diff --git a/defaults/main.yml b/defaults/main.yml index 0494573d..39ef5655 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -210,12 +210,19 @@ archivematica_src_configure_am_whitelist: '""' # Dashboard API whi # Send logs to syslog # archivematica_src_syslog_enabled: "false" +archivematica_src_syslog_nginx_enabled: "false" archivematica_src_syslog_server: "localhost" archivematica_src_syslog_port: "514" archivematica_src_syslog_storageservice_facility: "local0" archivematica_src_syslog_storageservice_level: "DEBUG" +archivematica_src_syslog_storageservice_nginx_identifier: "storage" +archivematica_src_syslog_storageservice_nginx_facility: "local7" +archivematica_src_syslog_storageservice_nginx_level: "info" archivematica_src_syslog_dashboard_facility: "local1" archivematica_src_syslog_dashboard_level: "DEBUG" +archivematica_src_syslog_dashboard_nginx_identifier: "dashboard" +archivematica_src_syslog_dashboard_nginx_facility: "local7" +archivematica_src_syslog_dashboard_nginx_level: "info" archivematica_src_syslog_mcpclient_facility: "local2" archivematica_src_syslog_mcpclient_level: "DEBUG" archivematica_src_syslog_mcpserver_facility: "local3" diff --git a/templates/etc/archivematica/dashboard.logging.json.j2 b/templates/etc/archivematica/dashboard.logging.json.j2 index 8f2a94bc..cadb4879 100644 --- a/templates/etc/archivematica/dashboard.logging.json.j2 +++ b/templates/etc/archivematica/dashboard.logging.json.j2 @@ -24,7 +24,7 @@ {% if archivematica_src_syslog_enabled|bool %} "syslog": { "class": "logging.handlers.SysLogHandler", - "address": [ "{{ archivematica_src_syslog_server }}",{{ archivematica_src_syslog_port }} ], + "address": ["{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }}], "formatter": "syslog", "facility": "{{ archivematica_src_syslog_dashboard_facility }}", "level": "{{ archivematica_src_syslog_dashboard_level }}" diff --git a/templates/etc/archivematica/serverConfig.logging.json.j2 b/templates/etc/archivematica/serverConfig.logging.json.j2 index 0d847367..0795ffb6 100644 --- a/templates/etc/archivematica/serverConfig.logging.json.j2 +++ b/templates/etc/archivematica/serverConfig.logging.json.j2 @@ -16,7 +16,7 @@ {% if archivematica_src_syslog_enabled|bool %} "syslog": { "class": "logging.handlers.SysLogHandler", - "address": [ "{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }} ], + "address": ["{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }}], "formatter": "syslog", "facility": "{{ archivematica_src_syslog_mcpserver_facility }}", "level": "{{ archivematica_src_syslog_mcpserver_level }}" diff --git a/templates/etc/archivematica/storageService.logging.json.j2 b/templates/etc/archivematica/storageService.logging.json.j2 index fee07771..19e40fba 100644 --- a/templates/etc/archivematica/storageService.logging.json.j2 +++ b/templates/etc/archivematica/storageService.logging.json.j2 @@ -24,7 +24,7 @@ {% if archivematica_src_syslog_enabled|bool %} "syslog": { "class": "logging.handlers.SysLogHandler", - "address": [ "{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }} ], + "address": ["{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }}], "formatter": "syslog", "facility": "{{ archivematica_src_syslog_storageservice_facility }}", "level": "{{ archivematica_src_syslog_storageservice_level }}" diff --git a/templates/etc/nginx/sites-available/dashboard-ssl.conf.j2 b/templates/etc/nginx/sites-available/dashboard-ssl.conf.j2 index 5d3c0068..9e068d54 100644 --- a/templates/etc/nginx/sites-available/dashboard-ssl.conf.j2 +++ b/templates/etc/nginx/sites-available/dashboard-ssl.conf.j2 @@ -10,14 +10,15 @@ server { listen 80; server_name _; - {% if archivematica_src_syslog_enabled|bool %} - error_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard info; - access_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard combined; - {% endif %} # Adjust to taste client_max_body_size 256M; +{% if archivematica_src_syslog_enabled|bool and archivematica_src_syslog_nginx_enabled|bool %} + access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }},severity={{ archivematica_src_syslog_dashboard_nginx_level }} combined; + error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }} info; +{% endif %} + {% if archivematica_src_ssl_include_acme_chlg_loc|bool %} # location for acme challenge (non-encrypted) include /etc/nginx/acmetool-location.conf; diff --git a/templates/etc/nginx/sites-available/dashboard.conf.j2 b/templates/etc/nginx/sites-available/dashboard.conf.j2 