Fix/just another rsyslogfix (#561)

crosmuller · web-flow · commit 2f5e1a14301f · 2025-11-17T14:12:46.000+01:00
- related to surfconext enviroments MR343
- parameterize ratelimit values these are only different from default
for the docker hosts
- use imjournal this always works
- enable imsock on redhat family systems or some non-journalctl logging
dissapears (like mark messages)
- do not enable imsock on debian it generates double logging, this is
probably because imsock on debian looks at /dev/log but this is a link
to /run/systemd/journal/dev-log so it will get journalctl logs from this
socket AND imjournal
- on rhel based systems this is not the case, here /dev/log is not
linked so only syslog logging is found there
diff --git a/roles/rsyslog/defaults/main.yml b/roles/rsyslog/defaults/main.yml
@@ -22,3 +22,9 @@ rsyslog_dir_file_modes: 'dirCreateMode="0755" fileCreateMode="0640" FileGroup="s
 rsyslog_service_dropindir: "/etc/systemd/system/rsyslog.service.d"
 rsyslog_certifcate_dir: "/etc/pki/rsyslog"
 rsyslog_queue_dir: "/var/spool/rsyslog"
+
+# these already have appropriate defaults in the template or rsyslog but you can
+# change them if necessary, for example on docker hosts they have to be a little higher
+# rsyslog_imjournal_ratelimitburst: 2000
+# rsyslog_imjournal_ratelimitinterval: 600
+# rsyslog_maxmessagesize: 8000
diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml
@@ -18,11 +18,11 @@
   block:
 
     # journald forwards logs to rsyslog
-    - name: Ensure journald forwards logs to rsyslog
+    - name: When using imjournal no forwarding necessary
       ansible.builtin.lineinfile:
         path: /etc/systemd/journald.conf
         search_string: 'ForwardToSyslog='
-        line: ForwardToSyslog=yes
+        line: '#ForwardToSyslog=yes'
       notify:
         - "Restart journald"
 
diff --git a/roles/rsyslog/templates/rsyslog_onlyforward.conf.j2 b/roles/rsyslog/templates/rsyslog_onlyforward.conf.j2
@@ -3,7 +3,14 @@
 module(load="imptcp")
 input(type="imptcp" port="514")
 {% endif %}
-module(load="imuxsock" SysSock.Use="on")
+{% if ansible_os_family == "RedHat" %}
+module(load="imuxsock")
+{% endif %}
+module(load="imjournal"             # provides access to the systemd journal
+       UsePid="system" # PID number is retrieved as the ID of the process the journal entry originates from
+       StateFile="imjournal.state"
+       ratelimit.interval="{{ rsyslog_imjournal_ratelimitinterval | default('600') }}"
+       ratelimit.burst="{{ rsyslog_imjournal_ratelimitburst | default('20000') }}")  # Reads journald logs
 module(load="imklog")   # provides kernel logging support
 module(load="immark" interval="300" )  # provides --MARK-- message capability
 module(load="omrelp")
@@ -14,6 +21,9 @@ template(name="CustomRelpFormat" type="string"
 $PreserveFQDN on
 
 *.emerg                         :omusrmsg:*
+{% if rsyslog_maxmessagesize is defined %}
+$MaxMessageSize {{ rsyslog_maxmessagesize }}
+{% endif %}
 
 {% if  'sysloghost' not in group_names %}
 {% for relp_host in relp_remote %}
diff --git a/roles/rsyslog/templates/sc_ruleset.conf.j2 b/roles/rsyslog/templates/sc_ruleset.conf.j2
@@ -26,6 +26,7 @@ if $programname == "profile" and $msg startswith " {" then { action(type="omfile
 :programname, isequal, "mariadbd" { action(type="omfile" DynaFile="galera-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "garb-systemd" { action(type="omfile" DynaFile="haproxy-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "Keepalived_vrrp" { action(type="omfile" DynaFile="keepalived-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
+:programname, startswith, "mongo" { action(type="omfile" DynaFile="mongo-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "Apache-STATIC" { action(type="omfile" DynaFile="apache-static-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "Apache-METADATA" { action(type="omfile" DynaFile="apache-metadata-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
 :programname, isequal, "oidcngserver" { action(type="omfile" DynaFile="oidcng-{{ item.name }}" {{ rsyslog_dir_file_modes }} ) stop }
diff --git a/roles/rsyslog/templates/sc_template.conf.j2 b/roles/rsyslog/templates/sc_template.conf.j2
@@ -21,6 +21,7 @@ $template apache-voot-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/v
 $template galera-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/galera/galera.log"
 $template garb-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/galera/galera_garb.log"
 $template keepalived-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/keepalived/keepalived.log"
+$template mongo-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/mongo/mongo.log"
 $template apache-static-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/static/apache.log"
 $template apache-eb-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eb/apache.log"
 $template eblog-{{ item.name }}, "{{ rsyslog_dir }}/apps/{{ item.name }}/eb/eb.log"
