rsyslog/rsyslog.d.remote.conf.in

##
## === When you're using remote logging, enable on-disk queues ===  
## === in rsyslog.d/remote.conf.                               ===
##
## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules
## (provided in separate rsyslog-module-* packages) are enabled, the
## configuration can't be used on a system with /usr on a remote
## filesystem, except on newer systems where initrd mounts /usr.
## [The modules are linked against libraries installed bellow of
##  /usr thus also installed in /usr/lib*/rsyslog because of this.]
##

# ######### Enable On-Disk queues for remote logging ##########
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#
#$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files
#$ActionQueueFileName uniqName # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down

# ######### Sending Messages to Remote Hosts ########## 

# Remote Logging using TCP for reliable delivery
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host

# Remote Logging using UDP
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @remote-host


# ######### Receiving Messages from Remote Hosts ########## 
# TCP Syslog Server:
# provides TCP syslog reception and GSS-API (if compiled to support it)
#$ModLoad imtcp.so         # load module
##$UDPServerAddress 10.10.0.1 # force to listen on this IP only
#$InputTCPServerRun <port> # Starts a TCP server on selected port

# UDP Syslog Server:
#$ModLoad imudp.so         # provides UDP syslog reception
##$UDPServerAddress 10.10.0.1 # force to listen on this IP only
#$UDPServerRun 514         # start a UDP syslog server at standard port 514


########### Encrypting Syslog Traffic with TLS ##########
# -- TLS Syslog Server: 
## make gtls driver the default
#$DefaultNetstreamDriver gtls
#
## certificate files
#$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem
#$DefaultNetstreamDriverCertFile ETC_RSYSLOG_D_DIR/server_cert.pem
#$DefaultNetstreamDriverKeyFile ETC_RSYSLOG_D_DIR/server_key.pem
#
#$ModLoad imtcp # load TCP listener
#
#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
#$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated
#$InputTCPServerRun 10514 # start up listener at port 10514
#
# -- TLS Syslog Client:
## certificate files - just CA for a client
#$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem
#
## set up the action
#$DefaultNetstreamDriver gtls # use gtls netstream driver
#$ActionSendStreamDriverMode 1 # require TLS for the connection
#$ActionSendStreamDriverAuthMode anon # server is NOT authenticated
#*.* @@(o)server.example.net:10514 # send (all) messages
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00			`##`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`## === When you're using remote logging, enable on-disk queues ===`
Accepting request 624076 from home:tsaupe:branches:openSUSE:Factory:rsyslog-bsc1101642 remove references to obsolete SYSLOG_REQUIRES_NETWORK variable (bsc#1101642) OBS-URL: https://build.opensuse.org/request/show/624076 OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=295 2018-08-02 11:57:38 +02:00			`## === in rsyslog.d/remote.conf. ===`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`##`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=4 2009-04-21 00:05:42 +02:00			`## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules`
			`## (provided in separate rsyslog-module-* packages) are enabled, the`
			`## configuration can't be used on a system with /usr on a remote`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`## filesystem, except on newer systems where initrd mounts /usr.`
			`## [The modules are linked against libraries installed bellow of`
			`## /usr thus also installed in /usr/lib*/rsyslog because of this.]`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=4 2009-04-21 00:05:42 +02:00			`##`

- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`# ######### Enable On-Disk queues for remote logging ##########`
			`#`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00			`# An on-disk queue is created for this action. If the remote host is`
			`# down, messages are spooled to disk and sent when it is up again.`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`#`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00			`#$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files`
			`#$ActionQueueFileName uniqName # unique name prefix for spool files`
			`#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)`
			`#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown`
			`#$ActionQueueType LinkedList # run asynchronously`
			`#$ActionResumeRetryCount -1 # infinite retries if host is down`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00
			`# ######### Sending Messages to Remote Hosts ##########`

			`# Remote Logging using TCP for reliable delivery`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00			`# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional`
			`#. @@remote-host`

- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`# Remote Logging using UDP`
			`# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional`
			`#. @remote-host`

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00
			`# ######### Receiving Messages from Remote Hosts ##########`
			`# TCP Syslog Server:`
			`# provides TCP syslog reception and GSS-API (if compiled to support it)`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`#$ModLoad imtcp.so # load module`
Accepting request 624076 from home:tsaupe:branches:openSUSE:Factory:rsyslog-bsc1101642 remove references to obsolete SYSLOG_REQUIRES_NETWORK variable (bsc#1101642) OBS-URL: https://build.opensuse.org/request/show/624076 OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=295 2018-08-02 11:57:38 +02:00			`##$UDPServerAddress 10.10.0.1 # force to listen on this IP only`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`#$InputTCPServerRun <port> # Starts a TCP server on selected port`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00
			`# UDP Syslog Server:`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`#$ModLoad imudp.so # provides UDP syslog reception`
Accepting request 624076 from home:tsaupe:branches:openSUSE:Factory:rsyslog-bsc1101642 remove references to obsolete SYSLOG_REQUIRES_NETWORK variable (bsc#1101642) OBS-URL: https://build.opensuse.org/request/show/624076 OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=295 2018-08-02 11:57:38 +02:00			`##$UDPServerAddress 10.10.0.1 # force to listen on this IP only`
- Cleaned up the config files a bit, updated comments in config file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74 2012-02-20 14:31:58 +01:00			`#$UDPServerRun 514 # start a UDP syslog server at standard port 514`
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=1 2008-09-13 04:52:06 +02:00
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rsyslog?expand=0&rev=4 2009-04-21 00:05:42 +02:00
			`########### Encrypting Syslog Traffic with TLS ##########`
			`# -- TLS Syslog Server:`
			`## make gtls driver the default`
			`#$DefaultNetstreamDriver gtls`
			`#`
			`## certificate files`
			`#$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem`
			`#$DefaultNetstreamDriverCertFile ETC_RSYSLOG_D_DIR/server_cert.pem`
			`#$DefaultNetstreamDriverKeyFile ETC_RSYSLOG_D_DIR/server_key.pem`
			`#`
			`#$ModLoad imtcp # load TCP listener`
			`#`
			`#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode`
			`#$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated`
			`#$InputTCPServerRun 10514 # start up listener at port 10514`
			`#`
			`# -- TLS Syslog Client:`
			`## certificate files - just CA for a client`
			`#$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem`
			`#`
			`## set up the action`
			`#$DefaultNetstreamDriver gtls # use gtls netstream driver`
			`#$ActionSendStreamDriverMode 1 # require TLS for the connection`
			`#$ActionSendStreamDriverAuthMode anon # server is NOT authenticated`
			`#. @@(o)server.example.net:10514 # send (all) messages`