add rsyslog confs

2023-12-22 14:53:42 -07:00 · 2023-12-22 14:53:42 -07:00 · 2c54ce3a69
commit 2c54ce3a69
parent 9241bea415
3 changed files with 28 additions and 0 deletions
--- a/templates/etc/rsyslog.d/forwarder.conf.j2
+++ b/templates/etc/rsyslog.d/forwarder.conf.j2
@ -0,0 +1,11 @@
+# Forward logs to a receiver
+# classic mode
+# *.* {{ remote_rsyslog_host }}
+
+*.* action(type="omfwd"
+           target="{{ remote_rsyslog_host }}"
+           port="{{ remote_rsyslog_port|default('514') }}"
+           protocol="{{ remote_rsyslog_protocol|default('udp') }}"
+           action.resumeRetryCount="100"
+           queue.type="LinkedList"
+           queue.size="1000")
--- a/templates/etc/rsyslog.d/receiver.conf.j2
+++ b/templates/etc/rsyslog.d/receiver.conf.j2
@ -0,0 +1,12 @@
+# Receive logs
+module(load="imtcp")
+input(type="imtcp" port="514")
+module(load="imudp")
+input(type="imudp" port="514")
+$AllowedSender TCP, {{ allowed_rsyslog_clients|join(', ') }}
+
+$template RemoteHostSyslog,"/var/log/remote/%HOSTNAME%-log
+
+$RuleSet remote
+*.* -?RemoteHostSyslog
+*.info;mail.none;authpriv.none;cron.none ?RemoteHostSyslog
--- a/vars/common.yml
+++ b/vars/common.yml
@ -20,4 +20,9 @@ rocky_smtp_tls: "true"
 rocky_smtp_openssl_verify_mode: "none"
 rocky_smtp_ca_path: "/etc/pki/tls/certs"
 rocky_smtp_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
+allowed_rsyslog_clients:
+  - 127.0.0.1
+  - 10.32.0.0/16
+  - 10.61.0.0/16
+remote_rsyslog_host: ""
 ...