1 files changed, 7 insertions, 6 deletions

diff --git a/roles/common/tasks/logging.yml b/roles/common/tasks/logging.yml
index 3b86294..699c6e3 100644
--- a/roles/common/tasks/logging.yml
+++ b/roles/common/tasks/logging.yml
@@ -1,82 +1,83 @@
 - name: Install logging server & utilities
-  apt: pkg={{ item }}
-  with_items:
+  apt: pkg={{ packages }}
+  vars:
+    packages:
     - rsyslog
-    - syslog-summary
     - logcheck
     - logcheck-database
     - logrotate
 
 - name: Configure rsyslog
   copy: src=etc/rsyslog.conf
         dest=/etc/rsyslog.conf
         owner=root group=root
         mode=0644
   register: r1
   notify:
     - Restart rsyslog
   tags:
     - syslog
 
 - name: Configure postfix's custom rsyslog rules
   template: src=etc/rsyslog.d/postfix.conf.j2
             dest=/etc/rsyslog.d/postfix.conf
             owner=root group=root
             mode=0644
   register: r2
   notify:
     - Restart rsyslog
   tags:
     - syslog
 
 - name: Start rsyslog
   service: name=rsyslog state=started
   when: not (r1.changed or r2.changed)
   tags:
     - syslog
 
 - meta: flush_handlers
 
 - name: Configure logcheck (1)
   copy: src=etc/logcheck/{{ item }}
         dest=/etc/logcheck/{{ item }}
-        owner=root group=logcheck
+        owner=root group=root
         mode=0644
   with_items:
     - logcheck.conf
     - ignore.d.server/common-local
     - ignore.d.server/dovecot-local
     - ignore.d.server/postfix-local
+    - ignore.d.server/strongswan-local
     # logcheck-sudo already exists, but changing the filename for our
     # local modifications would defeat the ruleset
     - violations.ignore.d/logcheck-sudo
   tags:
     - logcheck
 
 - name: Configure logcheck (2)
   lineinfile: dest=/etc/logcheck/logcheck.logfiles
               line={{ item }}
               state=present
               create=yes
-              owner=root group=logcheck
-              mode=0640
+              owner=root group=root
+              mode=0644
   with_items:
     - /var/log/syslog
     - /var/log/auth.log
     - /var/log/mail.log
   tags:
     - logcheck
 
 - name: Minimal logging policy (1)
   lineinfile: dest=/etc/logrotate.d/rsyslog
               regexp="^/var/log/mail\\.(log|info|sasl)$"
               state=absent
               owner=root group=root
               mode=0644
 
 - name: Minimal logging policy (2)
   copy: src=etc/logrotate.d/fripost-mail
         dest=/etc/logrotate.d/fripost-mail
         owner=root group=root
         mode=0644
   tags: