Tel logcheck which logs to monitor.

1 files changed, 15 insertions, 1 deletions

diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
index 9430d0b..62727c9 100644
--- a/roles/common/tasks/logging.yml
+++ b/roles/common/tasks/logging.yml
@@ -20,48 +20,62 @@
 
 - name: Configure postfix's custom rsyslog rules
   template: src=etc/rsyslog.d/postfix.conf.j2
             dest=/etc/rsyslog.d/postfix.conf
             owner=root group=root
             mode=0644
   register: r2
   notify:
     - Restart rsyslog
   tags:
     - syslog
 
 - name: Start rsyslog
   service: name=rsyslog state=started
   when: not (r1.changed or r2.changed)
   tags:
     - syslog
 
 - meta: flush_handlers
 
-- name: Configure logcheck
+- name: Configure logcheck (1)
   copy: src=etc/logcheck/{{ item }}
         dest=/etc/logcheck/{{ item }}
         owner=root group=logcheck
         mode=0644
   with_items:
     - logcheck.conf
     - ignore.d.server/common-local
     - ignore.d.server/dovecot-local
     - ignore.d.server/postfix-local
     # logcheck-sudo already exists, but changing the filename for our
     # local modifications would defeat the ruleset
     - violations.ignore.d/logcheck-sudo
   tags:
     - logcheck
 
+- name: Configure logcheck (2)
+  lineinfile: dest=/etc/logcheck/logcheck.logfiles
+              line={{ item }}
+              state=present
+              create=yes
+              owner=root group=logcheck
+              mode=0640
+  with_items:
+    - /var/log/syslog
+    - /var/log/auth.log
+    - /var/log/mail.log
+  tags:
+    - logcheck
+
 - name: Minimal logging policy (1)
   lineinfile: dest=/etc/logrotate.d/rsyslog
               regexp="^/var/log/mail\\.(log|info|sasl)$"
               state=absent
 
 - name: Minimal logging policy (2)
   copy: src=etc/logrotate.d/fripost-mail
         dest=/etc/logrotate.d/fripost-mail
         owner=root group=root
         mode=0644
   tags:
     - logrotate