diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index a84fec61c96a8a1dfb4d973fc2ed0937bd20744d..a131e1e39f4be97d07fe10e0375b2fa732e8c2f1 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -9,3 +9,4 @@
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
+ - { name: 'rsyslog_config', tags: 'rsyslog_config', when: enable_rsyslog_config }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index 452daa732ef7a77b7544c664fb9f444cea19b68f..0f8cdbe4a8637c53e342e4da0151de4c063d5199 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -47,3 +47,7 @@
enable_ssh_proxy_config: false
sshpiper_dest_dir: "/opt/sshpiper"
fail2ban_cidr_list: "127.0.0.1/8"
+
+# rsyslog
+ enable_rsyslog_config: false
+ rsyslog_target: "*.* @master:514"
diff --git a/ansible/roles/rsyslog_config/tasks/main.yml b/ansible/roles/rsyslog_config/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..61c5029006d6987cae2e8fb44aa13545d9f1e13d
--- /dev/null
+++ b/ansible/roles/rsyslog_config/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+- name: Add rsyslog configuration
+ ansible.builtin.template:
+ src: rsyslog.conf.j2
+ dest: /etc/rsyslog.conf
+ mode: 0644
+ owner: root
+ group: root
+ backup: true
+
+- name: Enable and start rsyslog
+ ansible.builtin.service:
+ name: rsyslog
+ enabled: true
+ state: restarted
diff --git a/ansible/roles/rsyslog_config/templates/rsyslog.conf.j2 b/ansible/roles/rsyslog_config/templates/rsyslog.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..41ba61b4f598d3d923e478634b39e35d772d9850
--- /dev/null
+++ b/ansible/roles/rsyslog_config/templates/rsyslog.conf.j2
@@ -0,0 +1,226 @@
+# rsyslog configuration file
+
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
+# Added for distro update >= 4 (7u4)
+global (
+net.enabledns="off"
+)
+
+#### MODULES ####
+
+# The imjournal module bellow is now used as a message source instead of imuxsock.
+$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+$ModLoad imjournal # provides access to the systemd journal
+#$ModLoad imklog # reads kernel messages (the same are read from journald)
+#$ModLoad immark # provides --MARK-- message capability
+
+# Provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# Provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
+
+
+#### GLOBAL DIRECTIVES ####
+
+# Where to place auxiliary files
+$WorkDirectory /var/lib/rsyslog
+
+# Use default timestamp format
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+# File syncing capability is disabled by default. This feature is usually not required,
+# not useful and an extreme performance hit
+#$ActionFileEnableSync on
+
+# Include all config files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+# Turn off message reception via local log socket;
+# local messages are retrieved through imjournal now.
+$OmitLocalLogging on
+
+# File to store the position in the journal
+$IMJournalStateFile imjournal.state
+
+
+#### RULES ####
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.* /dev/console
+
+# Filter nslcd ldap ldap_abandon and ldap_result messages.
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains ' failed: Can\'t contact LDAP server' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'ldap_abandon() failed to abandon search: Other (e.g., implementation specific) error' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'ldap_abandon() failed to abandon search: Can\'t contact LDAP server: Transport endpoint is not connected' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'no available LDAP server found, sleeping ' then stop
+if $programname == 'nslcd' and $syslogseverity >= '3' and $msg contains 'connected to LDAP server ldap://local' then stop
+
+# Filter sntp started messages.
