sonic-buildimage/files/image_config/rsyslog/rsyslog.conf.j2

###############################################################################
# Managed by Ansible
# file: ansible/roles/acs/templates/rsyslog.conf.j2
###############################################################################
#
#  /etc/rsyslog.conf    Configuration file for rsyslog.
#
#                       For more information see
#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging

{% set gconf = (SYSLOG_CONFIG | d({})).get('GLOBAL', {}) -%}
{% set rate_limit_interval = gconf.get('rate_limit_interval') %}
{% set rate_limit_burst = gconf.get('rate_limit_burst') %}

{% if rate_limit_interval is not none %}
$SystemLogRateLimitInterval {{ rate_limit_interval }}
{% endif %}
{% if rate_limit_burst is not none %}
$SystemLogRateLimitBurst {{ rate_limit_burst }}
{% endif %}

$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
$ModLoad imudp
$UDPServerAddress {{udp_server_ip}}  #bind to localhost before udp server run
$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514


###########################
#### GLOBAL DIRECTIVES ####
###########################
{% set format = gconf.get('format', 'standard') -%}
{% set fw_name = gconf.get('welf_firewall_name', hostname) -%}
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Define a custom template
$template SONiCFileFormat,"%timegenerated%.%timegenerated:::date-subseconds% %HOSTNAME% %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
$ActionFileDefaultTemplate SONiCFileFormat

template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall time=\"%timereported\
:::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
:::date-second%\" fw=\"{{ fw_name }}\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

#
# Suppress duplicate messages and report "message repeated n times"
#
$RepeatedMsgReduction on

###############
#### RULES ####
###############

#
# Remote syslog logging
#

# The omfwd plug-in provides the core functionality of traditional message
# forwarding via UDP and plain TCP. It is a built-in module that does not need
# to be loaded.

{% set servers = SYSLOG_SERVER | d({}) -%}
{% for server in servers %}
{% set conf = servers[server] | d({}) -%}

{% set source = conf.get('source') -%}
{% set port = conf.get('port', 514) -%}
{% set proto = conf.get('protocol', 'udp') -%}
{% set vrf = conf.get('vrf', 'default') -%}
{% set severity = conf.get('severity', gconf.get('severity', 'notice')) -%}
{% set filter = conf.get('filter') -%}
{% set regex = conf.get('filter_regex') -%}

{% set fmodifier = '!' if filter == 'exclude' else '' %}
{% set device = vrf if vrf != '' and vrf != 'default' -%}
{% set template = 'WelfRemoteFormat' if format == 'welf' else 'SONiCFileFormat' -%}

{# Server extra options -#}
{% set options = '' -%}

{% if source -%}
    {% set options = options ~ ' Address="' ~ source ~ '"'-%}
    {% set device = device if device != 'eth0' else '' -%}
{% endif -%}

{% if device -%}
    {% set options = options ~ ' Device="' ~ device ~ '"'-%}
{% endif -%}

{% if filter %}
:msg, {{ fmodifier }}ereregex, "{{ regex }}"
{% endif %}
*.{{ severity }}
action(type="omfwd" Target="{{ server }}" Port="{{ port }}" Protocol="{{ proto }}" Template="{{ template }}"{{ options }})
{% endfor %}