From 1de4e1ddd16b083a6a819449bd75482031db9b55 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Wed, 21 Dec 2022 11:28:44 +0100 Subject: [PATCH] Source logcheck ignore file from outside --- system/base/logs/files/ignore | 12 ------------ system/base/logs/meta/argument_specs.yml | 10 ++++++++++ system/base/logs/tasks/main.yml | 2 +- 3 files changed, 11 insertions(+), 13 deletions(-) delete mode 100644 system/base/logs/files/ignore create mode 100644 system/base/logs/meta/argument_specs.yml diff --git a/system/base/logs/files/ignore b/system/base/logs/files/ignore deleted file mode 100644 index 730cb2d..0000000 --- a/system/base/logs/files/ignore +++ /dev/null @@ -1,12 +0,0 @@ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: (Starting|Stopping) [ +[:alnum:]/\-]+\.(\.\.)?$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Cleanup of Temporary Directories|Online ext4 Metadata Check for All Filesystems|Podman auto-update service)\.$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: (apt-daily\.service|apt-daily-upgrade\.service|man-db\.service|sanoid\.service|syncoid-batch\.service): Consumed ([0-9]{1,2}min )?[0-9]{1,2}\.[0-9]{3}s CPU time\.$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: rsyslog\.service: Sent signal SIGHUP to main process [[:digit:]]+ (rsyslogd) on client request\.$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: var-lib-containers-storage-overlay\.mount: Succeeded\.$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ sanoid\[[0-9]+\]: INFO: .*$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ sanoid\[[0-9]+\]: taking snapshot .*$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ syncoid-batch\[[0-9]+\]: INFO: .*$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ syncoid-batch\[[0-9]+\]: NEWEST SNAPSHOT: .*$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ syncoid-batch\[[0-9]+\]: Sending incremental .*$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ systemd\[[0-9]+\]: Finished (Snapshot ZFS filesystems|Prune ZFS snapshots|Replicate snapshots using syncoid)\.$ -^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]\-]+ kernel: \[[0-9]+\.[0-9]+\] audit: type=1326 audit\([.:0-9]+): auid=[0-9]+ uid=[0-9]+ gid=[0-9]+ ses=[0-9]+ subj=unconfined pid=[0-9]+ comm="git-remote-http" exe="/usr/libexec/git-core/git-remote-https" sig=0 arch=c000003e syscall=324 compat=0 ip=[[:alnum:]]+ code=0x50000$ diff --git a/system/base/logs/meta/argument_specs.yml b/system/base/logs/meta/argument_specs.yml new file mode 100644 index 0000000..51334d6 --- /dev/null +++ b/system/base/logs/meta/argument_specs.yml @@ -0,0 +1,10 @@ +--- +argument_specs: + main: + options: + ansible_hostname: + type: "str" + required: true + system_base_logs_ignore_file: + type: "str" + required: false diff --git a/system/base/logs/tasks/main.yml b/system/base/logs/tasks/main.yml index 8e0ae84..29a1103 100644 --- a/system/base/logs/tasks/main.yml +++ b/system/base/logs/tasks/main.yml @@ -13,7 +13,7 @@ - name: "logs : configure logcheck ignores" ansible.builtin.copy: - src: "./ignore" + src: "{{ system_base_logs_ignore_file }}" dest: "/etc/logcheck/ignore.d.server/{{ ansible_hostname }}" group: "logcheck" mode: 0644