diff --git a/.ansible-lint b/.ansible-lint index 5ab59f61d..065a01693 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,3 +1,6 @@ --- profile: "production" offline: false + +skip_list: + - yaml[colons] diff --git a/roles/rsyslog/defaults/main.yml b/roles/rsyslog/defaults/main.yml index 755c27773..66bb9d220 100644 --- a/roles/rsyslog/defaults/main.yml +++ b/roles/rsyslog/defaults/main.yml @@ -1,3 +1,4 @@ +--- rsyslog_ca: /etc/pki/rsyslog/rsyslog_ca.pem rsyslog_dir: /opt/openconext/logs rsyslog_read_group: adm @@ -40,3 +41,60 @@ rsyslog_checkemptylogs_cron_minute: "0" rsyslog_checkemptylogs_cron_hour: "9" rsyslog_checkemptylogs_cron_weekdays: "1-5" rsyslog_checkemptylogs_dir: "/usr/local/bin" + +# "program" matches the syslog identifier +# "contains" and "startswith" match the syslog message +rsyslog_central_apps: + haproxy: { program: "haproxy", target: "haproxy/haproxy.log" } + keepalived: { program: "Keepalived_vrrp", target: "keepalived/keepalived.log" } + galera: { program: "mariadb", target: "galera/galera.log" } + galera_garb: { program: "garb-systemd", target: "galera/galera_garb.log" } + mongo: { program: "mongod", target: "mongo/mongo.log" } + traefik: { program: "loadbalancer", target: "traefik/traefik.log" } + eb_auth: { program: "engineblock", contains: '"channel":"authentication"', + dir: "log_logins", target: "eb-authentication.log" } + stepup_auth1: { program: "gateway", contains: '"message":"Second Factor Authenticated"', + dir: "log_logins", target: "stepup-authentication.log" } + stepup_auth2: { program: "gateway", contains: '"message":"Intrinsic Loa Requested"', + dir: "log_logins", target: "stepup-authentication.log" } + stepup_auth3: { program: "stepup-authentication", + dir: "log_logins", target: "stepup-authentication.log" } + eb_apache: { program: "engineblock", startswith: "engine", + target: "eb/apache.log" } + eb: { program: "engineblock", target: "eb/eb.log" } + eb_log: { program: "EBLOG", target: "eb/eb.log" } + eb_apache2: { program: "Apache-EB", target: "eb/apache.log" } # probabaly ununsed + eb_api: { program: "Apache-EBAPI", target: "eb-api/apache.log" } # probabaly ununsed + oidcng_server: { program: "oidcngserver", target: "oidcng/oidcng.log" } + oidcng_json: { program: "oicdngjson", target: "oidcng/oidcngjson.log" } + oidc_play_server: { program: "oidcplaygroundserver", target: "oidc-playground/oidc-playground.log" } + oidc_play_gui: { program: "oidcplaygroundgui", target: "oidc-playground/oidc-playground-apache.log" } + manage_server: { program: "manageserver", target: "manage/manage.log" } + manage_gui: { program: "managegui", target: "manage/apache.log" } + aa_server: { program: "aaserver", target: "aa/aa.log" } + aa_gui: { program: "aagui", target: "aa/apache.log" } + aa_link: { program: "aalink", target: "aa/apache.log" } + pdp: { program: "pdp", target: "pdp/pdp.log" } + voot: { program: "vootserver", target: "voot/voot.log" } + eduid_server: { program: "myconextserver", target: "eduid/myconext.log" } + eduid_json: { program: "myconextjson", target: "eduid/myconextjson.log" } + eduid_gui: { program: "myconextgui", target: "eduid/myconext-apache.log" } + eduid_account: { program: "accountgui", target: "eduid/account-apache.log" } + eduid_servicedesk: { program: "servicedeskgui", target: "eduid/servicedesk-apache.log" } + invite_client: { program: "inviteclient", target: "invite/inviteclient.log" } + invite_welcome: { program: "invitewelcome", target: "invite/invitewelcome.log" } + invite_server: { program: "inviteserver", target: "invite/inviteserver.log" } + invite_json: { program: "invitejson", target: "invite/invitejson.log" } + invite_provmock: { program: "inviteprovisioningmock", target: "invite/inviteprovisioningmock.log" } + teams_server: { program: "teamsserver", target: "teams/teams.log" } + teams_gui: { program: "teamsgui", target: "teams/apache.log" } + profile: { program: "profile", startswith: "{", + target: "profile/profile.log" } + profile_apache: { program: "profile", target: "profile/apache.log" } + spdashboard: { program: "spdashboard", startswith: "spdashboard", + target: "spdashboard/spdashboard.log" } + spdashboard_apache: { program: "spdashboard", target: "spdashboard/apache.log" } + dashboard_server: { program: "dashboardserver", target: "dashboard/dashboard.log" } + dashboard_gui: { program: "dashboardgui", target: "dashboard/apache.log" } + static: { program: "Apache-STATIC", target: "static/apache.log" } + metadata: { program: "Apache-METADATA", target: "metadata/apache.log" } diff --git a/roles/rsyslog/templates/sc_ruleset.conf.j2 b/roles/rsyslog/templates/sc_ruleset.conf.j2 index 86a0e5457..c5a5ae0d2 100644 --- a/roles/rsyslog/templates/sc_ruleset.conf.j2 +++ b/roles/rsyslog/templates/sc_ruleset.conf.j2 @@ -1,68 +1,28 @@ $RuleSet {{ item.name }} {% if item.name != "mgnt_sc" %} -if $programname == "engineblock" and $msg startswith " engine" then { action(type="omfile" DynaFile="apache-eb-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "engineblock" and $msg startswith "engine" then { action(type="omfile" DynaFile="apache-eb-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "engineblock" and $msg contains '{"channel":"authentication"' then { action(type="omfile" DynaFile="ebauth-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "engineblock" { action(type="omfile" DynaFile="eblog-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "EBLOG" { action(type="omfile" DynaFile="eblog-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "Apache-EB" { action(type="omfile" DynaFile="apache-eb-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "EBAUTH" { action(type="omfile" DynaFile="ebauth-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "haproxy" { action(type="omfile" DynaFile="haproxy-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "aaserver" { action(type="omfile" DynaFile="aa-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "aagui" { action(type="omfile" DynaFile="apache-aa-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "aalink" { action(type="omfile" DynaFile="apache-aa-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "dashboardgui" { action(type="omfile" DynaFile="apache-dashboard-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "dashboardserver" { action(type="omfile" DynaFile="dashboard-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "Apache-EBAPI" { action(type="omfile" DynaFile="apache-eb-api-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "manageserver" { action(type="omfile" DynaFile="manage-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "managegui" { action(type="omfile" DynaFile="apache-manage-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "pdp" { action(type="omfile" DynaFile="pdp-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "profile" and $msg startswith "{" then { action(type="omfile" DynaFile="profile-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "profile" { action(type="omfile" DynaFile="apache-profile-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "teamsserver" { action(type="omfile" DynaFile="teams-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "teamsgui" { action(type="omfile" DynaFile="apache-teams-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "vootserver" { action(type="omfile" DynaFile="voot-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "mariadbd" { action(type="omfile" DynaFile="galera-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "garb-systemd" { action(type="omfile" DynaFile="haproxy-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "Keepalived_vrrp" { action(type="omfile" DynaFile="keepalived-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, startswith, "mongo" { action(type="omfile" DynaFile="mongo-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "Apache-STATIC" { action(type="omfile" DynaFile="apache-static-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "Apache-METADATA" { action(type="omfile" DynaFile="apache-metadata-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "oidcngserver" { action(type="omfile" DynaFile="oidcng-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "oidcngjson" { action(type="omfile" DynaFile="oidcngjson-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "oidcplaygroundserver" { action(type="omfile" DynaFile="oidc-playground-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "oidcplaygroundgui" { action(type="omfile" DynaFile="apache-oidcplayground-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "myconextserver" { action(type="omfile" DynaFile="myconext-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "myconextjson" { action(type="omfile" DynaFile="myconextjson-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "myconextgui" { action(type="omfile" DynaFile="apache-myconext-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "accountgui" { action(type="omfile" DynaFile="apache-account-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "servicedeskgui" { action(type="omfile" DynaFile="apache-servicedesk-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, startswith, "inviteclient" { action(type="omfile" DynaFile="inviteclient-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, startswith, "invitewelcome" { action(type="omfile" DynaFile="invitewelcome-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, startswith, "inviteserver" { action(type="omfile" DynaFile="inviteserver-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "invitejson" { action(type="omfile" DynaFile="invitejson-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, startswith, "inviteprovisioningmock" { action(type="omfile" DynaFile="inviteprovisioningmock-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, startswith, "loadbalancer" { action(type="omfile" DynaFile="loadbalancer-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "gateway" and $msg contains '{"message":"Second Factor Authenticated"' then { action(type="omfile" DynaFile="stepup-authentication-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "gateway" and $msg contains '{"message":"Intrinsic Loa Requested"' then { action(type="omfile" DynaFile="stepup-authentication-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } +{% for app, config in rsyslog_central_apps.items() %} +if $programname == "{{ config.program }}" + {%- if 'contains' in config %} and $msg contains '{{ config.contains }}' {% endif -%} + {%- if 'startswith' in config %} and $msg startswith '{{ config.startswith }}' {% endif %} + then { action(type="omfile" DynaFile="{{ app }}-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } +{% endfor %} {% for stepupapp in stepupapps %} -:programname, isequal, "stepup-{{ stepupapp }}" { action(type="omfile" DynaFile="stepup-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "{{ stepupapp }}" and $msg startswith "{{ stepupapp }}" then { action(type="omfile" DynaFile="apache-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "{{ stepupapp }}" { action(type="omfile" DynaFile="stepup-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "Apache-{{ stepupapp }}" { action(type="omfile" DynaFile="apache-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } +if $programname == "stepup-{{ stepupapp }}" then { action(type="omfile" DynaFile="stepup-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "{{ stepupapp }}" and $msg startswith "{{ stepupapp }}" then { action(type="omfile" DynaFile="apache-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "{{ stepupapp }}" then { action(type="omfile" DynaFile="stepup-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "Apache-{{ stepupapp }}" then { action(type="omfile" DynaFile="apache-{{ stepupapp }}-{{item.name }}" {{ rsyslog_dir_file_modes }}) stop } {% endfor %} -:programname, isequal, "Apache-azuremfa" { action(type="omfile" DynaFile="apache-azure-mfa-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -if $programname == "spdashboard" and $msg startswith "spdashboard" then { action(type="omfile" DynaFile="apache-spdashboard-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "spdashboard" { action(type="omfile" DynaFile="spdashboard-{{item.name }}" {{ rsyslog_dir_file_modes }} ) stop } +if $programname == "Apache-azuremfa" then { action(type="omfile" DynaFile="apache-azure-mfa-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } + -:programname, isequal, "stepup-authentication" { action(type="omfile" DynaFile="stepup-authentication-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } {% endif %} -:programname, isequal, "audispd" { action(type="omfile" DynaFile="auditd-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "audit" { action(type="omfile" DynaFile="auditd-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "audisp-syslog" { action(type="omfile" DynaFile="auditd-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:programname, isequal, "-bash" { action(type="omfile" DynaFile="bash-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:syslogfacility-text, isequal, "authpriv" { action(type="omfile" dynafile="secure-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } -:msg, contains, "-- MARK --" { action(type="omfile" DynaFile="MARK-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop } +if $programname == "audispd" then { action(type="omfile" DynaFile="auditd-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "audit" then { action(type="omfile" DynaFile="auditd-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "audisp-syslog" then { action(type="omfile" DynaFile="auditd-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "-bash" then { action(type="omfile" DynaFile="bash-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $programname == "authpriv" then { action(type="omfile" Dynafile="secure-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } +if $msg contains "-- MARK --" then { action(type="omfile" DynaFile="MARK-{{ item.name }}" {{ rsyslog_dir_file_modes }}) stop } + *.* ?hostleft-{{ item.name }} diff --git a/roles/rsyslog/templates/sc_template.conf.j2 b/roles/rsyslog/templates/sc_template.conf.j2 index d6b765f0a..96cc57014 100644 --- a/roles/rsyslog/templates/sc_template.conf.j2 +++ b/roles/rsyslog/templates/sc_template.conf.j2 @@ -1,59 +1,20 @@ {% if item.name != "mgnt_sc" %} -$template haproxy-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/haproxy/haproxy.log" -$template aa-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/aa/aa.log" -$template apache-aa-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/aa/apache.log" -$template apache-aalink-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/link/apache.log" -$template dashboard-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/dashboard/dashboard.log" -$template apache-dashboard-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/dashboard/apache.log" -$template eb-api-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eb-api/eb-api.log" -$template apache-eb-api-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eb-api/apache.log" -$template