diff --git a/cookbooks/promtail/files/etc/logrotate.d/promtail b/cookbooks/promtail/files/etc/logrotate.d/promtail
new file mode 100644
index 0000000..4ed9451
--- /dev/null
+++ b/cookbooks/promtail/files/etc/logrotate.d/promtail
@@ -0,0 +1,13 @@
+/var/log/promtail.log
+{
+        rotate 4
+        weekly
+        missingok
+        notifempty
+        compress
+        delaycompress
+        sharedscripts
+        postrotate
+                /usr/lib/rsyslog/rsyslog-rotate
+        endscript
+}
diff --git a/cookbooks/promtail/files/etc/rsyslog.d/30-promtail.conf b/cookbooks/promtail/files/etc/rsyslog.d/30-promtail.conf
new file mode 100644
index 0000000..9f6d43f
--- /dev/null
+++ b/cookbooks/promtail/files/etc/rsyslog.d/30-promtail.conf
@@ -0,0 +1,7 @@
+# Log kernel generated promtail log messages to file
+:syslogtag,contains,"promtail" /var/log/promtail.log
+
+# Uncomment the following to stop logging anything that matches the last rule.
+# Doing this will stop logging kernel generated UFW log messages to the file
+# normally containing kern.* messages (eg, /var/log/kern.log)
+& stop
diff --git a/cookbooks/promtail/files/lib/systemd/system/promtail-base.service b/cookbooks/promtail/files/lib/systemd/system/promtail-base.service
new file mode 100644
index 0000000..1766380
--- /dev/null
+++ b/cookbooks/promtail/files/lib/systemd/system/promtail-base.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Grafana Promtail
+Documentation=https://github.com/grafana/loki
+After=network-online.target
+
+[Service]
+User=root
+Restart=always
+ExecStart=/usr/local/bin/promtail --config.file=/etc/promtail/base.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/cookbooks/promtail/setup.rb b/cookbooks/promtail/setup.rb
new file mode 100644
index 0000000..1ac3083
--- /dev/null
+++ b/cookbooks/promtail/setup.rb
@@ -0,0 +1,51 @@
+# Deploy the configuration file:
+%w( /etc/promtail /var/opt/promtail ).each do |d|
+  directory d do
+    owner 'root'
+    group 'root'
+    mode '755'
+  end
+end
+
+# Deploy /etc/hosts file:
+HOSTNAME = run_command('uname -n').stdout.chomp
+
+template '/etc/promtail/base.yaml' do
+  owner 'root'
+  group 'root'
+  mode '644'
+
+  variables(HOSTNAME: HOSTNAME, LOKIENDPOINT: node['promtail']['lokiendpoint'])
+end
+
+# Deploy the `systemd` configuration:
+remote_file '/lib/systemd/system/promtail-base.service' do
+  owner 'root'
+  group 'root'
+  mode '644'
+end
+
+# Service setting:
+service 'promtail-base' do
+  action [ :enable, :restart ]
+end
+
+# Deploy the `systemd` configuration:
+remote_file '/etc/rsyslog.d/30-promtail.conf' do
+  owner 'root'
+  group 'root'
+  mode '644'
+
+  notifies :restart, 'service[rsyslog]'
+end
+
+service 'rsyslog' do
+  action [ :nothing ]
+end
+
+# Deploy the `logrotated` configuration:
+remote_file '/etc/logrotate.d/promtail' do
+  owner 'root'
+  group 'root'
+  mode '644'
+end
diff --git a/cookbooks/promtail/templates/etc/promtail/base.yaml b/cookbooks/promtail/templates/etc/promtail/base.yaml
new file mode 100644
index 0000000..3c7307d
--- /dev/null
+++ b/cookbooks/promtail/templates/etc/promtail/base.yaml
@@ -0,0 +1,186 @@
+server:
+  disable: true
+
+positions:
+  filename: /var/opt/promtail/promtail_base_position.yaml
+
+clients:
+  - url: http://<%= @LOKIENDPOINT %>/loki/api/v1/push
+
+scrape_configs:
+  - job_name: apt
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: apt
+        hostname: <%= @HOSTNAME %>
+        level: notice
+        __path__: /var/log/apt/history.log
+
+  - job_name: sudo
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: sudo
+        hostname: <%= @HOSTNAME %>
+        level: notice
+        __path__: /var/log/auth.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="sudo"}'
