[rsyslog-notify] Forum Thread: Re: fwd local msg, two listeners to remote server w/TLS, Que - (Mode 'reply')

[noreply at adiscon.com]

User: atticus 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26620#p26620

Message: 
----------
Thank you very much for the detailed response!  I appreciate the advice. 
I'm relatively new to RSYSOG, so will need to do some research on your
recommendations.  I'd like to ask a few questions (and ask a few more later
if that's OK)

1.  I will go look up the syntax of the ACTION statement.  Do these replace
any $ACTION statement?

2.Unless you are doing different things with the TCP and UDP input, there's
no reason to have two different rulesets.--You're correct;  they both write
the files to the same destinations.  The reason I did this was because I
will get some messages sent via UDP and some via TCP.  I thought I needed
two listeners for this, and then the listeners will be bound to the
rulesets (which both do the same thing).  How could I combine them into one
ruleset?

3.If you want queuing to be independent for each destination, have a queue
in each action.--Would this look like (between the *****)  I would have to
change this to a Linked List Array

$template
TemplateRemote514,"/opt/rsyslog-logs/514/%HOSTNAME%/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%%$HOUR%.log"
ruleset(name="remote-514"******** queue.size="100000"
queue.type="FixedArray" queue.saveOnShutdown="on") *******
{
    action(type="omfile" DynaFile="TemplateRemote514")
    action(template=RSYSLOG_TraditionalForwardFileFormat type="ompipe"
Pipe="/opt/pipe-folder/pipe514")

4.  Are the TLS statements correct, and since I'm writing to the same
places for both listeners (and the local logs), in concept, I "should" only
have to do these statements once for each destination?

Thank you again.  In the meantime I will go study the action syntax.