Logging Ansible output
By default Ansible sends output about plays, tasks, and module arguments to your screen (STDOUT) on the control node. If you want to capture Ansible output in a log, you have three options:
- To save Ansible output in a single log on the control node, set the
log_path
configuration file setting. You may also want to setdisplay_args_to_stdout
, which helps to differentiate similar tasks by including variable values in the Ansible output. - To save Ansible output in separate logs, one on each managed node, set the
no_target_syslog
andsyslog_facility
configuration file settings. - To save Ansible output to a secure database, use Ansible Tower. Tower allows you to review history based on hosts, projects, and particular inventories over time, using graphs and/or a REST API.
Protecting sensitive data with no_log
If you save Ansible output to a log, you expose any secret data in your Ansible output, such as passwords and user names. To keep sensitive values out of your logs, mark tasks that expose them with the no_log: True
attribute. However, the no_log
attribute does not affect debugging output, so be careful not to debug playbooks in a production environment. See How do I keep secret data in my playbook? for an example.