+        stages:
+        - drop:
+            expression: (CRON|sshd|session)
+        - regex:
+            expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^ ]+ sudo: +(?P<user>[^ ]+) : TTY=(?P<tty>[^ ]+) ; PWD=(?P<pwd>[^ ]+) ; USER=(?P<foo>[^ ]+) ; COMMAND=(?P<cmd>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: Jan 2 15:04:05
+            location: Asia/Tokyo
+
+        - template:
+            source: message
+            template: 'USER={{ .user }} PWD={{ .pwd }} CMD={{ .cmd }}'
+
+        - output:
+            source: message
+
+  - job_name: sshd
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: sshd
+        hostname: <%= @HOSTNAME %>
+        level: warning
+        __path__: /var/log/auth.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="sshd"}'
+
+        stages:
+        - drop:
+            expression: (CRON|sudo)
+
+        - regex:
+            expression: '^(?P<timestamp>\w+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+) [^:]+: (?P<message>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: Jan 2 15:04:05
+            location: Asia/Tokyo
+
+        - output:
+            source: message
+
+  - job_name: supervisord
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: supervisord
+        hostname: <%= @HOSTNAME %>
+        level: notice
+        __path__: /var/log/supervisor/supervisord.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="supervisord"}'
+        stages:
+        - regex:
+            expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ (?P<level>[^ ]+) (?P<message>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: 2006-01-02 15:04:05
+            location: Asia/Tokyo
+
+        - template:
+            source: level
+            template: '{{ ToLower .level }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "warn" .Value "warning" }}'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "crit" .Value "critical" }}'
+
+        - labels:
+            level:
+
+        - output:
+            source: message
+
+  - job_name: fail2ban
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: fail2ban
+        hostname: <%= @HOSTNAME %>
+        level: notice
+        __path__: /var/log/fail2ban.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="fail2ban"}'
+        stages:
+        - regex:
+            expression: '^(?P<timestamp>[0-9]+\-[0-9]+\-[0-9]+ [0-9]+:[0-9]+:[0-9]+),[0-9]+ [^:]+: (?P<level>[^ ]+)[^\[]+(?P<message>.+)$'
+
+
+        - timestamp:
+            source: timestamp
+            format: 2006-01-02 15:04:05
+            location: Asia/Tokyo
+
+        - template:
+            source: level
+            template: '{{ ToLower .level }}'
+
+        - labels:
+            level:
+
+        - output:
+            source: message
+
+  - job_name: promtail
+    static_configs:
+    - targets:
+        - localhost
+      labels:
+        job: promtail
+        hostname: <%= @HOSTNAME %>
+        __path__: /var/log/promtail.log
+
+    pipeline_stages:
+    - match:
+        selector: '{job="promtail"}'
+        stages:
+        - regex:
+            expression: '^[^ ]+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+ [^ ]+ promtail[^ ]+ .*ts=(?P<timestamp>[^ ]+) (?P<message>.+)$'
+
+        - timestamp:
+            source: timestamp
+            format: 2006-01-02T15:04:05.999999999Z
+            location: Etc/GMT
+
+        - regex:
+            expression: '^[^ ]+ +[0-9]+ [0-9]+:[0-9]+:[0-9]+ [^ ]+ promtail[^ ]+ .*level=(?P<level>[^\\" ]+).*$'
+
+        - template:
+            source: level
+            template: '{{ regexReplaceAllLiteral "warn" .Value "warning" }}'
+
+        - labels:
+            level:
+
+        - output:
+            source: message