From 6d794ca00fb87e345c6032913bd76c905457510c Mon Sep 17 00:00:00 2001
From: Sebastian Trebitz <sebastian@nephosolutions.com>
Date: Fri, 27 Mar 2020 23:47:34 +0100
Subject: [PATCH] Add a variable for destination of the verbose SFTP log

Closes nephosolutions/ansible-role-sftp-server#2
---
 README.md         | 3 ++-
 defaults/main.yml | 1 +
 tasks/main.yml    | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 66dfa2e..5fa1b46 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,8 @@ The following role variables are relevant:
 * `sftp_start_directory`: A directory that need to be part of sftp\_directories values and that is the start directory of new sftp connection. Disable by default with an empty string value.
 * `sftp_allow_passwords`: Whether or not to allow password authentication for SFTP. Defaults to False.
 * `sftp_enable_selinux_support`: Whether or not to explicitly enable SELinux support. Defaults to False.
-* `sftp_enable_logging`: Enable logging. Auth logs will be written to `/var/log/sftp/auth.log`, and SFTP activity logs will be written to `/var/log/sftp/verbose.log`. Defaults to False.
+* `sftp_enable_logging`: Enable logging; defaults to `False`.
+* `sftp_logging_destination`: Rsyslogd destination for SFTP activity logs; defaults to  `-/var/log/sftp/verbose.log`.
 * `sftp_users`: A list of users, in map form, containing the following elements:
   * `name`: The Unix name of the user that requires SFTP access.
   * `group`: An optional user primary group. If set, it will be used for the user's home permission. Otherwise, the `sftp_group_name` is used.
diff --git a/defaults/main.yml b/defaults/main.yml
index 976490d..8da4815 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,4 +7,5 @@ sftp_allow_passwords: False
 sftp_enable_selinux_support: False
 sftp_enable_logging: False
 sftp_nologin_shell: /sbin/nologin
+sftp_logging_destination: -/var/log/sftp/verbose.log
 sftp_configure_sshd: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 0727f56..206cc8d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -157,7 +157,7 @@
       {% endfor %}
 
       # Log internal-sftp in a separate file
-      :programname, isequal, "internal-sftp" -/var/log/sftp/verbose.log
+      :programname, isequal, "internal-sftp" {{ sftp_logging_destination }}
       :programname, isequal, "internal-sftp" ~
   when: sftp_enable_logging
   notify: SFTP-Server | Restart rsyslog