Config dump from my lab, passwords are not real.
Rsyslog is a high performance Syslog server
* creates TCP and UDP listener for Syslog messages (Rsyslog as a server)
* received log messages get sorted
/var/log/remote
/year/month/day
/hostname
/programname
/.log
* dates are being normalized according to RFC 3339 (Rsyslog Macro)
* JSON records get produced via Rsyslog template actions (even though .log is being used)
* 127.0.0.1 is excluded from this (conditional log processing)
* received Syslog messages get converted into JSON and persisted into a PostgreSQL DB (ompgsql)
* INSERT query uses JSONB data type (PostgreSQL feature that mimics a NoSQL DB here)
* local logging remains untouched for debugging
Issues
[ ] issue with escaping using the ::json Macro with Rsyslog < 8.25 (some messages may get lost to due missing escape handling
[ ] Ubuntu 22.04 LTS ships Rsyslog 8.21 (does not have the json-escape Macro)