Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / rsyslog / 67a9d7718ed356ecb1d4d399ca053ea2c4c3ffd9^! / . / README.rst
commit67a9d7718ed356ecb1d4d399ca053ea2c4c3ffd9[log] [tgz]
authorOleksii Chupryn <achuprin@mirantis.com>Thu Mar 22 23:58:50 2018 +0200
committerOleksii Chupryn <achuprin@mirantis.com>Fri Mar 30 09:09:50 2018 +0300
tree36d9a94b2ccb1b548011a83dc7afde9dc8230491
parentb555e6f63e1e8962f68df37ec3c213243d64b82e [diff] [blame]
Add ability to configure rsyslog tls encription

Change-Id: Ifc4279dc9f556550a1957f108e5b335ce4784478

diff --git a/README.rst b/README.rst
index bd98749..cde963d 100644
--- a/README.rst
+++ b/README.rst

@@ -102,7 +102,7 @@
             rabbitmq:
               File: "/var/log/rabbitmq/*.log"
               Tag: "rabbitmq__"
-              Severitet: "notice"
+              Severity: "notice"
               Facility: "local0"
               PersistStateInterval: "0"
               Ruleset: "myapp_logs"
@@ -117,6 +117,76 @@
           myapp_logs:
             description: 'set $.suffix=re_extract($!metadata!filename, "(.*)/([^/]*[^/.log])", 0, 2, "all.log"); call remote_logs'
 
+Rsyslog service with GNU TLS encryption for forwarding the messages (omfwd module with gtls network stream driver).
+
+.. code-block:: yaml
+
+  rsyslog:
+    client:
+      pkgs:
+        - rsyslog-gnutls
+        - rsyslog
+      run_user: syslog
+      run_group: adm
+      enabled: true
+      ssl:
+        enabled: true
+        engine: manual
+        key: |
+          -----BEGIN RSA PRIVATE KEY-----
+          -----END RSA PRIVATE KEY-----
+        cert: |
+          -----BEGIN CERTIFICATE-----
+          -----END CERTIFICATE-----
+        cacert_chain: |
+          -----BEGIN CERTIFICATE-----
+          -----END CERTIFICATE-----
+      rainerscript:
+        global:
+          defaultNetstreamDriverCAFile: "/etc/rsyslog.d/rsyslog_ca.crt"
+          defaultNetstreamDriverKeyFile: "/etc/rsyslog.d/rsyslog_client.key"
+          defaultNetstreamDriverCertFile: "/etc/rsyslog.d/rsyslog_client.crt"
+      output:
+        remote:
+          somehost.domain:
+            action: 'action(type="omfwd" Target="172.16.10.92" Port="20514" Protocol="tcp" streamDriver="gtls" streamDriverauthMode="anon" streamDriverMode="1")'
+            filter: "*.*"
+            enabled: true
+
+Rsyslog service with RELP TLS encryption for forwarding the messages (omrelp module).
+
+.. code-block:: yaml
+
+  rsyslog:
+    client:
+      pkgs:
+        - rsyslog-relp
+        - rsyslog
+      run_user: syslog
+      run_group: adm
+      enabled: true
+      ssl:
+        enabled: true
+        engine: manual
+        key: |
+          -----BEGIN RSA PRIVATE KEY-----
+          -----END RSA PRIVATE KEY-----
+        cert: |
+          -----BEGIN CERTIFICATE-----
+          -----END CERTIFICATE-----
+        cacert_chain: |
+          -----BEGIN CERTIFICATE-----
+          -----END CERTIFICATE-----
+      rainerscript:
+        module:
+          omrelp: {}
+      output:
+        remote:
+          somehost.domain:
+            action: 'action(type="omrelp" target="172.16.10.92" port="20514" tls="on" tls.caCert="/etc/rsyslog.d/rsyslog_ca.crt" tls.myCert="/etc/rsyslog.d/rsyslog_client.crt" tls.myPrivKey="/etc/rsyslog.d/rsyslog_client.key" tls.authmode="name" tls.permittedpeer=["remote.example.com"])'
+            filter: "*.*"
+            enabled: true
+
 Custom templates
 ================