Brzozova
Reputation: 382
Problem with variables and creating a file using rsyslog and ansible
I am trying to redirect Mikrotik logs from remote server to local using rsyslog and automating this with Ansible.
This is /roles/rsyslog/tasks/main.yml:
- name: Adding rsyslog filter to redirect Mikrotik messages
copy:
src: "files/10-mikrotik.conf"
dest: "/etc/rsyslog.d/10-mikrotik.conf"
notify: restart rsyslog
tags: rsyslog
This is /roles/rsyslog/files/10-mikrotik.conf :
$template RouterLog, "/var/log/mikrotik.log"
if $fromhost-ip == {{ mikrotik_ip }} then -?RouterLog
& stop
This is /roles/rsyslog/defaults/main.yml :
---
mikrotik_ip: "'127.0.0.1'"
Rsyslog config:
# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="imklog") # provides kernel logging support
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
The thing is that log file is not created, but I believe it should be using this configuration file. I know it is possible to use touch in ansible, but I want to avoid this, because when there will be in a future more rsyslog configs tasks section can became to big. What is more, variable {{ mikrotik_ip }} is not changing to 127.0.0.1
I get this rsyslog errors:
Nov 14 10:22:06 buster systemd[1]: Started System Logging Service.
Nov 14 10:22:06 buster rsyslogd[5748]: error during parsing file /etc/rsyslog.d/10-mikrotik.conf, on or before line 2: invalid character '{' in expression - is there an invalid escape sequence somewhere?
Nov 14 10:22:06 buster rsyslogd[5748]: error during parsing file /etc/rsyslog.d/10-mikrotik.conf, on or before line 2: invalid character '{' in expression - is there an invalid escape sequence somewhere?
Nov 14 10:22:06 buster rsyslogd[5748]: error during parsing file /etc/rsyslog.d/10-mikrotik.conf, on or before line 2: invalid character '}' in expression - is there an invalid escape sequence somewhere?
Nov 14 10:22:06 buster rsyslogd[5748]: error during parsing file /etc/rsyslog.d/10-mikrotik.conf, on or before line 2: invalid character '}' in expression - is there an invalid escape sequence somewhere?
Nov 14 10:22:06 buster rsyslogd[5748]: error during parsing file /etc/rsyslog.d/10-mikrotik.conf, on or before line 2: syntax error on token 'then' [v8.1901.0 try https://www.rsyslog.com/e/2207 ]
Nov 14 10:22:06 buster rsyslogd[5748]: could not interpret master config file '/etc/rsyslog.conf'. [v8.1901.0 try https://www.rsyslog.com/e/2207 ]
I was also trying to change 10-mikrotik.conf file like this:
if $fromhost-ip == {{ mikrotik_ip }} then action(type="omfile" file="/var/log/mikrotik.log")
& stop
...and getting this rsyslog errors:
Nov 14 10:19:59 buster systemd[1]: Starting System Logging Service...
Nov 14 10:19:59 buster systemd[1]: Started System Logging Service.
Nov 14 10:19:59 buster rsyslogd[5571]: error: extra characters in config line ignored: '444' [v8.1901.0]
Nov 14 10:19:59 buster rsyslogd[5571]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.1901.0]
Do you have any idea, what am I doing wrong? How should my 10-mikrotik.conf looks like?
Upvotes: 1
Views: 1916
Answers (1)
Vladimir Botka
Reputation: 68004
Use template module
- name: Adding rsyslog filter to redirect Mikrotik messages
template:
src: "10-mikrotik.conf.j2"
dest: "/etc/rsyslog.d/10-mikrotik.conf"
notify: restart rsyslog
tags: rsyslog
and put the template 10-mikrotik.conf.j2 into the templates directory
$ cat /roles/rsyslog/templates/10-mikrotik.conf.j2
$template RouterLog, "/var/log/mikrotik.log"
if $fromhost-ip == {{ mikrotik_ip }} then -?RouterLog
& stop
Upvotes: 1
Related Questions
- Write variable to a file in Ansible
- Ansible: How can I set log file name dynamically?
- create file using ansible variable
- Ansible playbook to create output to logfile
- How to uncomment more than one line in Ansible?
- Ansible, save variable content to new file
- Writing variable content to file in ansible
- Ansible issue when trying to echo some stuff using variables
- Unable to Update rsyslog using Ansible
- Log variables to a logfile on ansible host