From 441bb173fb3710304ade545e6b6bb938d74298d3 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Mon, 16 Nov 2015 10:06:35 +0200
Subject: [PATCH] Syslog forwarding WIP.

---
 handlers/main.yml            | 10 ++++++++++
 tasks/syslog_forward.yml     | 23 ++++++++++++++++++++++-
 templates/forwarding.conf.j2 |  9 +++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 templates/forwarding.conf.j2

diff --git a/handlers/main.yml b/handlers/main.yml
index bc81858..21f7c65 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -3,3 +3,13 @@
 
 - name: Update CA store
   command: /usr/sbin/update-ca-certificates
+
+- name: Restart rsyslog
+  service:
+    name: rsyslog
+    state: restarted
+
+- name: Restart syslogd
+  service:
+    name: syslogd
+    state: restarted
diff --git a/tasks/syslog_forward.yml b/tasks/syslog_forward.yml
index 7669b8a..1d4b19a 100644
--- a/tasks/syslog_forward.yml
+++ b/tasks/syslog_forward.yml
@@ -3,7 +3,28 @@
 - name: apt install rsyslog
   when: ansible_os_family == 'Debian'
   apt:
-    name: rsyslog
+    name: rsyslog-gnutls
     state: present
     update_cache: yes
     cache_valid_time: 3600
+
+- name: Configure rsyslog forwarding
+  when: ansible_os_family == 'Debian'
+  template:
+    src: forwarding.conf.j2
+    dest: /etc/rsyslog.d/forwarding.conf.j2
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+  - Restart rsyslog
+
+- name: Configure syslogd forwarding
+  when: ansible_os_family == 'OpenBSD'
+  lineinfile:
+    dest: /etc/syslog.conf
+    line: '*.* @tls://{{ syslog_server}}'
+    regexp: '^*.* @'
+    state: present
+  notify:
+  - Restart syslogd
diff --git a/templates/forwarding.conf.j2 b/templates/forwarding.conf.j2
new file mode 100644
index 0000000..96f001a
--- /dev/null
+++ b/templates/forwarding.conf.j2
@@ -0,0 +1,9 @@
+$DefaultNetstreamDriver gtls
+$DefaultNetstreamDriverCAFile {{ tls_ca_cert_path }}
+$DefaultNetstreamDriverCertFile {{ tls_cert_path }}
+$DefaultNetstreamDriverKeyFile {{ tls_key_path }}
+
+$ActionSendStreamDriverAuthMode x509/name
+$ActionSendStreamDriverPermittedPeer {{ syslog_server }}
+$ActionSendStreamDriverMode 1
+*.* @@{{ syslog_server }}
-- 
GitLab