Configure the (basic) logging policy.

author: Guilhem Moulin <guilhem@fripost.org> 2013-10-31 01:10:49 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-06-07 02:50:31 +0200
commit: bda835d0051950c63c0f38bbf11fb6fe47b4af36 (patch)
tree: 9d3a02eb42dafddf5f151153d1058ebfc72a3cf0 /roles/common/tasks/logging.yml
parent: 42ec51e418142f68a97d96663a43ae617c971ad5 (diff)
1 files changed, 32 insertions, 0 deletions
diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
new file mode 100644
index 0000000..d305e29
--- /dev/null
+++ b/roles/common/tasks/logging.yml
@@ -0,0 +1,32 @@
+- name: Install logging server & utilities
+  apt: pkg={{ item }}
+  with_items:
+    - rsyslog
+    - syslog-summary
+    - logcheck
+    - logcheck-database
+    - logrotate
+
+- name: Configure logcheck
+  copy: src=etc/logcheck/{{ item }}
+        dest=/etc/logcheck/{{ item }}
+        owner=root group=logcheck
+        mode=0640
+  with_items:
+    - logcheck.conf
+    - ignore.d.server/common.local
+
+- name: Minimal logging policy (1)
+  lineinfile: dest=/etc/logrotate.d/rsyslog
+              regexp="^/var/log/mail.(log|info)$"
+              state=absent
+
+- name: Minimal logging policy (2)
+  copy: src=etc/logrotate.d/fripost-mail
+        dest=/etc/logrotate.d/fripost-mail
+        owner=root group=root
+        mode=0644
+
+# TODO: We also have specialized per-role logcheck rulesets, per-role
+# logrotate configuration (/etc/logrotate.d), and per-role rsyslog
+# configuration (/etc/rsyslog.d).
author	Guilhem Moulin <guilhem@fripost.org>	2013-10-31 01:10:49 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-06-07 02:50:31 +0200
commit	bda835d0051950c63c0f38bbf11fb6fe47b4af36 (patch)
tree	9d3a02eb42dafddf5f151153d1058ebfc72a3cf0 /roles/common/tasks/logging.yml
parent	42ec51e418142f68a97d96663a43ae617c971ad5 (diff)