Init files

README.md

@@ -0,0 +1,32 @@
+Log-To-Slack Ansible role
+==========================
+
+This is an Ansible role for setting up live streaming of log files to a Slack channel using `syslog-ng`.
+
+#### Required variables
+```yaml
+# Slack API webhook
+lts_slack_webhook: https://hooks.slack.com/services/XXXXXX/XXXXXXXX/XXXXXXXXXXXXXXXX
+
+# Path to log file
+lts_log_path: /var/log/some-log-file.log
+```
+
+#### Basic Customisations
+```yaml
+# Default "author" field shown in Slack messages
+lts_slack_author: log-to-slack
+
+# String or regular expression to match against log lines.
+# Only *matching* lines will be sent to Slack. Default matches anything.
+# Example: "FATAL ERROR"
+lts_syslogng_regex: .
+```
+
+#### Advanced Customisations
+
+See variables and notes in `/defaults/main` and `/templates`.
+
+Docs for syslog-ng: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.26/administration-guide
+
+Docs for Slack API: https://api.slack.com/messaging/webhooks

defaults/main/configs.yml

@@ -0,0 +1,14 @@
+---
+
+# Slack webhook, eg: https://hooks.slack.com/services/XXXXXX/XXXXXXXX/XXXXXXXXXXXXXXXX
+lts_slack_webhook: ""
+
+# Path to target logfile, eg: /var/log/syslog
+lts_log_path: ""
+
+# Default "author" field shown in Slack messages
+lts_slack_author: log-to-slack
+
+# String or regular expression to match against log lines.
+# Only *matching* lines will be sent to Slack. Default matches anything.
+lts_syslogng_regex: .

defaults/main/installation.yml

@@ -0,0 +1,14 @@
+---
+
+# Remove/disable default syslog-ng logging configurations
+# Set to "no" if using syslog-ng already with custom settings
+lts_disable_syslogng_defaults: yes
+
+# APT install settings. For additional details, see:
+# https://www.syslog-ng.com/community/b/blog/posts/installing-the-latest-syslog-ng-on-ubuntu-and-other-deb-distributions
+# https://build.opensuse.org/project/show/home:laszlo_budai:syslog-ng
+lts_apt_os: xUbuntu
+lts_apt_os_version: "{{ hostvars[inventory_hostname].ansible_distribution_version }}"
+lts_apt_url: "https://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/{{ lts_apt_os }}_{{ lts_apt_os_version }}"
+lts_apt_key: "{{ lts_apt_url }}/Release.key"
+lts_apt_repo: "deb {{ lts_apt_url }} ./"

defaults/main/syslog-ng.yml

@@ -0,0 +1,47 @@
+---
+
+# Overridable syslog-ng options and code blocks (if heavy customisation is required).
+# These are used in templates/log-to-slack.conf.j2
+# Docs: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.26/administration-guide
+
+lts_syslogng_source_options: "follow_freq(1) flags(no-parse)"
+
+lts_syslogng_custom_block: ""
+
+lts_syslogng_source: |+
+  source s_log_to_stream {
+    file("{{ lts_log_path }}" {{ lts_syslogng_source_options }});
+  };
+
+# Note: we use throttle and disk-buffer here (below) to avoid hitting the rate-limits of the
+# Slack API. Basically we shouldn't send more than 1 message per second, but that means if
+# we ever have more messages than that we need to temporarily buffer them locally.
+# See: https://api.slack.com/docs/rate-limits
+# And: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.26/administration-guide/44#TOPIC-1095150
+
+lts_syslogng_destination: |+
+  destination d_slack_webhook {
+    slack(
+      hook-url("{{ lts_slack_webhook }}")
+      author-name("{{ lts_slack_author }}")
+      throttle(1)
+      disk-buffer(
+        mem-buf-size(10000)
+        disk-buf-size(2000000)
+        reliable(yes)
+        dir("/tmp/disk-buffer")
+      )
+    );
+  };
+
+lts_syslogng_filter: |+
+  filter f_message_filter {
+    message("{{ lts_syslogng_regex }}");
+  };
+
+lts_syslogng_log: |+
+  log {
+    source(s_log_to_stream);
+    filter(f_message_filter);
+    destination(d_slack_webhook);
+  };

handlers/main.yml

@@ -0,0 +1,7 @@
+---
+
+- name: restart syslog-ng
+  service:
+    name: syslog-ng
+    state: restarted
+  become: yes

tasks/disable_defaults.yml

@@ -0,0 +1,18 @@
+---
+
+- name: stop syslog-ng service on first installation
+  service:
+    name: syslog-ng
+    state: stopped
+  become: yes
+  when: lts_syslogng_installed.changed
+
+- name: remove default syslog-ng rules
+  blockinfile:
+    path: "/etc/syslog-ng/syslog-ng.conf"
+    marker: "{mark}"
+    marker_begin: "# Log paths"
+    marker_end: "###"
+    state: absent
+  notify: restart syslog-ng
+  become: yes

tasks/install.yml

@@ -0,0 +1,20 @@
+---
+
+- name: add apt key
+  apt_key:
+    url: "{{ lts_apt_key }}"
+    state: present
+  become: yes
+
+- name: add apt repo
+  apt_repository:
+    repo: "{{ lts_apt_repo }}"
+    state: present
+  become: yes
+
+- name: install syslog-ng
+  apt:
+    name: syslog-ng
+    state: present
+  become: yes
+  register: lts_syslogng_installed

tasks/main.yml

@@ -0,0 +1,31 @@
+---
+
+- name: check webhook and log path are defined
+  fail:
+    msg: >
+      Slack webhook and logfile path must be defined!
+      See `lts_slack_webhook` and `lts_log_path` variables.
+  when: lts_slack_webhook == "" or lts_log_path == ""
+
+- name: install syslog-ng
+  include_tasks: install.yml
+  tags: install
+
+- name: disable syslog-ng defaults
+  include_tasks: disable_defaults.yml
+  when: lts_disable_syslogng_defaults
+  tags: disable_defaults
+
+- name: add log-to-slack configuration
+  template:
+    src: "log-to-slack.conf.j2"
+    dest: "/etc/syslog-ng/conf.d/log-to-slack.conf"
+  become: yes
+  notify: restart syslog-ng
+  tags: configure
+
+- name: add /tmp dir for buffer
+  file:
+    path: "/tmp/disk-buffer"
+    state: directory
+  become: yes

templates/log-to-slack.conf.j2

@@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+{{ lts_syslogng_source }}
+
+{{ lts_syslogng_destination }}
+
+{{ lts_syslogng_filter }}
+
+{{ lts_syslogng_custom_block }}
+
+{{ lts_syslogng_log }}