Updating rsyslog conf (#2343)

drazenCE · web-flow · commit 6a3e9e841cb5 · 2025-02-24T14:48:20.000+01:00
* Updating-rsyslog-conf

* Adding-daemon-reload-rsyslog

* Template-update-rsyslog

* Changing-rsyslog-name-restart

* Updating-restart-method-rsyslog

* Debugging-rsyslog-service

* Enabling-rsyslog-service

* Testing-sysvinit

* Reworking-rsyslog-for-containers

* Switching-command-to-shell-container-rsyslog

* Reworking-postfix-start-stop-tasks-for-containers

* Updating-conditions-rsyslog-postfix
diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml
@@ -37,6 +37,7 @@ dependencies:
     when: is_local is not defined or not is_local
   - role: debian/rkhunter
     when: is_local is not defined or not is_local
+  - role: debian/rsyslog
   - role: debian/postfix
   - role: debian/clamav
     when: is_local is not defined or not is_local
diff --git a/roles/debian/postfix/tasks/main.yml b/roles/debian/postfix/tasks/main.yml
@@ -143,30 +143,54 @@
    - postfix.disable_syslog is defined
    - postfix.disable_syslog
 
-#- name: Restart service.
-#  ansible.builtin.service:
-#    name: rsyslog
-#    state: restarted
+- name: Restart rsyslog based on environment to apply postfix changes
+  block:
+    - name: Restart rsyslog in a container to apply postfix changes (if is_local is true)
+      ansible.builtin.shell: |
+        pkill -HUP rsyslogd || true
+      when: is_local
+
+    - name: Restart rsyslog using systemd to apply postfix changes (if is_local is false)
+      ansible.builtin.systemd:
+        name: rsyslog.service
+        state: restarted
+      when: is_local is not defined or not is_local
 
 # Needed for Docker.
-- name: Stop Postfix
-  ansible.builtin.command:
-    cmd: /usr/sbin/service postfix stop
-
-- name: Remove trailing lock files.
-  ansible.builtin.file:
-    path: "{{ lock_file }}"
-    state: absent
-  with_items:
-    - /var/spool/postfix/pid/master.pid
-    - /var/lib/postfix/master.lock
-  loop_control:
-    loop_var: lock_file
-
-- name: Create Postfix Aliases database
-  ansible.builtin.command:
-    cmd: /usr/bin/newaliases
-
-- name: Restart Postfix
-  ansible.builtin.command:
-    cmd: /usr/sbin/service postfix start
+- name: Manage Postfix Service
+  block:
+    - name: Stop Postfix in a container (if is_local is true)
+      ansible.builtin.command:
+        cmd: /usr/sbin/service postfix stop
+      when: is_local
+
+    - name: Stop Postfix using systemd (if is_local is false)
+      ansible.builtin.systemd:
+        name: postfix
+        state: stopped
+      when: is_local is not defined or not is_local
+
+    - name: Remove trailing lock files
+      ansible.builtin.file:
+        path: "{{ lock_file }}"
+        state: absent
+      with_items:
+        - /var/spool/postfix/pid/master.pid
+        - /var/lib/postfix/master.lock
+      loop_control:
+        loop_var: lock_file
+
+    - name: Create Postfix Aliases database
+      ansible.builtin.command:
+        cmd: /usr/bin/newaliases
+
+    - name: Start Postfix in a container (if is_local is true)
+      ansible.builtin.command:
+        cmd: /usr/sbin/service postfix start
+      when: is_local
+
+    - name: Start Postfix using systemd (if is_local is false)
+      ansible.builtin.systemd:
+        name: postfix
+        state: started
+      when: is_local is not defined or not is_local
diff --git a/roles/debian/rsyslog/tasks/main.yml b/roles/debian/rsyslog/tasks/main.yml
@@ -1,4 +1,10 @@
 ---
+- name: Install rsyslog with apt
+  ansible.builtin.apt:
+    name: rsyslog
+    state: present
+    update_cache: true
+
 - name: Copy rsyslog configuration in place.
   ansible.builtin.template:
     src: "rsyslog.{{ rsyslog.role }}.conf.j2"
@@ -8,7 +14,15 @@
     mode: "0644"
     force: true
 
