Atualização 10/04/2026 20:37

hosts/host01/rsyslog.conf

@@ -0,0 +1,50 @@
+module(load="imuxsock")
+module(load="mmjsonparse")
+module(load="omelasticsearch")
+
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+$WorkDirectory /var/spool/rsyslog
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+*.*;auth,authpriv.none		-/var/log/syslog
+auth,authpriv.*			/var/log/auth.log
+cron.*				-/var/log/cron.log
+kern.*				-/var/log/kern.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+*.emerg				:omusrmsg:*
+
+# Template para formatar o JSON
+template(name="json-template" type="list") {
+    constant(value="{")
+    constant(value="\"@timestamp\":\"")     property(name="timereported" dateFormat="rfc3339")
+    constant(value="\",\"host\":\"")         property(name="hostname")
+    constant(value="\",\"severity\":\"")     property(name="syslogseverity-text")
+    constant(value="\",\"facility\":\"")     property(name="syslogfacility-text")
+    constant(value="\",\"message\":\"")      property(name="msg" format="json")
+    constant(value="\"}")
+}
+
+# Envio para o RK-CORE
+action(type="omelasticsearch"
+       server="172.19.0.1"
+       serverport="9200"
+       template="json-template"
+       searchIndex="host01-logs"
+       bulkmode="on"
+       errorfile="/var/log/rsyslog-descarte.log"
+       usehttps="on"
+       skipverifyhost="on"
+       allowunsignedcerts="on"
+       searchType=""
+       action.resumeRetryCount="-1"
+
+       # Autenticacao
+       uid="admin"
+       pwd="admin"
+)