added documentation
This commit is contained in:
parent
ea06929d4f
commit
d8ff367585
@ -1 +1,23 @@
|
|||||||
Config dump from my lab, passwords are not real.
|
Config dump from my lab, passwords are not real.
|
||||||
|
|
||||||
|
Rsyslog is a high performance Syslog server
|
||||||
|
|
||||||
|
* creates TCP and UDP listener for Syslog messages (Rsyslog as a server)
|
||||||
|
* received log messages get sorted
|
||||||
|
/var/log/remote
|
||||||
|
/year/month/day
|
||||||
|
/hostname
|
||||||
|
/programname
|
||||||
|
/.log
|
||||||
|
* dates are being normalized according to RFC 3339 (Rsyslog Macro)
|
||||||
|
* JSON records get produced via Rsyslog template actions (even though .log is being used)
|
||||||
|
* 127.0.0.1 is excluded from this (conditional log processing)
|
||||||
|
* received Syslog messages get converted into JSON and persisted into a PostgreSQL DB (ompgsql)
|
||||||
|
* INSERT query uses JSONB data type (PostgreSQL feature that mimics a NoSQL DB here)
|
||||||
|
* local logging remains untouched for debugging
|
||||||
|
|
||||||
|
Issues
|
||||||
|
|
||||||
|
[ ] issue with escaping using the ::json Macro with Rsyslog < 8.25 (some messages may get lost to due missing escape handling
|
||||||
|
|
||||||
|
[ ] Ubuntu 22.04 LTS ships Rsyslog 8.21 (does not have the json-escape Macro)
|
||||||
|
Loading…
Reference in New Issue
Block a user