From afc5b1fce3419c1c447c1fd8346a51df3586d809 Mon Sep 17 00:00:00 2001 From: ricardokleber Date: Fri, 10 Apr 2026 20:37:32 -0300 Subject: [PATCH] =?UTF-8?q?Atualiza=C3=A7=C3=A3o=2010/04/2026=2020:37?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/host01/rsyslog.conf | 50 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 hosts/host01/rsyslog.conf diff --git a/hosts/host01/rsyslog.conf b/hosts/host01/rsyslog.conf new file mode 100644 index 0000000..1f2018f --- /dev/null +++ b/hosts/host01/rsyslog.conf @@ -0,0 +1,50 @@ +module(load="imuxsock") +module(load="mmjsonparse") +module(load="omelasticsearch") + +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +$WorkDirectory /var/spool/rsyslog +$IncludeConfig /etc/rsyslog.d/*.conf + +*.*;auth,authpriv.none -/var/log/syslog +auth,authpriv.* /var/log/auth.log +cron.* -/var/log/cron.log +kern.* -/var/log/kern.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log +*.emerg :omusrmsg:* + +# Template para formatar o JSON +template(name="json-template" type="list") { + constant(value="{") + constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") + constant(value="\",\"host\":\"") property(name="hostname") + constant(value="\",\"severity\":\"") property(name="syslogseverity-text") + constant(value="\",\"facility\":\"") property(name="syslogfacility-text") + constant(value="\",\"message\":\"") property(name="msg" format="json") + constant(value="\"}") +} + +# Envio para o RK-CORE +action(type="omelasticsearch" + server="172.19.0.1" + serverport="9200" + template="json-template" + searchIndex="host01-logs" + bulkmode="on" + errorfile="/var/log/rsyslog-descarte.log" + usehttps="on" + skipverifyhost="on" + allowunsignedcerts="on" + searchType="" + action.resumeRetryCount="-1" + + # Autenticacao + uid="admin" + pwd="admin" +)