Add logrotate configuraton for stepup-authentication.log

Author: pmeulen

roles/rsyslog/tasks/process_auth_logs.yml

@@ -49,7 +49,7 @@
   with_items: "{{ rsyslog_environments }}"
   when: item.db_loglogins_name is defined
 
-- name: Put log_logins logrotate scripts
+- name: Put log_logins logrotate scripts for ebauth
   ansible.builtin.template:
     src: logrotate_ebauth.j2
     dest: /etc/logrotate.d/logrotate_ebauth_{{ item.name }}
@@ -59,6 +59,16 @@
   with_items: "{{ rsyslog_environments }}"
   when: item.db_loglogins_name is defined
 
+- name: Put log_logins logrotate scripts for stepup
+  template:
+    src: logrotate_stepup_authentication.j2
+    dest: /etc/logrotate.d/logrotate_stepup_authentication_{{ item.name }}
+    mode: 0644
+    owner: root
+    group: root
+  with_items: "{{ rsyslog_environments }}"
+  when: item.db_loglogins_name is defined
+
 - name: Create logdirectory for log_logins cleanup script
   ansible.builtin.file:
     path: "{{ rsyslog_dir }}/apps/{{ item.name }}/loglogins_cleanup/"

roles/rsyslog/templates/logrotate_stepup_authentication.j2

@@ -0,0 +1,17 @@
+{{ rsyslog_dir }}/log_logins/{{ item.name }}/stepup-authentication.log
+{
+    missingok
+    daily
+    rotate 180
+    sharedscripts
+    dateext
+    dateyesterday
+    compress
+    delaycompress
+    create 0640 root {{ rsyslog_read_group }} 
+    postrotate
+      # TODO: Write logs to MySQL for further processing (e.g. for deprovisioning)
+      # E.g.: /usr/local/sbin/parse_stepup_authentication_to_mysql_{{ item.name }}.py > /dev/null
+      systemctl kill -s HUP rsyslog.service
+    endscript
+}