[rsyslog-notify] Forum Thread: Re: fwd local msg, two listeners to remote server w/TLS, Que - (Mode 'reply')

noreply at adiscon.com noreply at adiscon.com
Fri Jun 17 23:32:59 CEST 2016 

User: dlang 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26621#p26621

Message: 
----------
[quote="atticus":3k58ucrb]Thank you very much for the detailed response!  I
appreciate the advice.  I'm relatively new to RSYSOG, so will need to do
some research on your recommendations.  I'd like to ask a few questions
(and ask a few more later if that's OK)

1.  I will go look up the syntax of the ACTION statement.  Do these replace
any $ACTION statement?
[/quote:3k58ucrb]
the action() statement replaces the @@IP statement, but it rolls in all the
parameters for what to do with that action, everything related to queueing,
TLS, and any other parameters. In general this will include all the
statements that start with $ACTION, but it includes others as well.
[quote="atticus":3k58ucrb]
2.Unless you are doing different things with the TCP and UDP input, there's
no reason to have two different rulesets.--You're correct;  they both write
the files to the same destinations.  The reason I did this was because I
will get some messages sent via UDP and some via TCP.  I thought I needed
two listeners for this, and then the listeners will be bound to the
rulesets (which both do the same thing).  How could I combine them into one
ruleset?
[/quote:3k58ucrb]
in the input() statement you just use the same ruleset name. a ruleset can
be called from many places (just don't create a loop :-)
[quote="atticus":3k58ucrb]
3.If you want queuing to be independent for each destination, have a queue
in each action.--Would this look like (between the *****)  I would have to
change this to a Linked List Array

$template
TemplateRemote514,"/opt/rsyslog-logs/514/%HOSTNAME%/%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%%$HOUR%.log"
ruleset(name="remote-514"******** queue.size="100000"
queue.type="FixedArray" queue.saveOnShutdown="on") *******
{
    action(type="omfile" DynaFile="TemplateRemote514")
    action(template=RSYSLOG_TraditionalForwardFileFormat type="ompipe"
Pipe="/opt/pipe-folder/pipe514")
[/quote:3k58ucrb]
that's the basic idea. And for any actions that you want to have
independent queues, you set queue parameters inside the action() statement
see what I mean about it being much clearer about what parameters apply to
what? :-)
[quote="atticus":3k58ucrb]
4.  Are the TLS statements correct, and since I'm writing to the same
places for both listeners (and the local logs), in concept, I "should" only
have to do these statements once for each destination?
[/quote:3k58ucrb]
I haven't worked with TLS enough to answer this, but with the new syntax, I
expect that the TLS stuff will be parameters inside the action() statement

More information about the rsyslog-notify mailing list