| |
@@ -35,7 +35,7 @@
|
| |
$UDPServerRun 514
|
| |
$InputTCPMaxSessions 2000
|
| |
$InputTCPServerRun 514
|
| |
- $InputTCPServerRun 5000
|
| |
+ $InputTCPServerRun 5000
|
| |
$IMUXSockRateLimitInterval 0
|
| |
$SystemLogRateLimitInterval 0
|
| |
$WorkDirectory /var/lib/rsyslog
|
| |
@@ -213,3 +213,10 @@
|
| |
# this is only for the merged logs from auditd
|
| |
:msg, !contains, "type=AVC" ~
|
| |
local6.* ?m_audit;MergeFormat
|
| |
+
|
| |
+ # forward to splunk host, over tls
|
| |
+ *.* @splunk-syslog.corp.redhat.com:514
|
| |
+ $DefaultNetstreamDriver gtls # use gtls netstream driver
|
| |
+ $ActionSendStreamDriverMode 1 # require TLS for the connection
|
| |
+ $ActionSendStreamDriverAuthMode anon # server is NOT authenticated
|
| |
+ $DefaultNetstreamDriverCAFile {{private}}/files/splunk-certs/2022-IT-Root-CA.pem
|
| |
Fedora Logs needs to be forwarded to REDHAT splunk instance.
Workaround here , we can start from this first config.
Related to this issue => https://pagure.io/fedora-infrastructure/issue/10120