==2.15.8
# via ansible
build==1.0.3
# via pip-tools
cffi==1.16.0
# via cryptography
click==8.1.7
# via pip-tools
cryptography==41.0.7
# via ansible-core
importlib-metadata==7.0.1
# via build
importlib-resources==5.0.7
# via ansible-core
jinja2==3.1.3
# via ansible-core
markupsafe==2.1.3
# via jinja2
packaging==23.2
# via
# ansible-core
# build
pip-tools==7.3.0
# via -r requirements.in
pycparser==2.21
# via cffi
pyproject-hooks==1.0.0
# via build
pyyaml==6.0.1
# via ansible-core
resolvelib==1.0.1
# via ansible-core
tomli==2.0.1
# via
# build
# pip-tools
# pyproject-hooks
wheel==0.42.0
# via pip-tools
zipp==3.17.0
# via importlib-metadata
# The following packages are considered to be unsafe in a requirements file:
# pip
# setuptools

38
roles/rsyslog/tasks/main.yml Normal file
View file

@ -0,0 +1,38 @@
- name: Install rsyslog and logrotate
ansible.builtin.apt:
pkg:
- rsyslog
- logrotate
state: latest
update_cache: yes
register: package_install
- name: Configure rsyslog
ansible.builtin.template:
src: rsyslog.conf.j2
dest: /etc/rsyslog.conf
owner: root
group: root
mode: '0644'
register: rsyslog_config
- name: Configure logrotate
ansible.builtin.template:
src: rsyslog-receiver.logrotate.j2
dest: /etc/logrotate.d/rsyslog-receiver
owner: root
group: root
mode: '0644'
register: logrotate_config
- name: Restart logrotate
ansible.builtin.service:
name: rsyslog
state: restarted
when: package_install.changed or rsyslog_config.changed
- name: Restart logrotate
ansible.builtin.service:
name: logrotate
state: restarted
when: package_install.changed or logrotate_config.changed

13
roles/rsyslog/templates/rsyslog-receiver.logrotate.j2 Normal file
View file

@ -0,0 +1,13 @@
{{ syslog_path }}/*/*.log
{
rotate 14
daily
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

72
roles/rsyslog/templates/rsyslog.conf.j2 Normal file
View file

@ -0,0 +1,72 @@
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
$template RemoteLogs,"{{ syslog_path }}/%HOSTNAME%/syslog.log"
*.* ?RemoteLogs
& ~
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# Log anything besides private authentication messages to a single log file
#
*.*;auth,authpriv.none -/var/log/syslog
#
# Log commonly used facilities to their own log file
#
auth,authpriv.* /var/log/auth.log
cron.* -/var/log/cron.log
kern.* -/var/log/kern.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*

1
roles/rsyslog/vars/main.yml Normal file
View file

@ -0,0 +1 @@
syslog_path: /logs

4
rsyslog.yml Normal file
View file

@ -0,0 +1,4 @@
- hosts: rsyslog_receiver
gather_facts: no
roles:
- rsyslog