[rsyslog-notify] Forum Thread: Re: fwd local msg, two listeners to remote server w/TLS, Que - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Fri Jun 17 21:24:25 CEST 2016
User: dlang
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26619#p26619
Message:
----------
when you are doing complex stuff (and TLS qualifies :-) you should really
use the new action() format. That makes it very clear what is happening and
what you are doing. right now your config won't work because you are mixing
old and new style configs and telling rsyslog to listen on port 514 tcp
twice (and similar for udp), I think that if you re-write your file just
using the new style it will be much easier to understand what's happening.
Unless you are doing different things with the TCP and UDP input, there's
no reason to have two different rulesets.
And since you want the local messages to be treated like the remote
messages after you write them locally, just put a call to your ruleset that
you use for remote actions after your local rules \.
If you want queuing to be independent for each destination, have a queue in
each action.
If you want the ruleset to operate completely independently from the local
logs (so that relaying will continue even if the disk fills up for example)
then you should have a queue on the ruleset.
note that having a queue on every action will actually end up hurting
performance, but if your only actions are to send to the two destinations,
and you want to be able to continue if either of them are down, you don't
have a lot of choice.
More information about the rsyslog-notify
mailing list