gist/rsyslog at main - gist - Because Security Code-Cave (private)

marius

gist

History

marius 929f6213ee added Rsyslog template for JSONB insert into TimescaleDB using the ompgsql module		2023-05-06 13:21:44 +00:00
..
rsyslog	added Rsyslog template for JSONB insert into TimescaleDB using the ompgsql module	2023-05-06 13:21:44 +00:00
Readme.txt	added documentation	2023-04-24 16:54:30 +02:00

Readme.txt

Config dump from my lab, passwords are not real.

Rsyslog is a high performance Syslog server

* creates TCP and UDP listener for Syslog messages (Rsyslog as a server)
* received log messages get sorted 
   /var/log/remote
   /year/month/day
   /hostname
   /programname
   /.log
* dates are being normalized according to RFC 3339 (Rsyslog Macro)
* JSON records get produced via Rsyslog template actions (even though .log is being used)
* 127.0.0.1 is excluded from this (conditional log processing)
* received Syslog messages get converted into JSON and persisted into a PostgreSQL DB (ompgsql)
* INSERT query uses JSONB data type (PostgreSQL feature that mimics a NoSQL DB here)
* local logging remains untouched for debugging

Issues

[ ] issue with escaping using the ::json Macro with Rsyslog < 8.25 (some messages may get lost to due missing escape handling

[ ] Ubuntu 22.04 LTS ships Rsyslog 8.21 (does not have the json-escape Macro)