Logging Ansible output¶
By default Ansible sends output about plays, tasks, and module arguments to your screen (STDOUT) on the control node. If you want to capture Ansible output in a log, you have three options:
- To save Ansible output in a single log on the control node, set the
log_pathconfiguration file setting. You may also want to set
display_args_to_stdout, which helps to differentiate similar tasks by including variable values in the Ansible output.
- To save Ansible output in separate logs, one on each managed node, set the
syslog_facilityconfiguration file settings.
- To save Ansible output to a secure database, use Ansible Tower. Tower allows you to review history based on hosts, projects, and particular inventories over time, using graphs and/or a REST API.
Protecting sensitive data with
If you save Ansible output to a log, you expose any secret data in your Ansible output, such as passwords and user names. To keep sensitive values out of your logs, mark tasks that expose them with the
no_log: True attribute. However, the
no_log attribute does not affect debugging output, so be careful not to debug playbooks in a production environment. See How do I keep secret data in my playbook? for an example.