search

wazuh / wazuh-ansible

Wazuh - Ansible playbook
https://wazuh.com
Other
279 stars 183 forks source link

wazuh-manager: syslog_output need option to change level #965

Open k2patel opened 1 year ago

k2patel commented 1 year ago

Hello,

According to documentation https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/syslog-output.html#level, level is most time important and would help reduce the unnecessary noice while sending out logs. It would be great to have option to changes that along with port, format etc.

Thank you.

k2patel commented 1 year ago

Following block (quick rewrite) might work to handle error and define default value when not explicitly defined.


{% for syslog_output in wazuh_manager_config.syslog_outputs %}
{% if syslog_output.server is not none  %}
  <syslog_output>
    <server>{{ syslog_output.server }}</server>
    {% if syslog_output.level is defined %}
    <level>{{ syslog_output.level }}</level>
    {% endif %}
    {% if syslog_output.port is defined %}
    <port>{{ syslog_output.port }}</port>
    {% else %}
    <port>514</port>
    {% endif %}
    {% if syslog_output.format is defined %}
    <format>{{ syslog_output.format }}</format>
    {% else %}
    <format>default</format>
    {% endif %}
  </syslog_output>
{% endif %}
{% endfor %}
{% endif %}
jonhattan commented 2 months ago

It would be nice to have the ability to change syslog level with a single variable.

FYI I've proposed a MR that allows to override any template, so you can maintain your changes out of the role and facilitate role updates -> https://github.com/wazuh/wazuh-ansible/pull/1337