CU-251akbj added graylog and additional fixes from discovered logs

ansible/roles/graylog/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common

ansible/roles/graylog/tasks/graylog.yml

@@ -0,0 +1,87 @@
+---
+- name: create graylog docker network
+  community.general.docker_network:
+    name: "graylog"
+  tags: graylog
+
+- name: create graylog required volumes
+  community.general.docker_volume:
+    name: "{{ item }}"
+  with_items:
+    - graylog-db
+    - graylog-es
+    - graylog-conf
+  tags: graylog
+
+- name: create graylog mongodb container
+  community.general.docker_container:
+    name: graylog-mongo
+    image: mongo:4.2
+    recreate: false
+    restart: false
+    restart_policy: on-failure
+    restart_retries: 3
+    networks:
+      - name: "graylog"
+    volumes:
+      - graylog-db:/data/db
+  tags: graylog
+
+- name: create graylog elasticsearch container
+  community.general.docker_container:
+    name: graylog-elastic
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
+    recreate: false
+    restart: false
+    restart_policy: on-failure
+    restart_retries: 3
+    networks:
+      - name: "graylog"
+    volumes:
+      - graylog-es:/usr/share/elasticsearch/data
+    env:
+      http.host: "0.0.0.0"
+      transport.host: "localhost"
+      network.host: "0.0.0.0"
+      cluster.name: "graylog"
+      ES_JAVA_OPTS: "-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
+    ulimits:
+      - "memlock:-1:-1"
+    memory: 1G
+  tags: graylog
+
+- name: create graylog container
+  community.general.docker_container:
+    name: graylog
+    image: graylog/graylog:4.2
+    recreate: false
+    restart: true
+    restart_policy: on-failure
+    restart_retries: 3
+    networks:
+      - name: "graylog"
+    volumes:
+      - graylog-conf:/usr/share/graylog/data/config
+    env:
+      GRAYLOG_PASSWORD_SECRET: "{{ graylog_secret }}"
+      GRAYLOG_ROOT_PASSWORD_SHA2: "{{ graylog_root_pass_sha2 }}"
+      GRAYLOG_HTTP_EXTERNAL_URI: http://192.168.1.12:9000/
+      GRAYLOG_HTTP_BIND_ADDRESS: 0.0.0.0:9000
+      GRAYLOG_MONGODB_URI: mongodb://graylog-mongo/graylog
+      GRAYLOG_ELASTICSEARCH_HOSTS: http://graylog-elastic:9200
+    ports:
+      # Graylog web interface and REST API
+      - "{{ graylog_port }}:9000"
+      # Syslog TCP
+      #- 1514:1514
+      # Syslog UDP
+      - "0.0.0.0:{{ syslog_udp_default }}:{{ syslog_udp_default }}/udp"
+      # Syslog2 UDP
+      - "0.0.0.0:{{ syslog_udp_unifi }}:{{ syslog_udp_unifi }}/udp"
+      # Syslog2 UDP
+      - "0.0.0.0:{{ syslog_udp_error }}:{{ syslog_udp_error }}/udp"
+      # GELF TCP
+      #- 12201:12201
+      # GELF UDP
+      #- 12201:12201/udp
+  tags: graylog

ansible/roles/graylog/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- import_tasks: graylog.yml