module(load="imuxsock")
module(load="mmjsonparse")
module(load="omelasticsearch")

$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

$WorkDirectory /var/spool/rsyslog
$IncludeConfig /etc/rsyslog.d/*.conf

*.*;auth,authpriv.none		-/var/log/syslog
auth,authpriv.*			/var/log/auth.log
cron.*				-/var/log/cron.log
kern.*				-/var/log/kern.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log
*.emerg				:omusrmsg:*

# Template para formatar o JSON
template(name="json-template" type="list") {
    constant(value="{")
    constant(value="\"@timestamp\":\"")     property(name="timereported" dateFormat="rfc3339")
    constant(value="\",\"host\":\"")         property(name="hostname")
    constant(value="\",\"severity\":\"")     property(name="syslogseverity-text")
    constant(value="\",\"facility\":\"")     property(name="syslogfacility-text")
    constant(value="\",\"message\":\"")      property(name="msg" format="json")
    constant(value="\"}")
}

# Envio para o RK-CORE
action(type="omelasticsearch"
       server="172.18.0.1"
       serverport="9200"
       template="json-template"
       searchIndex="host01-logs"
       bulkmode="on"
       errorfile="/var/log/rsyslog-descarte.log"
       usehttps="on"
       skipverifyhost="on"
       allowunsignedcerts="on"
       searchType=""
       action.resumeRetryCount="-1"

       # Autenticacao
       uid="admin"
       pwd="admin"
)