artefactual-labs · sevein · Oct 13, 2021 · Oct 13, 2021 · Oct 13, 2021
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -210,12 +210,19 @@ archivematica_src_configure_am_whitelist: '""'               # Dashboard API whi
 #  Send logs to syslog
 #
 archivematica_src_syslog_enabled: "false"
+archivematica_src_syslog_nginx_enabled: "false"
 archivematica_src_syslog_server: "localhost"
 archivematica_src_syslog_port: "514"
 archivematica_src_syslog_storageservice_facility: "local0"
 archivematica_src_syslog_storageservice_level: "DEBUG"
+archivematica_src_syslog_storageservice_nginx_identifier: "storage"
+archivematica_src_syslog_storageservice_nginx_facility: "local7"
+archivematica_src_syslog_storageservice_nginx_level: "info"
 archivematica_src_syslog_dashboard_facility: "local1"
 archivematica_src_syslog_dashboard_level: "DEBUG"
+archivematica_src_syslog_dashboard_nginx_identifier: "dashboard"
+archivematica_src_syslog_dashboard_nginx_facility: "local7"
+archivematica_src_syslog_dashboard_nginx_level: "info"
 archivematica_src_syslog_mcpclient_facility: "local2"
 archivematica_src_syslog_mcpclient_level: "DEBUG"
 archivematica_src_syslog_mcpserver_facility: "local3"

diff --git a/templates/etc/archivematica/dashboard.logging.json.j2 b/templates/etc/archivematica/dashboard.logging.json.j2
@@ -24,7 +24,7 @@
 {% if archivematica_src_syslog_enabled|bool %}
     "syslog": {
       "class": "logging.handlers.SysLogHandler",
-      "address": [ "{{ archivematica_src_syslog_server }}",{{ archivematica_src_syslog_port }} ],
+      "address": ["{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }}],
       "formatter": "syslog",
       "facility": "{{ archivematica_src_syslog_dashboard_facility }}",
       "level": "{{ archivematica_src_syslog_dashboard_level }}"

diff --git a/templates/etc/archivematica/serverConfig.logging.json.j2 b/templates/etc/archivematica/serverConfig.logging.json.j2
@@ -16,7 +16,7 @@
 {% if archivematica_src_syslog_enabled|bool %}
     "syslog": {
       "class": "logging.handlers.SysLogHandler",
-      "address": [ "{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }} ],
+      "address": ["{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }}],
       "formatter": "syslog",
       "facility": "{{ archivematica_src_syslog_mcpserver_facility }}",
       "level": "{{ archivematica_src_syslog_mcpserver_level }}"

diff --git a/templates/etc/archivematica/storageService.logging.json.j2 b/templates/etc/archivematica/storageService.logging.json.j2
@@ -24,7 +24,7 @@
 {% if archivematica_src_syslog_enabled|bool %}
     "syslog": {
       "class": "logging.handlers.SysLogHandler",
-      "address": [ "{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }} ],
+      "address": ["{{ archivematica_src_syslog_server }}", {{ archivematica_src_syslog_port }}],
       "formatter": "syslog",
       "facility": "{{ archivematica_src_syslog_storageservice_facility }}",
       "level": "{{ archivematica_src_syslog_storageservice_level }}"

diff --git a/templates/etc/nginx/sites-available/dashboard-ssl.conf.j2 b/templates/etc/nginx/sites-available/dashboard-ssl.conf.j2
@@ -10,14 +10,15 @@ server {
 
   listen 80;
   server_name _;
-    {% if archivematica_src_syslog_enabled|bool %}
-    error_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard info;
-    access_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard combined;
-    {% endif %}
 
   # Adjust to taste
   client_max_body_size 256M;
 
+{% if archivematica_src_syslog_enabled|bool and archivematica_src_syslog_nginx_enabled|bool %}
+  access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }},severity={{ archivematica_src_syslog_dashboard_nginx_level }} combined;
+  error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }} info;
+{% endif %}
+
 {% if archivematica_src_ssl_include_acme_chlg_loc|bool %}
   # location for acme challenge (non-encrypted)
   include /etc/nginx/acmetool-location.conf;

diff --git a/templates/etc/nginx/sites-available/dashboard.conf.j2 b/templates/etc/nginx/sites-available/dashboard.conf.j2
@@ -9,15 +9,15 @@ upstream archivematica_dashboard_backend {
 server {
 
   listen 80;
+  server_name _;
 
