This repository has been archived by the owner on Aug 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrsyslog.conf
43 lines (35 loc) · 1.66 KB
/
rsyslog.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Input modules
$ModLoad immark.so # provide --MARK-- message capability
$ModLoad imuxsock.so # provide local system logging (e.g. via logger command)
$ModLoad imudp # provides UDP syslog reception
$ModLoad imtcp # provides TCP syslog reception
# Output modules
$ModLoad omstdout.so # provide messages to stdout
# ensure that the appname is not empty
if strlen($app-name) == 0 then {
set $!new-appname = "-";
} else {
set $!new-appname = $app-name;
}
#Logmatic template format
$template LogmaticFormat,"__LOGMATIC_TOKEN__ <%pri%>%protocol-version% %timestamp:::date-rfc3339% __LOGMATIC_HOSTNAME__ %$!new-appname% - - [meta __LOGMATIC_TAGS__] %msg%\n"
# Setup disk assisted queues. An on-disk queue is created for this action.
# If the remote host is down, messages are spooled to disk and sent when
# it is up again.
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
# TLS
$DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/logmatic.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
# Send everything to Loggly over TLS
*.* @@api.logmatic.io:10515;LogmaticFormat
# TCP Syslog Server
$InputTCPServerRun 514 # start a TCP syslog server at standard port 514
# UDP Syslog Server
$UDPServerRun 514 # start a UDP syslog server at standard port 514