diff --git a/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org b/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org index 19d28152d7..78ad44c94f 100644 --- a/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org +++ b/roles/base/files/rsyslog/rsyslog.conf.log01.iad2.fedoraproject.org @@ -160,6 +160,29 @@ kern.* ?r_kern;TraditionalFormat # MERGED R E M O T E L O G G I N G # #%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# +# forward to splunk host, over tls +#*.* @@splunk-syslog.corp.redhat.com:6514 +#*.* @@10.31.20.29:6514 + +$DefaultNetstreamDriverCAFile /etc/pki/tls/certs/2022-IT-Root-CA.pem +*.* action( + type="omfwd" + target="10.31.20.29" + port="6514" + protocol="tcp" + queue.filename="fwdRule1" # unique name prefix for spool files + queue.maxdiskspace="1g" # 1gb space limit (use as much as possible) + queue.saveonshutdown="on" # save messages to disk on shutdown + queue.type="LinkedList" # run asynchronously + queue.size="100000" + action.resumeRetryCount="10" # 10 retries if host is down + StreamDriver="gtls" + StreamDriverMode="1" + StreamDriverAuthMode="anon" # not authenticated +) + + + #------------------------------------------------------------------------------# # remote messages log # #------------------------------------------------------------------------------# @@ -215,10 +238,3 @@ local4.* ?m_http_apps;MergeFormat :msg, !contains, "type=AVC" ~ local6.* ?m_audit;MergeFormat -# forward to splunk host, over tls -#*.* @@splunk-syslog.corp.redhat.com:6514 -*.* @@10.31.20.29:6514 -$DefaultNetstreamDriver gtls # use gtls netstream driver -$ActionSendStreamDriverMode 1 # require TLS for the connection -$ActionSendStreamDriverAuthMode anon # server is NOT authenticated -$DefaultNetstreamDriverCAFile /etc/pki/tls/certs/2022-IT-Root-CA.pem