Browse Source

rsyslog: Mirror all syslog traffic to Graylog

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 3 years ago
parent
commit
a33cc56c52
2 changed files with 9 additions and 0 deletions
  1. 3 0
      rsyslog/init.sls
  2. 6 0
      rsyslog/rsyslog.conf.logserver

+ 3 - 0
rsyslog/init.sls

@@ -4,6 +4,7 @@
 
 {% set roles = salt['pillar.get'] ('nodes:' ~ grains['id'] ~ ':roles') %}
 {% set logserver = salt['pillar.get'] ('logging:syslog:logserver') %}
+{% set graylog_uri = salt['pillar.get'] ('logging:graylog:syslog_uri') %}
 
 rsyslog:
   pkg.installed:
@@ -30,6 +31,8 @@ rsyslog:
       - service: rsyslog
 {% if 'logserver' in roles %}
     - source: salt://rsyslog/rsyslog.conf.logserver
+    - template: jinja
+      graylog_uri: {{ graylog_uri }}
 {% else %}
     - source: salt://rsyslog/rsyslog.conf
     - template: jinja

+ 6 - 0
rsyslog/rsyslog.conf.logserver

@@ -51,6 +51,12 @@ $WorkDirectory /var/spool/rsyslog
 #
 $IncludeConfig /etc/rsyslog-early.d/*.conf
 
+
+#
+# Mirror all remaining logs to graylog
+#
+*.*	@{{ graylog_uri }}
+
 #
 # Include all config files in /etc/rsyslog.d/
 #