I have a task: to have in one place logs of every running of ansible or ansible-playbook (we do it under different users via sudo on the single host). What I need to see in log:
ansible-playbook <name of playbook>) or command (e.g. ansible -m ping).Found ability to format output of playbook via callback plugins or enabling debug in ansible.cfg but that doesn't help to get "what" and "who". Would be very appreciated if you could share any ideas for that.
Ansible version 2.8.3.
This does seem to be right up the street of Ansible Tower and/or AWX (depending on how critical Ansible is to your organisation).
First, let me add some context, in case you aren't already aware, AWX is the upstream project to Ansible Tower. Ansible Tower is the commercial, paid-for offering from Red Hat. AWX can run on many systems that can run Docker, Ansible Tower requires Red Hat Enterprise Linux. With those exceptions aside, AWX and Ansible Tower are functionally equivelent, barring the branding, which shows whether you're running the AWX version or Tower version.
AWX will record, to a database, who executed each Ansible Playbook, the results from each operation (whether STDOUT/STDERR) and the number of succeeded/failed/skipped/etc status for each host. This can also be piped out to your SIEM or SYSLOG collector.
Your only other option, that I can see, would be to wrap your execution of ansible- commands in an external wrapper that logs the output to syslog in some manner, and perhaps also adds a statement to show that ansible-playbook (for example) was executed by user bob.
But, I'd STRONGLY look at AWX as your first port of call. It offers much more than just the logging capability - including the fact that your users won't (necessarily) have access to your target servers, except via your AWX environment.