+if $programname == 'sntp' and $syslogseverity > '3' and $msg contains 'Started sntp' then stop
+
+# MariaDB Galera
+# disabled, as these messages are being generated every few seconds
+:msg, contains, "START: cm-check-galera-status" stop
+:msg, contains, "EXIT: cm-check-galera-status" stop
+
+# HAProxy for OpenStack
+if $syslogfacility-text == 'local4' and ($programname == 'haproxy') then {
+ local4.* /var/log/haproxy.log
+ stop
+}
+
+# OpenStack specific
+if $syslogfacility-text == 'daemon' then {
+
+ # needed for proper handling of Python stack traces
+ $EscapeControlCharactersOnReceive off
+
+ if $programname startswith 'keystone' then {
+ *.* /var/log/keystone/keystone.log
+ }
+
+ if $programname startswith 'nova' then {
+ *.* /var/log/nova/nova.log
+
+ if $programname == 'nova-api' then {
+ *.* /var/log/nova/nova-api.log
+ }
+ if $programname == 'nova-scheduler' then {
+ *.* /var/log/nova/nova-scheduler.log
+ }
+ if $programname == 'nova-conductor' then {
+ *.* /var/log/nova/nova-conductor.log
+ }
+ if $programname == 'nova-novncproxy' then {
+ *.* /var/log/nova/nova-novncproxy.log
+ }
+ if $programname == 'nova-compute' then {
+ *.* /var/log/nova/nova-compute.log
+ }
+ }
+
+ if $programname startswith 'neutron' then {
+ *.* /var/log/neutron/neutron.log
+
+ if $programname == 'neutron-server' then {
+ *.* /var/log/neutron/neutron-server.log
+ }
+ if $programname == 'neutron-metadata-agent' then {
+ *.* /var/log/neutron/neutron-metadata-agent.log
+ }
+ if $programname == 'neutron-l3-agent' then {
+ *.* /var/log/neutron/neutron-l3-agent.log
+ }
+ if $programname == 'neutron-dhcp-agent' then {
+ *.* /var/log/neutron/neutron-dhcp-agent.log
+ }
+ if $programname == 'neutron-openvswitch-agent' then {
+ *.* /var/log/neutron/neutron-openvswitch-agent.log
+ }
+
+ }
+
+ if $programname startswith 'glance' then {
+ *.* /var/log/glance/glance.log
+
+ if $programname == 'glance-api' then {
+ *.* /var/log/glance/glance-api.log
+ }
+ if $programname == 'glance-registry' then {
+ *.* /var/log/glance/glance-registry.log
+ }
+
+ }
+
+ if $programname startswith 'cinder' then {
+ *.* /var/log/cinder/cinder.log
+
+ if $programname == 'cinder-api' then {
+ *.* /var/log/cinder/cinder-api.log
+ }
+ if $programname == 'cinder-scheduler' then {
+ *.* /var/log/cinder/cinder-scheduler.log
+ }
+ if $programname == 'cinder-volume' then {
+ *.* /var/log/cinder/cinder-volume.log
+ }
+ if $programname == 'cinder-backup' then {
+ *.* /var/log/cinder/cinder-backup.log
+ }
+ }
+
+ if $programname startswith 'heat' then {
+ *.* /var/log/heat/heat.log
+
+ if $programname == 'heat-api' then {
+ *.* /var/log/heat/heat-api.log
+ }
+ if $programname == 'heat-engine' then {
+ *.* /var/log/heat/heat-engine.log
+ }
+ }
+
+ if $programname startswith 'keystone' or \
+ $programname startswith 'nova' or \
+ $programname startswith 'neutron' or \
+ $programname startswith 'glance' or \
+ $programname startswith 'cinder' or \
+ $programname startswith 'heat' then {
+
+ *.* /var/log/openstack
+ *.* @master:514
+ stop
+ }
+}
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none;local5.none;local6.none /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.* /var/log/secure
+
+# Log all the mail messages in one place.
+mail.* -/var/log/maillog
+
+
+# Log cron stuff
+cron.* /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg :omusrmsg:*
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.* /var/log/boot.log
+
+# cm related log files:
+local5.* -/var/log/node-installer
+local6.* -/var/log/cmdaemon
+
+# ### begin forwarding rule ###
+# The statement between the begin ... end define a SINGLE forwarding
+# rule. They belong together, do NOT split them. If you create multiple
+# forwarding rules, duplicate the whole block!
+# Remote Logging (we use TCP for reliable delivery)
+#
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList # run asynchronously
+#$ActionResumeRetryCount -1 # infinite retries if host is down
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host:514
+#CM
+{{ rsyslog_target }}
+#### end of the forwarding rule ###