{{ ansible_managed | comment }} {% set output_modules = { "relp": "omrelp", "udp": "omfwd", "redis": "omhiredis", } %} global( workDirectory="/var/spool/rsyslog" preserveFQDN="on" ) # Collect logs via /dev/log module(load="imuxsock") # Collect kernel logs module(load="imklog") # Collect systemd-journald logs module(load="imjournal" ratelimit.interval="0" ratelimit.burst="0") # Parse CEE logs module(load="mmjsonparse") # Load export modules {% for module in rsyslog_outputs | map(attribute="proto") | map("extract", output_modules) | list | unique %} module(load="{{ module }}") {% endfor %} # FIXME: Attention, il faut voir si rsyslog arrive bien à créer # les fichiers de plusieurs jours (le 1er est peut-être crée avant # de dropper les privilèges, mais les suivants je pense pas). module( load="builtin:omfile" # Format avec dates précises template="RSYSLOG_FileFormat" fileOwner="root" fileGroup="adm" fileCreateMode="0640" dirCreateMode="0755" ) template(name="templateJson" type="list" option.jsonf="on") { property(outname="hostname_reported" name="hostname" format="jsonf") property(outname="src" name="fromhost-ip" format="jsonf") property(outname="facility" name="syslogfacility-text" format="jsonf") property(outname="program" name="programname" format="jsonf") property(outname="pid" name="procid" format="jsonf") property(outname="time_reported" name="timereported" format="jsonf" dateformat="rfc3339") property(outname="time_generated" name="timegenerated" format="jsonf" dateformat="rfc3339") property(outname="message" name="msg" format="jsonf") } ruleset(name="sendLogsToDisk") { auth,authpriv.* action(type="omfile" file="/var/log/auth.log") mail.* action(type="omfile" file="/var/log/mail.log" sync="off") kern.* action(type="omfile" file="/var/log/kern.log") *.*;auth,authpriv.none action(type="omfile" file="/var/log/syslog.log" sync="off") } # Send logs to remote collector(s) ruleset(name="sendLogsToRemote") { {% for output in rsyslog_outputs %} action( type="{{ output_modules[output.proto] }}" {% if output_modules[output.proto] == "omfwd" %} protocol="{{ output.proto }}" target="{{ output.address }}" port="{{ output.port }}" {% elif output_modules[output.proto] == "omhiredis" %} server="{{ output.address }}" serverport="{{ output.port }}" mode="publish" key="{{ output.key }}" template="templateJson" {% if output.password is defined %} serverpassword="{{ output.password }}" {% endif %} {% elif output_modules[output.proto] == "omrelp" %} target="{{ output.address }}" port="{{ output.port }}" {% endif %} {% if loop.index > 1 and output.fallback %} action.execOnlyWhenPreviousIsSuspended="on" {% endif %} ) {% endfor %} } # Send local logs to files (useful for debugging or if the collector is down) call sendLogsToDisk # Send local logs to the remote collector call sendLogsToRemote