84 lines
2.8 KiB
YAML
84 lines
2.8 KiB
YAML
---
|
|
rsyslog_enable_remote_socket: False
|
|
rsyslog_enable_send_to_remote: False
|
|
rsyslog_enable_remote_udp: 'enabled'
|
|
rsyslog_udp_port: 514
|
|
rsyslog_enable_remote_tcp: 'disabled'
|
|
rsyslog_tcp_port: 514
|
|
|
|
rsyslog_remote_path: /var/log/remote
|
|
rsyslog_remote_rotate_retention: 52
|
|
# k, M, G
|
|
rsyslog_remote_rotate_maxfilesize: '100M'
|
|
# daily, weekly, monthly
|
|
rsyslog_remote_rotate_frequency: 'daily'
|
|
rsyslog_relp_enabled: False
|
|
rsyslog_tls_status: 'disabled'
|
|
rsyslog_tls_deb_pkgs:
|
|
- 'rsyslog-gnutls'
|
|
|
|
rsyslog_relp_deb_pkgs:
|
|
- 'rsyslog-relp'
|
|
|
|
rsyslog_tls_rh_pkgs:
|
|
- 'rsyslog-gnutls'
|
|
|
|
rsyslog_relp_rh_pkgs:
|
|
- 'rsyslog-relp'
|
|
|
|
rsyslog_relp_port: '20514'
|
|
rsyslog_tls_certs_dir: /etc/pki/rsyslog
|
|
rsyslog_ca_is_remote: False
|
|
rsyslog_remote_ca_url: 'http://localhost/ca.pem'
|
|
rsyslog_tls_ca: "{{ rsyslog_tls_certs_dir }}/ca.pem"
|
|
rsyslog_tls_cert: "{{ rsyslog_tls_certs_dir }}/cert.pem"
|
|
rsyslog_tls_key: "{{ rsyslog_tls_certs_dir }}/cert.key"
|
|
|
|
rsyslog_remote_collector: '127.0.0.1'
|
|
|
|
rsyslog_disable_var_log_syslog: false
|
|
# default_rsyslog_custom_rules:
|
|
# - ':msg, contains, "icmp6_send: no reply to icmp error" ~'
|
|
# - ':msg, contains, "[PYTHON] Can\'t call the metric handler function for" ~'
|
|
|
|
rsyslog_firewalld_services:
|
|
- { service: 'syslog', state: '{{ rsyslog_enable_remote_udp }}', zone: '{{ firewalld_default_zone }}' }
|
|
# - { service: 'syslog-tls', state: '{{ rsyslog_tls_status }}', zone: '{{ firewalld_default_zone }}' }
|
|
|
|
rsyslog_firewalld_ports:
|
|
- { port: '{{ rsyslog_tcp_port }}', protocol: 'tcp', state: '{{ rsyslog_enable_remote_tcp }}', zone: '{{ firewalld_default_zone }}' }
|
|
- { port: '{{ rsyslog_relp_port }}', protocol: 'tcp', state: '{{ rsyslog_tls_status }}', zone: '{{ firewalld_default_zone }}' }
|
|
|
|
rsyslog_send_to_elasticsearch: False
|
|
|
|
rsyslog_use_inotify: True
|
|
# Not used when inotify is enabled
|
|
rsyslog_file_polling_interval: 10
|
|
|
|
# We use logstash if the elastisearch module is not enabled
|
|
# rsys_logstash_collector_host: localhost
|
|
rsys_logstash_collector_host: logstash
|
|
rsys_logstash_collector_port: 5544
|
|
|
|
# IMPORTANT: the log_state_file names must be unique
|
|
#rsys_logfiles:
|
|
# - { logfile: '/var/log/tomcat7/catalina.log', log_tag: 'solr-state', log_state_file: 'solr-state'}
|
|
# - { logfile: '/var/log/tomcat7/localhost_access.log', log_tag: 'solr-access', log_state_file: 'solr-access'}
|
|
|
|
rsyslog_use_queues: False
|
|
rsyslog_main_queue_size: 1000000
|
|
rsyslog_main_queue_debatchsize: 256
|
|
rsyslog_main_queue_workerthreads: 2
|
|
rsyslog_action_queue_debatchsize: 1024
|
|
rsyslog_action_queue_size: 100000
|
|
rsyslog_action_queue_workerthreads: 5
|
|
# -1 means retry indefinitely if ES is unreachable
|
|
rsyslog_action_resumeretrycount: -1
|
|
|
|
# The elasticsearch module bypasses logstash and talks directly to elasticsearch
|
|
rsyslog_use_elasticsearch_module: True
|
|
# rsys_elasticsearch_collector_host: localhost
|
|
rsys_elasticsearch_collector_host: logstash
|
|
rsys_elasticsearch_collector_port: 9200
|
|
|