index e2cd5b05..8e4d1732 100644 --- a/templates/etc/nginx/sites-available/dashboard.conf.j2 +++ b/templates/etc/nginx/sites-available/dashboard.conf.j2 @@ -9,15 +9,15 @@ upstream archivematica_dashboard_backend { server { listen 80; + server_name _; # Adjust to taste client_max_body_size 256M; - server_name _; - {% if archivematica_src_syslog_enabled|bool %} - error_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard info; - access_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard combined; - {% endif %} +{% if archivematica_src_syslog_enabled|bool and archivematica_src_syslog_nginx_enabled|bool %} + access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }},severity={{ archivematica_src_syslog_dashboard_nginx_level }} combined; + error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }} info; +{% endif %} location / { proxy_set_header Host $http_host; diff --git a/templates/etc/nginx/sites-available/storage-ssl.conf.j2 b/templates/etc/nginx/sites-available/storage-ssl.conf.j2 index f42923c7..840185cc 100644 --- a/templates/etc/nginx/sites-available/storage-ssl.conf.j2 +++ b/templates/etc/nginx/sites-available/storage-ssl.conf.j2 @@ -9,10 +9,11 @@ upstream archivematica_storage_service_backend { server { listen 8000 ssl; - {% if archivematica_src_syslog_enabled|bool %} - error_log syslog:server={{ archivematica_src_syslog_server }},tag=storage info; - access_log syslog:server={{ archivematica_src_syslog_server }},tag=storage combined; - {% endif %} + +{% if archivematica_src_syslog_enabled|bool and archivematica_src_syslog_nginx_enabled|bool %} + access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }},severity={{ archivematica_src_syslog_storageservice_nginx_level }} combined; + error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }} info; +{% endif %} ssl_certificate {{ archivematica_src_ssl_fullchain }}; ssl_certificate_key {{ archivematica_src_ssl_privkey }}; diff --git a/templates/etc/nginx/sites-available/storage.conf.j2 b/templates/etc/nginx/sites-available/storage.conf.j2 index 4d62d429..dbf0638a 100644 --- a/templates/etc/nginx/sites-available/storage.conf.j2 +++ b/templates/etc/nginx/sites-available/storage.conf.j2 @@ -10,12 +10,14 @@ server { listen 8000; +{% if archivematica_src_syslog_enabled|bool %} + access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }},severity={{ archivematica_src_syslog_storageservice_nginx_level }} combined; + error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }} info; +{% endif %} + # Adjust to taste client_max_body_size 256M; - {% if archivematica_src_syslog_enabled|bool %} - error_log syslog:server={{ archivematica_src_syslog_server }},tag=storage info; - access_log syslog:server={{ archivematica_src_syslog_server }},tag=storage combined; - {% endif %} + location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/templates/etc/rsyslog.d/archivematica.conf.j2 b/templates/etc/rsyslog.d/archivematica.conf.j2 index 61215187..5199bffc 100644 --- a/templates/etc/rsyslog.d/archivematica.conf.j2 +++ b/templates/etc/rsyslog.d/archivematica.conf.j2 @@ -1,13 +1,27 @@ -#Create templates +# Create templates. $template AMLOG,"{{ archivematica_src_syslog_logdir }}/%$YEAR%/%$MONTH%/%$DAY%/%programname%.log" +{% if archivematica_src_syslog_nginx_enabled|bool %} +$template NGINXAMLOG,"/var/log/archivematica/%$YEAR%/%$MONTH%/%$DAY%/%programname%-access.log" +$template NGINXAMLOGERROR,"/var/log/archivematica/%$YEAR%/%$MONTH%/%$DAY%/%programname%-error.log" -#Log each service on it's own file +if (re_match($programname, '({{ archivematica_src_syslog_dashboard_nginx_identifier }}|{{ archivematica_src_syslog_storageservice_nginx_identifier }})') and $syslogseverity-text == 'error') then { + ?NGINXAMLOGERROR + stop +} + +if (re_match($programname, '({{ archivematica_src_syslog_dashboard_nginx_identifier }}|{{ archivematica_src_syslog_storageservice_nginx_identifier }})')) then { + ?NGINXAMLOG + stop +} +{% endif %} + +# Log each service on its own file. {{ archivematica_src_syslog_storageservice_facility }}.* -?AMLOG {{ archivematica_src_syslog_dashboard_facility }}.* -?AMLOG {{ archivematica_src_syslog_mcpclient_facility }}.* -?AMLOG {{ archivematica_src_syslog_mcpserver_facility }}.* -?AMLOG -#Stop processing +# Stop processing. {{ archivematica_src_syslog_storageservice_facility }}.* stop {{ archivematica_src_syslog_dashboard_facility }}.* stop {{ archivematica_src_syslog_mcpclient_facility }}.* stop