Add a variable for destination of the verbose SFTP log; closes #2

README.md

@@ -26,7 +26,8 @@ The following role variables are relevant:
 * `sftp_start_directory`: A directory that need to be part of sftp\_directories values and that is the start directory of new sftp connection. Disable by default with an empty string value.
 * `sftp_allow_passwords`: Whether or not to allow password authentication for SFTP. Defaults to False.
 * `sftp_enable_selinux_support`: Whether or not to explicitly enable SELinux support. Defaults to False.
-* `sftp_enable_logging`: Enable logging. Auth logs will be written to `/var/log/sftp/auth.log`, and SFTP activity logs will be written to `/var/log/sftp/verbose.log`. Defaults to False.
+* `sftp_enable_logging`: Enable logging; defaults to `False`.
+* `sftp_logging_destination`: Rsyslogd destination for SFTP activity logs; defaults to  `-/var/log/sftp/verbose.log`.
 * `sftp_users`: A list of users, in map form, containing the following elements:
   * `name`: The Unix name of the user that requires SFTP access.
   * `group`: An optional user primary group. If set, it will be used for the user's home permission. Otherwise, the `sftp_group_name` is used.

defaults/main.yml

@@ -7,3 +7,4 @@ sftp_allow_passwords: False
 sftp_enable_selinux_support: False
 sftp_enable_logging: False
 sftp_nologin_shell: /sbin/nologin
+sftp_logging_destination: -/var/log/sftp/verbose.log

tasks/main.yml

@@ -148,7 +148,7 @@
       {% endfor %}
 
       # Log internal-sftp in a separate file
-      :programname, isequal, "internal-sftp" -/var/log/sftp/verbose.log
+      :programname, isequal, "internal-sftp" {{ sftp_logging_destination }}
       :programname, isequal, "internal-sftp" ~
   when: sftp_enable_logging
   notify: SFTP-Server | Restart rsyslog