############################################################################### # Managed by Ansible # file: ansible/roles/acs/templates/rsyslog.conf.j2 ############################################################################### # # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging {% set gconf = (SYSLOG_CONFIG | d({})).get('GLOBAL', {}) -%} {% set rate_limit_interval = gconf.get('rate_limit_interval') %} {% set rate_limit_burst = gconf.get('rate_limit_burst') %} {% if rate_limit_interval is not none %} $SystemLogRateLimitInterval {{ rate_limit_interval }} {% endif %} {% if rate_limit_burst is not none %} $SystemLogRateLimitBurst {{ rate_limit_burst }} {% endif %} $ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability # provides UDP syslog reception $ModLoad imudp $UDPServerAddress {{udp_server_ip}} #bind to localhost before udp server run $UDPServerRun 514 # provides TCP syslog reception #$ModLoad imtcp #$InputTCPServerRun 514 ########################### #### GLOBAL DIRECTIVES #### ########################### {% set format = gconf.get('format', 'standard') -%} {% set fw_name = gconf.get('welf_firewall_name', hostname) -%} # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # Define a custom template $template SONiCFileFormat,"%timegenerated%.%timegenerated:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" $ActionFileDefaultTemplate SONiCFileFormat template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall time=\"%timereported\ :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\ :::date-second%\" fw=\"{{ fw_name }}\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n") # # Set the default permissions for all log files. # $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf # # Suppress duplicate messages and report "message repeated n times" # $RepeatedMsgReduction on ############### #### RULES #### ############### # # Remote syslog logging # # The omfwd plug-in provides the core functionality of traditional message # forwarding via UDP and plain TCP. It is a built-in module that does not need # to be loaded. {% set servers = SYSLOG_SERVER | d({}) -%} {% for server in servers %} {% set conf = servers[server] | d({}) -%} {% set source = conf.get('source') -%} {% set port = conf.get('port', 514) -%} {% set proto = conf.get('protocol', 'udp') -%} {% set vrf = conf.get('vrf', 'default') -%} {% set severity = conf.get('severity', gconf.get('severity', 'notice')) -%} {% set filter = conf.get('filter') -%} {% set regex = conf.get('filter_regex') -%} {% set fmodifier = '!' if filter == 'exclude' else '' %} {% set device = 'eth0' if vrf == 'default' else vrf -%} {% set template = 'WelfRemoteFormat' if format == 'welf' else 'SONiCFileFormat' -%} {# Server extra options -#} {% set options = '' -%} {% if source -%} {% set options = options ~ ' Address="' ~ source ~ '"'-%} {% endif -%} {% if filter %} :msg, {{ fmodifier }}ereregex, "{{ regex }}" {% endif %} *.{{ severity }} action(type="omfwd" Target="{{ server }}" Port="{{ port }}" Protocol="{{ proto }}" Device="{{ device }}" Template="{{ template }}"{{ options }}) {% endfor %}