Merge branch 'rsyslog' into 'newinfra'

[rsyslog-server] tealc is the rsyslog server See merge request !166

Merge branch 'rsyslog' into 'newinfra'
[rsyslog-server] tealc is the rsyslog server See merge request !166
f750f507 · Benjamin Graillot · 61508881 · c8ed25a7 · f750f507 · f750f507
Commit f750f507 authored 4 years ago by Benjamin Graillot
--- a/plays/logs.yml
+++ b/plays/logs.yml
 #!/usr/bin/env ansible-playbook
 ---
-# thot is the log server.
-# Servers need to send their logs to thot.
+# tealc is the log server.
+# Servers need to send their logs to tealc.

-# Send logs to thot
- hosts: server,!thot.adm.crans.org
+# Send logs to tealc
+- hosts: server,!tealc.adm.crans.org
  vars:
    rsyslog:
-      server: thot.adm.crans.org
+      server: 172.16.10.1
  roles: ["rsyslog-client"]
+
+- hosts: tealc.adm.crans.org
+  roles:
+    - rsyslog-server
--- a/roles/rsyslog-server/tasks/main.yml
+++ b/roles/rsyslog-server/tasks/main.yml
+---
+- name: Deploy rsyslog cablage config
+  template:
+    src: rsyslog.d/30-cablage.conf.j2
+    dest: /etc/rsyslog.d/30-cablage.conf
+    mode: 0640
+    owner: root
+    group: root
+
+- name: Deploy rsyslog listen relp config
+  template:
+    src: rsyslog.d/52-listen_relp.conf.j2
+    dest: /etc/rsyslog.d/52-listen_relp.conf
+    mode: 0640
+    owner: root
+    group: root
+
+- name: Deploy rsyslog listen switches config
+  template:
+    src: rsyslog.d/53-listen_switches.conf.j2
+    dest: /etc/rsyslog.d/53-listen_switches.conf
+    mode: 0640
+    owner: root
+    group: root
--- a/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
+++ b/roles/rsyslog-server/templates/rsyslog.d/30-cablage.conf.j2
+{{ ansible_header | comment }}
+
+# Logs des switches
+
+if $fromhost-ip startswith '172.16.33.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
+
+# Logs des bornes
+
+## Dropbear est atteint de logorhée, une partie de ses logs ne sont pas vitaux
+if $programname contains "dropbear" and $msg contains "Exit before auth: Exited normally" then ~
+if $programname contains "dropbear" and re_match($msg, "Child connection from (127.0.0.1|::1|10.231.148.102)") then ~
+if $programname contains "dropbear" and re_match($msg, "Pubkey auth succeeded .* from 10.231.148.102") then ~
+if $programname contains "dropbear" and re_match($msg, "Exit \\(.*\\): Disconnect received") then ~
+
+if $fromhost-ip startswith '172.16.34.' then /pool/logs/tealc/cablage/global.log; CablageFileFormat
+
+# Logs RADIUS
+if $programname contains 'freeradius' then /pool/logs/tealc/cablage/global.log
+if $programname contains 'radiusd' then /pool/logs/tealc/cablage/global.log
+
+# Logs DHCP
+if $programname contains 'dhcpd' then /pool/logs/tealc/cablage/global.log
--- a/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
+++ b/roles/rsyslog-server/templates/rsyslog.d/52-listen_relp.conf.j2
+{{ ansible_header | comment }}
+
+$ModLoad imrelp
+$InputRELPServerRun 20514
--- a/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
+++ b/roles/rsyslog-server/templates/rsyslog.d/53-listen_switches.conf.j2
+{{ ansible_header | comment }}
+
+# Réception en udp: pour les switchs seulement
+# et les bornes wifi
+$ModLoad imudp
+$UDPServerRun 514
+
+$AllowedSender UDP, 127.0.0.1, *.adm.crans.org, 172.16.10.0/24, *.infra.crans.org, 172.16.33.0/24, 172.16.34.0/24