127 lines
3.6 KiB
Django/Jinja
127 lines
3.6 KiB
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
{%
|
|
set output_modules = {
|
|
"relp": "omrelp",
|
|
"udp": "omfwd",
|
|
"redis": "omhiredis",
|
|
}
|
|
%}
|
|
|
|
global(
|
|
workDirectory="/var/spool/rsyslog"
|
|
preserveFQDN="on"
|
|
)
|
|
|
|
# Collect logs via /dev/log
|
|
module(load="imuxsock")
|
|
|
|
# Collect kernel logs
|
|
module(load="imklog")
|
|
|
|
# Parse CEE logs
|
|
module(load="mmjsonparse")
|
|
|
|
# Load export modules
|
|
{%
|
|
for module in rsyslog_outputs
|
|
| map(attribute="proto")
|
|
| map("extract", output_modules)
|
|
| list
|
|
| unique
|
|
%}
|
|
module(load="{{ module }}")
|
|
{% endfor %}
|
|
|
|
# FIXME: Attention, il faut voir si rsyslog arrive bien à créer
|
|
# les fichiers de plusieurs jours (le 1er est peut-être crée avant
|
|
# de dropper les privilèges, mais les suivants je pense pas).
|
|
module(
|
|
load="builtin:omfile"
|
|
# Format avec dates précises
|
|
template="RSYSLOG_FileFormat"
|
|
fileOwner="root"
|
|
fileGroup="adm"
|
|
fileCreateMode="0640"
|
|
dirCreateMode="0755"
|
|
)
|
|
|
|
template(name="templateJson" type="list" option.jsonf="on") {
|
|
property(outname="hostname_reported" name="hostname" format="jsonf")
|
|
property(outname="src" name="fromhost-ip" format="jsonf")
|
|
property(outname="facility" name="syslogfacility-text" format="jsonf")
|
|
property(outname="program" name="programname" format="jsonf")
|
|
property(outname="pid" name="procid" format="jsonf")
|
|
property(outname="time_reported" name="timereported" format="jsonf"
|
|
dateformat="rfc3339")
|
|
property(outname="time_generated" name="timegenerated" format="jsonf"
|
|
dateformat="rfc3339")
|
|
property(outname="message" name="msg" format="jsonf")
|
|
}
|
|
|
|
ruleset(name="sendLogsToDisk") {
|
|
auth,authpriv.* action(type="omfile" file="/var/log/auth.log")
|
|
mail.* action(type="omfile" file="/var/log/mail.log" sync="off")
|
|
kern.* action(type="omfile" file="/var/log/kern.log")
|
|
*.*;auth,authpriv,mail,kern.none action(type="omfile"
|
|
file="/var/log/syslog.log" sync="off")
|
|
}
|
|
|
|
# Send logs to remote collector(s)
|
|
ruleset(name="sendLogsToRemote") {
|
|
{% for output in rsyslog_outputs %}
|
|
action(
|
|
type="{{ output_modules[output.proto] }}"
|
|
|
|
{% if output_modules[output.proto] == "omfwd" %}
|
|
protocol="{{ output.proto }}"
|
|
target="{{ output.address }}"
|
|
port="{{ output.port }}"
|
|
{% elif output_modules[output.proto] == "omhiredis" %}
|
|
server="{{ output.address }}"
|
|
serverport="{{ output.port }}"
|
|
mode="publish"
|
|
key="{{ output.key }}"
|
|
template="templateJson"
|
|
{% if output.password is defined %}
|
|
serverpassword="{{ output.password }}"
|
|
{% endif %}
|
|
{% elif output_modules[output.proto] == "omrelp" %}
|
|
target="{{ output.address }}"
|
|
port="{{ output.port }}"
|
|
{% endif %}
|
|
|
|
queue.type="LinkedList"
|
|
queue.spoolDirectory="/var/spool/rsyslog"
|
|
queue.fileName="queue_{{ loop.index }}"
|
|
queue.saveOnShutdown="on"
|
|
|
|
{% if rsyslog_high_density %}
|
|
queue.highWatermark="20000"
|
|
queue.lowWatermark="5000"
|
|
queue.checkpointInterval="10000"
|
|
queue.maxDiskSpace="4g"
|
|
{% else %}
|
|
queue.highWatermark="500"
|
|
queue.lowWatermark="100"
|
|
queue.checkpointInterval="200"
|
|
queue.syncqueuefiles="on"
|
|
queue.maxDiskSpace="500m"
|
|
{% endif %}
|
|
|
|
action.resumeRetryCount="-1"
|
|
action.reportSuspension="on"
|
|
action.reportSuspensionContinuation="on"
|
|
|
|
{% if loop.index > 1 and output.fallback %}
|
|
action.execOnlyWhenPreviousIsSuspended="on"
|
|
{% endif %}
|
|
)
|
|
{% endfor %}
|
|
}
|
|
|
|
# Send local logs to files (useful for debugging or if the collector is down)
|
|
call sendLogsToDisk
|
|
|
|
# Send local logs to the remote collector
|
|
call sendLogsToRemote
|