ricardokleber/rk-siem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Atualização 10/04/2026 20:37

Browse Source
This commit is contained in:
ricardokleber
2026-04-10 20:37:32 -03:00
parent e9d35e4fce
commit afc5b1fce3
1 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
hosts/host01/rsyslog.conf Normal file
View File

@@ -0,0 +1,50 @@
module(load="imuxsock")
module(load="mmjsonparse")
module(load="omelasticsearch")
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$WorkDirectory /var/spool/rsyslog
$IncludeConfig /etc/rsyslog.d/*.conf
*.*;auth,authpriv.none -/var/log/syslog
auth,authpriv.* /var/log/auth.log
cron.* -/var/log/cron.log
kern.* -/var/log/kern.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
*.emerg :omusrmsg:*
# Template para formatar o JSON
template(name="json-template" type="list") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"host\":\"") property(name="hostname")
constant(value="\",\"severity\":\"") property(name="syslogseverity-text")
constant(value="\",\"facility\":\"") property(name="syslogfacility-text")
constant(value="\",\"message\":\"") property(name="msg" format="json")
constant(value="\"}")
}
# Envio para o RK-CORE
action(type="omelasticsearch"
server="172.19.0.1"
serverport="9200"
template="json-template"
searchIndex="host01-logs"
bulkmode="on"
errorfile="/var/log/rsyslog-descarte.log"
usehttps="on"
skipverifyhost="on"
allowunsignedcerts="on"
searchType=""
action.resumeRetryCount="-1"
# Autenticacao
uid="admin"
pwd="admin"
)