summaryrefslogtreecommitdiffstats
path: root/roles/common/tasks/logging.yml
blob: d25a75edbd40bae0a472db954dae0963faa01617 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
- name: Install logging server & utilities
  apt: pkg={{ item }}
  with_items:
    - rsyslog
    - syslog-summary
    - logcheck
    - logcheck-database
    - logrotate

- name: Start rsyslog
  service: name=rsyslog state=started
  tags:
    - syslog

- name: Configure logcheck
  copy: src=etc/logcheck/{{ item }}
        dest=/etc/logcheck/{{ item }}
        owner=root group=logcheck
        mode=0640
  with_items:
    - logcheck.conf
    - ignore.d.server/common.local
    - violations.ignore.d/logcheck-sudo

- name: Minimal logging policy (1)
  lineinfile: dest=/etc/logrotate.d/rsyslog
              regexp="^/var/log/mail.(log|info)$"
              state=absent

- name: Minimal logging policy (2)
  copy: src=etc/logrotate.d/fripost-mail
        dest=/etc/logrotate.d/fripost-mail
        owner=root group=root
        mode=0644
  tags:
    - logrotate

# TODO: We also have specialized per-role logcheck rulesets, per-role
# logrotate configuration (/etc/logrotate.d), and per-role rsyslog
# configuration (/etc/rsyslog.d).