Installs and configures a classic syslog-ng service for processing log files away from journald.
This again allows a simple, central logging service to be run on the user's own network.
This role disables journald and takes over its function!
Tested on
- ArchLinux
- ArtixLinux
- Debian based
- Debian 10 / 11
- Ubuntu 20.04
syslog_options_group: 'adm'
# The template to be used in all destination drivers expect usertty.
syslog_default_template: '${YEAR}-${MONTH}-${DAY}T${HOUR}:${MIN}:${SEC} ${LEVEL} ${MSGHDR}${MSG}\n'
# Should be added logs for grsecurity and PAX?
syslog_hardened: false
syslog_server:
log_destination: /var/log/remote
syslog_journald:
wipe_persistent: true
config:
Storage: volatile
ForwardToSyslog: 'yes'Additional log destinations to be merged with the default (syslog_defaults_logs) ones.
syslog_logs
A list of hashes, a trio of file destination, filter, log and - optionally - also a greatly simplified logrotate rule. A simplified configuration that should be sufficient for most cases.
| parameter | required | default | description |
|---|---|---|---|
id |
true |
- |
unique identifier |
source |
false |
src |
source of logging messages - 'src', or 'kernsrc' |
file_name |
false |
${id}.log |
log file relative to /var/log |
filter |
false |
program(${id}) |
filter expression |
final |
false |
false |
whether set a final flag |
delete_after_days |
false |
forever |
how many days to keep old logs for logrotate |
syslog_logs:
- id: iptables
source: kernsrc
file_name: iptables.log
filter: message("^(\\[.*\..*\] |)ip6?tables.*")
final: true
delete_after_days: 365
- id: remote
source: net
file_name: "remote/${FULLHOST}"This will produce:
destination d_iptables { file("/var/log/iptables.log" template(tmpl)); };filter f_iptables { message("^(\\[.*\..*\] |)ip6?tables.*"); };log { source(kernsrc); filter(f_iptables); destination(d_iptables); flags(final); };
support remote host like this:
`destination d_net { tcp("127.0.0.1" port(1000) log_fifo_size(1000)); };`
Additional log sources to be merged with the default (syslog_defaults_sources) ones.
| parameter | description |
|---|---|
comment |
an optional comment |
$driver |
key is name of the source driver, typically unix_stream or file(underscores are replaced with hyphens) value is the driver parameter |
syslog_sources:
src:
- comment: messages generated by syslog-ng
internal:
kernsrc:
- comment: messages from the kernel
file: /proc/kmsg
net:
- comment: messages from syslog-clients
udp:Please read Contribution
The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!
If you want to use something stable, please use a Tagged Version!
- Bodo Schulz
FREE SOFTWARE, HELL YEAH!