From 2c54ce3a698ad259a05ae263a31c8a1342a98d9f Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Fri, 22 Dec 2023 14:53:42 -0700 Subject: [PATCH] add rsyslog confs --- templates/etc/rsyslog.d/forwarder.conf.j2 | 11 +++++++++++ templates/etc/rsyslog.d/receiver.conf.j2 | 12 ++++++++++++ vars/common.yml | 5 +++++ 3 files changed, 28 insertions(+) create mode 100644 templates/etc/rsyslog.d/forwarder.conf.j2 create mode 100644 templates/etc/rsyslog.d/receiver.conf.j2 diff --git a/templates/etc/rsyslog.d/forwarder.conf.j2 b/templates/etc/rsyslog.d/forwarder.conf.j2 new file mode 100644 index 0000000..d186ed4 --- /dev/null +++ b/templates/etc/rsyslog.d/forwarder.conf.j2 @@ -0,0 +1,11 @@ +# Forward logs to a receiver +# classic mode +# *.* {{ remote_rsyslog_host }} + +*.* action(type="omfwd" + target="{{ remote_rsyslog_host }}" + port="{{ remote_rsyslog_port|default('514') }}" + protocol="{{ remote_rsyslog_protocol|default('udp') }}" + action.resumeRetryCount="100" + queue.type="LinkedList" + queue.size="1000") diff --git a/templates/etc/rsyslog.d/receiver.conf.j2 b/templates/etc/rsyslog.d/receiver.conf.j2 new file mode 100644 index 0000000..964f5e6 --- /dev/null +++ b/templates/etc/rsyslog.d/receiver.conf.j2 @@ -0,0 +1,12 @@ +# Receive logs +module(load="imtcp") +input(type="imtcp" port="514") +module(load="imudp") +input(type="imudp" port="514") +$AllowedSender TCP, {{ allowed_rsyslog_clients|join(', ') }} + +$template RemoteHostSyslog,"/var/log/remote/%HOSTNAME%-log + +$RuleSet remote +*.* -?RemoteHostSyslog +*.info;mail.none;authpriv.none;cron.none ?RemoteHostSyslog diff --git a/vars/common.yml b/vars/common.yml index 984b0f7..3b614b9 100644 --- a/vars/common.yml +++ b/vars/common.yml @@ -20,4 +20,9 @@ rocky_smtp_tls: "true" rocky_smtp_openssl_verify_mode: "none" rocky_smtp_ca_path: "/etc/pki/tls/certs" rocky_smtp_ca_file: "/etc/pki/tls/certs/ca-bundle.crt" +allowed_rsyslog_clients: + - 127.0.0.1 + - 10.32.0.0/16 + - 10.61.0.0/16 +remote_rsyslog_host: "" ...