Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • 1.0.1
  • 1.0.0
  • 0.0.1
4 results
Compare History
Kamil Andoniadis's avatar
Merge branch '2-integration-of-optional-support-of-security-using-tls' into 'master'
Kamil Andoniadis authored 
Configuration of the TLS.

Closes #2

See merge request muni-kypo/ansible-roles/syslog-ng!2
032178d1
Name Last commit Last update
defaults
files/logging-syslog-ng
handlers
meta
tasks
templates
README.md
README.md

Ansible role - KYPO CRP syslog-ng

This role setups syslog-ng service for KYPO CRP.

Requirements

  • This role requires root access, so you either need to specify become directive as a global or while invoking the role.

    become: yes

Role parameters

You can override default values of these parameters:

  • kypo_crp_config_dest - Path, where all configuration will be created.
  • kypo_crp_syslog_ng_compose_filename - Filename for docker-compose template.
  • kypo_crp_docker_services - Dictionary with settings for Docker services.
  • kypo_crp_docker_network_name - The name of the Docker network used by syslog-ng container. If not specified, default Docker network will be used.
  • kypo_crp_syslog_ng_source_sandbox_protocol - Transport protocol for sandbox hosts logging source. Both 'tcp', 'tls' and 'udp' are supported.

Encrypted communication

To use encrypted communication you must set kypo_crp_syslog_ng_source_sandbox_protocol to 'tls' and override the following parameters:

  • kypo_crp_syslog_ng_key_file - Path to the unencrypted private key in PEM format.
  • kypo_crp_syslog_ng_cert_file - Path to the server certificate in PEM format matching the private key set in the kypo_crp_syslog_ng_key_file.
  • kypo_crp_syslog_ng_ca_certs_dir - Path to the directory with trusted CA certificates. Use if you are using mutual authentication.
  • kypo_crp_verify_clients - Set to False if you don't want to use the mutual authentication. Default value is True.

(default: see)