   # Adjust to taste
   client_max_body_size 256M;
 
-  server_name _;
-    {% if archivematica_src_syslog_enabled|bool %}
-    error_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard info;
-    access_log syslog:server={{ archivematica_src_syslog_server }},tag=dashboard combined;
-    {% endif %}
+{% if archivematica_src_syslog_enabled|bool and archivematica_src_syslog_nginx_enabled|bool %}
+  access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }},severity={{ archivematica_src_syslog_dashboard_nginx_level }} combined;
+  error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_dashboard_nginx_identifier }},facility={{ archivematica_src_syslog_dashboard_nginx_facility }} info;
+{% endif %}
 
   location / {
     proxy_set_header Host $http_host;

diff --git a/templates/etc/nginx/sites-available/storage-ssl.conf.j2 b/templates/etc/nginx/sites-available/storage-ssl.conf.j2
@@ -9,10 +9,11 @@ upstream archivematica_storage_service_backend {
 server {
 
     listen 8000 ssl;
-    {% if archivematica_src_syslog_enabled|bool %}
-    error_log syslog:server={{ archivematica_src_syslog_server }},tag=storage info;
-    access_log syslog:server={{ archivematica_src_syslog_server }},tag=storage combined;
-    {% endif %}
+
+{% if archivematica_src_syslog_enabled|bool and archivematica_src_syslog_nginx_enabled|bool %}
+    access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }},severity={{ archivematica_src_syslog_storageservice_nginx_level }} combined;
+    error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }} info;
+{% endif %}
 
     ssl_certificate  {{ archivematica_src_ssl_fullchain }};
     ssl_certificate_key {{ archivematica_src_ssl_privkey }};

diff --git a/templates/etc/nginx/sites-available/storage.conf.j2 b/templates/etc/nginx/sites-available/storage.conf.j2
@@ -10,12 +10,14 @@ server {
 
     listen 8000;
 
+{% if archivematica_src_syslog_enabled|bool %}
+    access_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }},severity={{ archivematica_src_syslog_storageservice_nginx_level }} combined;
+    error_log syslog:server={{ archivematica_src_syslog_server }},tag={{ archivematica_src_syslog_storageservice_nginx_identifier }},facility={{ archivematica_src_syslog_storageservice_nginx_facility }} info;
+{% endif %}
+
     # Adjust to taste
     client_max_body_size 256M;
-    {% if archivematica_src_syslog_enabled|bool %}
-    error_log syslog:server={{ archivematica_src_syslog_server }},tag=storage info;
-    access_log syslog:server={{ archivematica_src_syslog_server }},tag=storage combined;
-    {% endif %}
+
     location / {
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

diff --git a/templates/etc/rsyslog.d/archivematica.conf.j2 b/templates/etc/rsyslog.d/archivematica.conf.j2
@@ -1,13 +1,27 @@
-#Create templates
+# Create templates.
 $template AMLOG,"{{ archivematica_src_syslog_logdir }}/%$YEAR%/%$MONTH%/%$DAY%/%programname%.log"
+{% if archivematica_src_syslog_nginx_enabled|bool %}
+$template NGINXAMLOG,"/var/log/archivematica/%$YEAR%/%$MONTH%/%$DAY%/%programname%-access.log"
+$template NGINXAMLOGERROR,"/var/log/archivematica/%$YEAR%/%$MONTH%/%$DAY%/%programname%-error.log"
 
-#Log each service on it's own file
+if (re_match($programname, '({{ archivematica_src_syslog_dashboard_nginx_identifier }}|{{ archivematica_src_syslog_storageservice_nginx_identifier }})') and $syslogseverity-text == 'error') then {
+  ?NGINXAMLOGERROR
+  stop
+}
+
+if (re_match($programname, '({{ archivematica_src_syslog_dashboard_nginx_identifier }}|{{ archivematica_src_syslog_storageservice_nginx_identifier }})')) then {
+  ?NGINXAMLOG
+  stop
+}
+{% endif %}
+
+# Log each service on its own file.
 {{ archivematica_src_syslog_storageservice_facility }}.*  -?AMLOG
 {{ archivematica_src_syslog_dashboard_facility }}.*  -?AMLOG
 {{ archivematica_src_syslog_mcpclient_facility }}.*  -?AMLOG
 {{ archivematica_src_syslog_mcpserver_facility }}.*  -?AMLOG
 
-#Stop processing
+# Stop processing.
 {{ archivematica_src_syslog_storageservice_facility }}.* stop
 {{ archivematica_src_syslog_dashboard_facility }}.* stop
 {{ archivematica_src_syslog_mcpclient_facility }}.* stop