redhat/ansible
Vendor | RedHat, Inc. |
Author | CrowdStrike |
Version | 1.1.0 |
Minimum LogScale Version | 1.111.0 |
The LogScale Marketplace has a package for Ansible. To get started with exploring and visualizing the logs from your Ansible playbooks follow the instructions in these sections:
Configurations in Ansible
This package supports logs generated by Ansible when running an Ansible playbook.
Make sure that Ansible is installed and available in your PATH. You can follow the instructions here to get Ansible up and running.
Before sending any data to LogScale, make sure that Ansible has been configured to capture the playbook output into a log file.
This can be achieved by:
vim /etc/ansible/ansible.cfg
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log
Installing the Ansible Package in LogScale
Find the repository where you want to send the Ansible logs, or create a new one.
Navigate to your repository in the LogScale interface, click Settings and then on the left.
Click
and install the LogScale package for Ansible (i.e.i.e. redhat/ansible).When the package has finished installing, click Figure 47, “Ingest Token”).
on the left (still under the , seeIn the right panel, click
to create a new token. Give the token an appropriate name (e.g. the name of the server the token is ingesting logs for), and either leave the parser unassigned (instead of setting the parser in the log collector configuration later on), or assign theansible
parser to it.Figure 47. Ingest Token
Before leaving this page, view the ingest token and copy it to your clipboard — to save it temporarily elsewhere.
Now that you have a repository set up in LogScale along with an ingest token you're ready to send logs to LogScale.
Configure Ingest for Ansible logs
This package is designed to be used in conjunction with the Falcon LogScale Log Collector, see Falcon Log Collectorfor more information. Once you have installed the LogScale Collector apply the configuration detailed below.
sources:
ansible:
type: file
include: /var/log/ansible.log
parser: ansible
multiLineBeginsWith: ^20\d{2}-
sink: humio
sinks:
humio:
type: humio
token: <ingest-token>
url: <logscale-base-url> // example - https://cloud.community.humio.com
This configuration has been tested with:
Ansible v2.13.5 along with the python v3.9.16
Falcon LogScale Collector v1.2.1
Falcon LogScale v1.85.0
Verify Data is Arriving in LogScale
Once you have completed the above steps the Ansible data should be arriving in your LogScale repository.
You can verify this by doing a simple search for
#logtype = "ansible"
to see the Ansible
events.
Figure 48. Verify Data