-
Notifications
You must be signed in to change notification settings - Fork 0
/
90-remote-log-all.conf
111 lines (92 loc) · 6.29 KB
/
90-remote-log-all.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#
# Docker RSyslog local forwarder with RELP module support (https://github.com/gynter/docker-rsyslog-local-forwarder)
#
# Send all messages to RSyslog server over RELP using TLSv1.3 and mTLS.
#
# See https://github.com/gynter/rsyslog-docker-compose-example for deployment example using Docker Compose.
#
# This configuration file uses advanced (RainerScript) and basic format.
# See https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html#which-format-should-i-use for more
# information. Using obsolete legacy syntax is strongly discouraged!
# See https://www.rsyslog.com/doc/master/rainerscript/ for more information.
#
# If you experience problems, see https://www.rsyslog.com/doc/troubleshoot.html
####################################
#### Rules ####
####################################
# Send logs to remote logging server over RELP.
# https://www.rsyslog.com/doc/v8-stable/configuration/modules/omrelp.html
# https://www.rsyslog.com/doc/v8-stable/configuration/actions.html
# https://www.rsyslog.com/doc/v8-stable/rainerscript/queue_parameters.html
*.* action(
type="omrelp"
# The target server to connect to.
Target=`echo $RSYSLOG_RELP_TARGET`
# Name or numerical value of TCP port to use when connecting to target.
Port=`echo $RSYSLOG_RELP_TARGET_PORT`
# Defines the template to be used for the output.
Template="RemoteFormat"
# If set to “on”, the RELP connection will be encrypted by TLS, so that the data is protected against observers.
# Please note that both the client and the server must have set TLS to either “on” or “off”. Other combinations lead
# to unpredictable results.
TLS="on"
# The controls if the TLS stream should be compressed (zipped). While this increases CPU use, the network bandwidth
# should be reduced. Note that typical text-based log records usually compress rather well.
TLS.Compression="on"
# Note: this parameter is mandatory depending on the value of TLS.AuthMode but the code does currently not check this.
# Peer Places access restrictions on this forwarder. Only peers which have been listed in this parameter may be
# connected to. This guards against rouge servers and man-in-the-middle attacks. The validation bases on the
# certificate the remote peer presents.
# This contains either remote system names or fingerprints, depending on the value of parameter TLS.AuthMode. One or
# more values may be entered.
# Permitted peer name must be present on servers's certificate x509 SAN extension DNS name field. Do not use Common
# Name for that.
TLS.PermittedPeer=`echo $RSYSLOG_TLS_PERMITTED_PEER`
# Sets the mode used for mutual authentication. Supported values are either “fingerprint” or “name”. Fingerprint mode
# basically is what SSH does. It does not require a full PKI to be present, instead self-signed certs can be used on
# all peers. Even if a CA certificate is given, the validity of the peer cert is NOT verified against it. Only the
# certificate fingerprint counts.
# In “name” mode, certificate validation happens. Here, the matching is done against the certificate’s subjectAltName
# and, as a fallback, the subject common name. If the certificate contains multiple names, a match on any one of these
# names is considered good and permits the peer to talk to rsyslog.
# The permitted names or fingerprints are configured via TLS.PermittedPeer.
TLS.AuthMode="name"
# The CA certificate that can verify the machine certs.
TLS.CaCert="/etc/pki/rsyslog/ca.pem"
# The machine public certificate.
TLS.MyCert="/etc/pki/rsyslog/cert.pem"
# The machine private key.
TLS.MyPrivKey="/etc/pki/rsyslog/key.pem"
# The setting can be used if tls.tlslib is set to “openssl” to pass configuration commands to the openssl libray.
# OpenSSL Version 1.0.2 or higher is required for this feature. A list of possible commands and their valid values
# can be found in the documentation: https://www.openssl.org/docs/man1.0.2/man3/SSL_CONF_cmd.html.
# The setting can be single or multiline, each configuration command is separated by linefeed (n). Command and value
# are separated by equal sign (=).
tls.tlscfgcmd="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1,-TLSv1.2
MinProtocol=TLSv1.3"
# Sets how often an action is retried before it is considered to have failed. Failed actions discard messages. Default
# is 0, -1 means eternal.
action.resumeRetryCount="-1"
# Sets the action’s resume interval. The interval provided is always in seconds. Thus, multiply by 60 if you need
# minutes and 3,600 if you need hours (not recommended). When an action is suspended (e.g. destination can not be
# connected), the action is resumed for the configured interval. Thereafter, it is retried. If multiple retries fail,
# the interval is automatically extended. This is to prevent excessive resource use for retries. After each 10 retries,
# the interval is extended by itself. To be precise, the actual interval is
# (numRetries / 10 + 1) * action.resumeInterval. Using the default value of 30, this means that on the 10th try the
# suspension interval will be 60 (seconds) and after the 100th try it will be 330 (seconds).
action.resumeInterval="30"
# File name to be used for the queue files. If specified, this parameter enables disk-assisted queue functionality.
# If not specified, the queue will operate without saving the queue to disk, either during its operation or when shut
# down. See the separate queue.saveonshutdown parameter to configure that option. Please note that this is actually
# just the file name. A directory can NOT be specified in this parameter. If the files shall be created in a specific
# directory, specify queue.spoolDirectory for this. The filename is used to build to complete path for queue files.
queue.filename="relpFwd1"
# The maximum size that all queue files together will use on disk. Note that the actual size may be slightly larger
# than the configured max, as rsyslog never writes partial queue records.
queue.maxDiskSpace="256m"
# Specifies the type of queue that will be used. Possible options are “FixedArray”, “LinkedList”, “Direct” or “Disk”.
# https://www.rsyslog.com/doc/v8-stable/concepts/queues.html
queue.type="LinkedList"
# This parameter specifies if data should be saved at shutdown.
queue.saveOnShutdown="on"
)