TLS

• https://bobcares.com/blog/send-syslog-with-ssl-tls-to-nagios-log-server/

Testing

logger --udp -n 10.x.x.52 test6

tail

tail -f /var/log/loghost/rsyslog/*

/etc/rsyslog.conf

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


# module(load="omelasticsearch")
# template(name="testTemplate"
#          type="list"
#          option.json="on") {
#            constant(value="{")
#              constant(value="\"timestamp\":\"")      property(name="timereported" dateFormat="rfc3339")
#              constant(value="\",\"message\":\"")     property(name="msg")
#              constant(value="\",\"host\":\"")        property(name="hostname")
#              constant(value="\",\"severity\":\"")    property(name="syslogseverity-text")
#              constant(value="\",\"facility\":\"")    property(name="syslogfacility-text")
#              constant(value="\",\"syslogtag\":\"")   property(name="syslogtag")
#            constant(value="\"}")
#          }
# action(type="omelasticsearch"
#        server="myserver.local"
#        serverport="9200"
#        template="testTemplate"
#        searchIndex="test-index"
#        searchType="test-type"
#        bulkmode="on"
#        queue.type="linkedlist"
#        queue.size="5000"
#        queue.dequeuebatchsize="300"
#        action.resumeretrycount="-1")


$IncludeConfig /etc/rsyslog.d/*.conf


# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514
# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514
$template DynamicFile,"/var/log/loghost/%HOSTNAME%/%syslogfacility-text%.log"
*.*    -?DynamicFile

Kubernetes

• https://link.medium.com/M2gkw58wwkb