added documentation

2023-04-24 16:54:30 +02:00 · 2023-04-24 16:54:30 +02:00 · d8ff367585
commit d8ff367585
parent ea06929d4f
1 changed files with 22 additions and 0 deletions
--- a/rsyslog/Readme.txt
+++ b/rsyslog/Readme.txt
@ -1 +1,23 @@
 Config dump from my lab, passwords are not real.
+
+Rsyslog is a high performance Syslog server
+
+* creates TCP and UDP listener for Syslog messages (Rsyslog as a server)
+* received log messages get sorted 
+   /var/log/remote
+   /year/month/day
+   /hostname
+   /programname
+   /.log
+* dates are being normalized according to RFC 3339 (Rsyslog Macro)
+* JSON records get produced via Rsyslog template actions (even though .log is being used)
+* 127.0.0.1 is excluded from this (conditional log processing)
+* received Syslog messages get converted into JSON and persisted into a PostgreSQL DB (ompgsql)
+* INSERT query uses JSONB data type (PostgreSQL feature that mimics a NoSQL DB here)
+* local logging remains untouched for debugging
+
+Issues
+
+[ ] issue with escaping using the ::json Macro with Rsyslog < 8.25 (some messages may get lost to due missing escape handling
+
+[ ] Ubuntu 22.04 LTS ships Rsyslog 8.21 (does not have the json-escape Macro)