Ajout du syslog un peu partout

2019-12-21 13:52:50 +01:00
parent deb8d1bbc2
commit 7169708aa0
15 changed files with 54 additions and 6 deletions
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -8,12 +8,6 @@
  args:
    creates: /etc/nginx/dhparam.pem

- name: service nginx
-  service:
-    name: nginx
-    enabled: True
-    state: started
-
 - name: put configuration files
  template:
    src: "{{ item.src }}"
--- a/roles/nginx/templates/header.conf.j2
+++ b/roles/nginx/templates/header.conf.j2
@@ -5,4 +5,6 @@
 	ssl_certificate_key /etc/x509/{{ item }}/{{ item }}.key;
 	server_name {{ item }};
 	access_log /var/log/nginx/{{ item }}.access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/nginx/{{ item }}.error.log;
+	error_log syslog:server=unix:/dev/log;
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -39,7 +39,9 @@ http {
 		'"$request" $status $body_bytes_sent '
 		'"$http_referer" "$http_user_agent"';
 	access_log /var/log/nginx/access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/nginx/error.log;
+	error_log syslog:server=unix:/dev/log;
 	
 	##
 	# Gzip Settings
--- a/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2
+++ b/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2
@@ -5,7 +5,9 @@ server {
 	ssl_certificate_key /etc/x509/mm.pipoworld.fr/mm.pipoworld.fr.key;
 	server_name mm.pipoworld.fr mm.nintendojo.fr;
 	access_log /var/log/nginx/mm.pipoworld.fr.access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/nginx/mm.pipoworld.fr.error.log;
+	error_log syslog:server=unix:/dev/log;

 	location = / {
 		rewrite ^ /cgi-bin/mailman/listinfo permanent;
--- a/roles/nginx/templates/vhosts/r.mateu.be.conf.j2
+++ b/roles/nginx/templates/vhosts/r.mateu.be.conf.j2
@@ -4,7 +4,9 @@ server {

 	server_name r.mateu.be perso.nintendojo.fr perso.libertus.eu;
 	access_log /var/log/nginx/r.mateu.be.access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/nginx/r.mateu.be.error.log;
+	error_log syslog:server=unix:/dev/log;
 	ssl_certificate /etc/x509/r.mateu.be/fullchain.cer;
 	ssl_certificate_key /etc/x509/r.mateu.be/r.mateu.be.key;

--- a/roles/nginx/templates/vhosts/www.intendo.fr.conf.j2
+++ b/roles/nginx/templates/vhosts/www.intendo.fr.conf.j2
@@ -5,7 +5,9 @@ server {
 	ssl_certificate_key /etc/x509/intendo.fr/intendo.fr.key;
 	server_name intendo.fr www.intendo.fr;
 	access_log /var/log/intendo.fr.access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/intendo.fr.error.log;
+	error_log syslog:server=unix:/dev/log;
 	
 	location / {
 		return 302 https://www.nintendojo.fr$request_uri;
--- a/roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2
+++ b/roles/nginx/templates/vhosts/www.nintendojo.fr.conf.j2
@@ -4,7 +4,9 @@ server {
 	listen [::]:443 ssl http2;
 	server_name nintendojo.fr www.nintendojo.fr;
 	access_log /var/log/nginx/nintendojo.fr.access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/nginx/nintendojo.fr.error.log;
+	error_log syslog:server=unix:/dev/log;
 	ssl_certificate /etc/x509/www.nintendojo.fr/fullchain.cer;
 	ssl_certificate_key /etc/x509/www.nintendojo.fr/www.nintendojo.fr.key;

--- a/roles/nginx/templates/vhosts/z.libertus.eu.conf.j2
+++ b/roles/nginx/templates/vhosts/z.libertus.eu.conf.j2
@@ -4,7 +4,9 @@ server {

 	server_name z.libertus.eu autodiscover.libertus.eu;
 	access_log /var/log/nginx/z.libertus.eu.access.log combined_port;
+	access_log syslog:server=unix:/dev/log combined_port;
 	error_log /var/log/nginx/z.libertus.eu.error.log;
+	error_log syslog:server=unix:/dev/log;

 	ssl_certificate /etc/x509/z.libertus.eu/fullchain.cer;
 	ssl_certificate_key /etc/x509/z.libertus.eu/z.libertus.eu.key;
--- a/roles/rsyslog/files/remote.conf
+++ b/roles/rsyslog/files/remote.conf
@@ -0,0 +1 @@
+*.*            @syslog.dmz.mateu.be
--- a/roles/rsyslog/files/sys.conf
+++ b/roles/rsyslog/files/sys.conf
@@ -0,0 +1,11 @@
+template(name="RemoteHost" type="string" string="/srv/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.log")
+
+## Loads UDP
+module(load="imudp" port="514")
+
+ruleset(name="remote") {
+    action(type="omfile" DynaFile="RemoteHost")
+}
+
+input(type="imudp" port="514" ruleset="remote")
+
--- a/roles/rsyslog/handlers/main.yml
+++ b/roles/rsyslog/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart rsyslog
+  service:
+      name: rsyslog
+      state: restarted
--- a/roles/rsyslog/tasks/main.yml
+++ b/roles/rsyslog/tasks/main.yml
@@ -0,0 +1,17 @@
+- name: install rsyslog
+  package:
+      name: rsyslog
+      state: present
+
+- name: put log concentration file
+  copy:
+      src: files/sys.conf
+      dest: /etc/rsyslog.d/sys.conf
+  notify: restart rsyslog
+  when: "'rsyslogservers' in group_names"
+
+- name: put rsyslog config file
+  copy:
+      src: files/remote.conf
+      dest: /etc/rsyslog.d/remote.conf
+  notify: restart rsyslog