-- name: Restart service.
-  ansible.builtin.service:
-    name: rsyslog
-    state: restarted
+- name: Restart rsyslog based on environment
+  block:
+    - name: Restart rsyslog in a container (if is_local is true)
+      ansible.builtin.shell: |
+        pkill -HUP rsyslogd || true
+      when: is_local
+
+    - name: Restart rsyslog using systemd (if is_local is false)
+      ansible.builtin.systemd:
+        name: rsyslog.service
+        state: restarted
+      when: is_local is not defined or not is_local
diff --git a/roles/debian/rsyslog/templates/rsyslog.client.conf.j2 b/roles/debian/rsyslog/templates/rsyslog.client.conf.j2
@@ -1,36 +1,30 @@
-#  /etc/rsyslog.conf	Configuration file for rsyslog.
+# /etc/rsyslog.conf configuration file for rsyslog
 #
-#			For more information see
-#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
 
 
 #################
 #### MODULES ####
 #################
 
-$ModLoad imuxsock # provides support for local system logging
-#$ModLoad imklog   # provides kernel logging support
-#$ModLoad immark  # provides --MARK-- message capability
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
 
 # provides UDP syslog reception
-#$ModLoad imudp
-#$UDPServerRun 514
+#module(load="imudp")
+#input(type="imudp" port="514")
 
 # provides TCP syslog reception
-#$ModLoad imtcp
-#$InputTCPServerRun 514
+#module(load="imtcp")
+#input(type="imtcp" port="514")
 
 
 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
 
-#
-# Use traditional timestamp format.
-# To enable high precision timestamps, comment out the following line.
-#
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
 #
 # Set the default permissions for all log files.
 #
@@ -54,68 +48,22 @@ $IncludeConfig /etc/rsyslog.d/*.conf
 ###############
 #### RULES ####
 ###############
-*.*                         @{{ rsyslog.server }}:{{ rsyslog.listen_port }}
-#
-# First some standard log files.  Log by facility.
-#
-auth,authpriv.*			/var/log/auth.log
-*.*;auth,authpriv.none		-/var/log/syslog
-#cron.*				/var/log/cron.log
-daemon.*			-/var/log/daemon.log
-kern.*				-/var/log/kern.log
-lpr.*				-/var/log/lpr.log
-mail.*				-/var/log/mail.log
-user.*				-/var/log/user.log
-
-#
-# Logging for the mail system.  Split it up so that
-# it is easy to write scripts to parse these files.
-#
-mail.info			-/var/log/mail.info
-mail.warn			-/var/log/mail.warn
-mail.err			/var/log/mail.err
 
 #
-# Logging for INN news system.
+# Log anything besides private authentication messages to a single log file
 #
-news.crit			/var/log/news/news.crit
-news.err			/var/log/news/news.err
-news.notice			-/var/log/news/news.notice
+*.*;auth,authpriv.none          -/var/log/syslog
 
 #
-# Some "catch-all" log files.
+# Log commonly used facilities to their own log file
 #
-*.=debug;\
-	auth,authpriv.none;\
-	news.none;mail.none	-/var/log/debug
-*.=info;*.=notice;*.=warn;\
-	auth,authpriv.none;\
-	cron,daemon.none;\
-	mail,news.none		-/var/log/messages
+auth,authpriv.*                 /var/log/auth.log
+cron.*                          -/var/log/cron.log
+kern.*                          -/var/log/kern.log
+mail.*                          -/var/log/mail.log
+user.*                          -/var/log/user.log
 
 #
 # Emergencies are sent to everybody logged in.
 #
-*.emerg				:omusrmsg:*
-
-#
-# I like to have messages displayed on the console, but only on a virtual
-# console I usually leave idle.
-#
-#daemon,mail.*;\
-#	news.=crit;news.=err;news.=notice;\
-#	*.=debug;*.=info;\
-#	*.=notice;*.=warn	/dev/tty8
-
-# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
-# you must invoke `xconsole' with the `-file' option:
-# 
-#    $ xconsole -file /dev/xconsole [...]
-#
-# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
-#      busy site..
-#
-daemon.*;mail.*;\
-	news.err;\
-	*.=debug;*.=info;\
-	*.=notice;*.=warn	|/dev/xconsole
+*.emerg                         :omusrmsg:*
