This role can be used to gather log files, configuration files and facts about hosts used for generating data for intrusion detection system datasets.
- Debian or Ubuntu (18.04 or newer)
- hosts: localhost
roles:
- kyoushi-gather
vars:
kyoushi_gather_logs:
- /var/log
kyoushi_gather_configs:
- /etc
- hosts: localhost
roles:
- kyoushi-gather
vars:
kyoushi_gather_rsync_use_ssh_args: true
kyoushi_gather_logs:
- src: /var/log
exclude:
- *.pcap*
copy_links: true
delete: true
recursive: true
times: true
perms: false
kyoushi_gather_configs:
- src: /etc
exclude:
- *.bk
GPL-3.0