Я пытаюсь создать rsyslog.conf с несколькими слушателями, например, с TLS и без него (с streamdriver).Можно создать несколько входных данных, но, как я читал в документации rsyslog, кажется невозможным переместить параметры streamdriver, например streamdriver.mode = "1", из module () в input () или action () при использованииomfile.Кто-нибудь знает, есть ли способ создать несколько слушателей с imtcp и omfile в качестве метода вывода?
мой рабочий скрипт для одного слушателя:
# Prints every message, even if repeated 1001 times in a second. Strongly recommend for use with Splunk
$RepeatedMsgReduction off
module(load="imtcp"
streamdriver.name="gtls" # use gtls netstream driver
streamdriver.mode="1" # require TLS for the connection
streamdriver.authmode="x509/name" # server is NOT authenticated
)
global(
defaultNetstreamDriverCAFile="/opt/splunk/etc/auth/sslCerts/CACertificate.pem"
defaultNetstreamDriverCertFile="/opt/splunk/etc/auth/sslCerts/ServerCertificate.pem"
defaultNetstreamDriverKeyFile="/opt/splunk/etc/auth/sslCerts/ServerPrivatKeyDec.key"
)
# Create as many inputs as you like. This listens to UDP + TCP 514.
input(type="imtcp" port="514" ruleset="SplunkNetwork")
# Template for directory + filename structure. Use %FROMHOST-IP% for IP without hostname resolution
template(name="filename-by-host" type="string" string="/opt/logfiles/%FROMHOST%/%$YEAR%-%$MONTH%-%$DAY%.log")
ruleset(name="SplunkNetwork") {
action(type="omfile" DynaFile="filename-by-host" DirCreateMode="0755" FileCreateMode="0644" DirOwner="splunk" DirGroup="splunk" FileOwner="splunk" FileGroup="splunk")
}
Что я хочу сделать - не работает - передача параметров потокового драйвера в input () или action ():
# Prints every message, even if repeated 1001 times in a second. Strongly recommend for use with Splunk
$RepeatedMsgReduction off
module(load="imtcp")
global(
defaultNetstreamDriverCAFile="/opt/splunk/etc/auth/sslCerts/CACertificate.pem"
defaultNetstreamDriverCertFile="/opt/splunk/etc/auth/sslCerts/ServerCertificate.pem"
defaultNetstreamDriverKeyFile="/opt/splunk/etc/auth/sslCerts/ServerPrivatKeyDec.key"
)
# Create as many inputs as you like. This listens to UDP + TCP 514.
input(type="imtcp" port="514" ruleset="SplunkNetwork-anon-no-tsl")
input(type="imtcp" port="1514" ruleset="SplunkNetwork-anon-tsl")
# Template for directory + filename structure. Use %FROMHOST-IP% for IP without hostname resolution
template(name="filename-by-host" type="string" string="/opt/logfiles/%FROMHOST%/%$YEAR%-%$MONTH%-%$DAY%.log")
ruleset(name="SplunkNetwork-anon-no-tsl") {
action(type="omfile" DynaFile="filename-by-host" DirCreateMode="0755" FileCreateMode="0644" DirOwner="splunk" DirGroup="splunk" FileOwner="splunk" FileGroup="splunk" StreamDriverMode="0" StreamDriver="gtls" StreamDriverAuthMode="anon")
}
ruleset(name="SplunkNetwork-anon-tsl") {
action(type="omfile" DynaFile="filename-by-host" DirCreateMode="0755" FileCreateMode="0644" DirOwner="splunk" DirGroup="splunk" FileOwner="splunk" FileGroup="splunk" StreamDriverMode="1" StreamDriver="gtls" StreamDriverAuthMode="anon")
}