24 lines
943 B
Plaintext
24 lines
943 B
Plaintext
Config dump from my lab, passwords are not real.
|
|
|
|
Rsyslog is a high performance Syslog server
|
|
|
|
* creates TCP and UDP listener for Syslog messages (Rsyslog as a server)
|
|
* received log messages get sorted
|
|
/var/log/remote
|
|
/year/month/day
|
|
/hostname
|
|
/programname
|
|
/.log
|
|
* dates are being normalized according to RFC 3339 (Rsyslog Macro)
|
|
* JSON records get produced via Rsyslog template actions (even though .log is being used)
|
|
* 127.0.0.1 is excluded from this (conditional log processing)
|
|
* received Syslog messages get converted into JSON and persisted into a PostgreSQL DB (ompgsql)
|
|
* INSERT query uses JSONB data type (PostgreSQL feature that mimics a NoSQL DB here)
|
|
* local logging remains untouched for debugging
|
|
|
|
Issues
|
|
|
|
[ ] issue with escaping using the ::json Macro with Rsyslog < 8.25 (some messages may get lost to due missing escape handling
|
|
|
|
[ ] Ubuntu 22.04 LTS ships Rsyslog 8.21 (does not have the json-escape Macro)
|