[rsyslog-notify] Forum Thread: fwd local msg, two listeners to remote server w/TLS, Queuing - (Mode 'post')

noreply at adiscon.com noreply at adiscon.com
Fri Jun 17 21:02:19 CEST 2016 

User: atticus 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26618#p26618

Message: 
----------
good morning.  i would like to ask 3 questions about this conf file.  here
is what it needs to do

1)  write local msg to the local server
2)  forward these same messages to two remote destination servers;  also
want to have a queue for the path  and tls to each of the remote servers
3)  there is a udp and an tcp listener--forward both of these to the same
two destination servers with queue and tls but!  not to log these locally.

 rsyslog.conf (much omitted for brevity)

$modload imklog 
$modload immark  

$modload imudp
$udpserverrun 514			 
	 
$modload imtcp
$inputtcpserverrun 6514

#log local messages (for example)
kern.*                                               				 
/var/log/messages
cron.*                                            				      /var/log/cron
*.emerg                                        					         *
etc.

q1.  this writes the local messages locally, but how would you get these
local msg to write to the remote servers below? *.* @@first.example.com,
*.* @@second.example.com)?  
 Would I have to put in the queuing and TLS in twice here?

#here are the two rulesets for the two listeners forwarding to the two
remote servers

ruleset (name="udp"){

#putting this in here to create queue for 1st remote server connection
$actionqueuetype linkedlist   
$actionqueuefilename file1   
actionresumeretrycount -1    	 
$actionqueuesaveonshutdown on 

# tls config (cert details left out;  this server is the "client" to the
far end server)

$actionsendstreamdrivermode 1	 
$actionsendstreamdriverauthmode anon	#will fix the "anon"  this was just to
test
*.* @@ first.example.net

#  Do I have to repeat queuing and tls statements for  destination server
#2 second.example.com  inside this ruleset?
stop}

ruleset ruleset(name="tcp"){

#putting this in here to create queue for link to remote server
$actionqueuetype linkedlist    
$actionqueuefilename file2  
 $actionresumeretrycount -1    
$actionqueuesaveonshutdown on 

# tls config (cert details left out)

actionsendstreamdrivermode 1	 
$actionsendstreamdriverauthmode anon  #will fix the anon;  it was for test
only
*.* @@first.example.net

#repeat all of that queuing/tls for 2nd remote server second.example.net?
stop
}

#  finally, bind listeners to rulesets

input(type="impudp" port="514" ruleset="ump")
input(type="imptcp" port="6514" ruleset="tcp")

3.  the questions here at the bottom then are:
a)  are the rulesets and their bindings in the right place?
b)  regarding queuing, i read a thread note that said don't put the queuing
details inside the rule "with the actions statements"  like is shown here. 
otherwise it could really slow things down drastically  (d. lang's note) 
here's how the other person revised it.

ruleset(name="remote-514" queue.size="100000" queue.type="fixedarray"
queue.saveonshutdown="on") {
    action(type="omfile" dynafile="templateremote514")
    action(template=rsyslog_traditionalforwardfileformat type="ompipe"
pipe="/opt/pipe-folder/pipe514")
}
 
can this conf file do the queuing in some way with the syntax shown as
shown?  this new example looks like a whole different syntax.

c)  are the tls statements in the right place (i.e., inside the ruleset?   
and do they have to be replicated for each remote server one and two
(first.example.net, second.example.net) in each ruleset, or can they just
be put in the conf file once and reference them somehow?

thanks very much for any thought or suggestions.  It is truly appreciated.

More information about the rsyslog-notify mailing list