manage-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/manage/manage.log" -$template apache-manage-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/manage/apache.log" -$template pdp-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/pdp/pdp.log" -$template pdpanalytics-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/pdp/pdpanalytics.log" -$template apache-pdp-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/pdp/apache.log" -$template profile-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/profile/profile.log" -$template apache-profile-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/profile/apache.log" -$template teams-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/teams/teams.log" -$template apache-teams-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/teams/apache.log" -$template voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/voot/voot.log" -$template apache-voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/voot/apache.log" -$template galera-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/galera/galera.log" -$template garb-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/galera/galera_garb.log" -$template keepalived-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/keepalived/keepalived.log" -$template mongo-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/mongo/mongo.log" -$template apache-static-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/static/apache.log" -$template apache-eb-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eb/apache.log" -$template eblog-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eb/eb.log" -$template apache-metadata-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/metadata/apache.log" -$template ebauth-{{ item.name }}, "{{ rsyslog_dir }}/log_logins/{{ item.name }}/eb-authentication.log" -$template oidcng-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/oidcng/oidcng.log" -$template oidcngjson-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/oidcng/oidcngjson.log" -$template apache-oidcng-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/oidcng/apache.log" -$template oidc-playground-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/oidc-playground/oidc-playground.log" -$template apache-oidcplayground-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/oidc-playground/oidc-playground-apache.log" -$template myconext-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eduid/myconext.log" -$template myconextjson-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eduid/myconextjson.log" -$template apache-myconext-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eduid/myconext-apache.log" -$template apache-account-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eduid/account-apache.log" -$template apache-servicedesk-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/servicedeskgui/servicedesk-apache.log -$template apache-eduid-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eduid/eduid-apache.log" -$template spdashboard-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/spdashboard/spdashboard.log" -$template apache-spdashboard-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/spdashboard/apache.log" -$template inviteclient-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/invite//inviteclient.log" -$template invitewelcome-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/invite//invitewelcome.log" -$template inviteserver-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/invite//inviteserver.log" -$template invitejson-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/invite/invitejson.log" -$template inviteprovisioningmock-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/invite//inviteprovisioningmock.log" -$template loadbalancer-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/traefik/traefik.log" + +{% for app, config in rsyslog_central_apps.items() %} +{% set dir = config.dir if 'dir' in config else 'apps' %} +$template {{ app }}-{{ item.name }}, "{{ rsyslog_dir }}/{{ dir }}/{{ item.name }}/{{ config.target }}" +{% endfor %} + {% for stepupapp in stepupapps %} $template stepup-{{ stepupapp }}-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/{{ stepupapp }}/{{ stepupapp }}.log $template apache-{{ stepupapp }}-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/{{ stepupapp }}/{{ stepupapp }}-apache.log {% endfor %} -$template stepup-authentication-{{ item.name }}, "{{ rsyslog_dir }}/log_logins/{{ item.name }}/stepup-authentication.log" + {% endif %} + $template auditd-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/auditd/%HOSTNAME%/auditd.log" $template bash-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/bash/%HOSTNAME%/bash.log" $template secure-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/secure/%HOSTNAME%/secure.log" $template MARK-{{ item.name }}, "{{ rsyslog_dir }}/monitoring/%HOSTNAME%" + $template hostleft-{{ item.name }}, "{{ rsyslog_dir }}/hosts/{{ item.name }}/%HOSTNAME%/%SYSLOGFACILITY-TEXT%"