Skip to content

Latest commit

 

History

History
1993 lines (1112 loc) · 53.8 KB

REFERENCE.md

File metadata and controls

1993 lines (1112 loc) · 53.8 KB
Raw

Reference

Table of Contents

Classes

Public Classes

Private Classes

  • rsyslog::config
  • rsyslog::config::logrotate: Default log rotation for RSyslog
  • rsyslog::install: Installs the packages necessary for use of RSyslog
  • rsyslog::server::firewall: Sets up the firewall rules for RSyslog with management by simp/iptables
  • rsyslog::server::selinux: Sets up SELinux for RSyslog
  • rsyslog::server::tcpwrappers: Sets up TCPWrappers for RSyslog both plain TCP and TCP over TLS as necessary
  • rsyslog::service: Manage the RSyslog service

Defined types

Data types

  • Rsyslog::Boolean: Representation of boolean values that are translated to 'on' and 'off' in Rsyslog configuration
  • Rsyslog::Options: Hash of options to be used for Rsyslog global, legacy global or module configuration
  • Rsyslog::QueueType: Rsyslog Queue Types

Classes

rsyslog

The configuration is particularly slanted toward the issues present in the versions of rsyslog included with Enterprise Linux systems. It should still work on other systems but they may have different/other bugs that have not been addressed.

See rsyslog::config for additional, detailed configuration.

Examples

Create rules via hieradata:
rsyslog::rules:
  'some_path/99_collect_kernel_errors.conf':
    content: "if prifilt('kern.err') then /var/log/kernel_errors.log"
  'some_path/98_discard_info.conf':
    content: "if prifilt('*.info') then stop"

Parameters

The following parameters are available in the rsyslog class:

service_name

Data type: String

The name of the Rsyslog service; typically rsyslog

Default value: 'rsyslog'

package_name

Data type: String

The name of the Rsyslog package to install; typically rsyslog

Default value: 'rsyslog'

tls_package_name

Data type: String

The name of the Rsyslog package to install TLS utilities; typically rsyslog-gnutls

Default value: "${package_name}-gnutls"

trusted_nets

Data type: Simplib::Netlist

A list of subnets (in CIDR notation) permitted access

  • This will be used in conjunction with simp\iptables (if enabled) to allow connections from within the given subnets.

Default value: simplib::lookup('simp_options::trusted_nets', {'default_value' => ['127.0.0.1/32'] })

enable_tls_logging

Data type: Boolean

Enable the TLS libraries where applicable

  • If enabled, clients will encrypt all log data being sent to the given log servers. Also, all log servers specified to use TLS (see rsyslog::server::tls_tcp_server) will load the imtcp module and configure it for TLS.

Default value: false

log_servers

Data type: Simplib::Netlist

A list of primary Rsyslog servers

  • All nodes in this list will get a copy of all logs if remote logging is enabled.

Default value: simplib::lookup('simp_options::syslog::log_servers', { 'default_value' => [] })

failover_log_servers

Data type: Simplib::Netlist

A list of the failover Rsyslog servers

  • This order-dependent list will serve as all of the possible failover log servers for clients to send to if the servers in log_servers are unavailable.

Default value: simplib::lookup('simp_options::syslog::failover_log_servers', { 'default_value' => [] })

queue_spool_directory

Data type: Stdlib::Absolutepath

The path to the directory where Rsyslog should store disk message queues

Default value: '/var/spool/rsyslog'

rule_dir

Data type: Stdlib::Absolutepath

The path at which all managed rules will begin

Default value: '/etc/rsyslog.simp.d'

tcp_server

Data type: Boolean

Make this host listen for TCP connections

  • Ideally, all connections would be TLS enabled via $tls_tcp_server instead.
  • Only enable this if necessary.

Default value: false

tcp_listen_port

Data type: Simplib::Port

The port upon which to listen for regular TCP connections

Default value: 514

tls_tcp_server

Data type: Boolean

Make this host listen for TLS enabled TCP connections

Default value: false

tls_tcp_listen_port

Data type: Simplib::Port

The port upon which to listen for TLS enabled TCP connections

Default value: 6514

udp_server

Data type: Boolean

Make this host listen for UDP connections

  • This really should not be enabled unless you have devices that cannot speak TLS

Default value: false

udp_listen_address

Data type: String

The address upon which to listen for UDP connections

  • The default of 127.0.0.1 is set primariliy for supporting Java applications that cannot work with a modern method of logging.

Default value: '127.0.0.1'

udp_listen_port

Data type: Simplib::Port

The port upon which to listen for UDP connections

Default value: 514

read_journald

Data type: Boolean

Enable the processing of journald messages natively in Rsyslog

Default value: true

logrotate

Data type: Boolean

Ensure that logrotate is enabled on this system

  • You will need to configure specific logrotate settings via the logrotate module.

Default value: simplib::lookup('simp_options::logrotate', {'default_value' => false})

pki

Data type: Variant[Boolean,Enum['simp']]

  • If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/rsyslog/x509
  • If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/rsyslog/x509
  • If false, do not include SIMP's pki module and do not use pki::copy to manage certs. You will need to appropriately assign a subset of:
    • app_pki_dir
    • app_pki_key
    • app_pki_cert
    • app_pki_ca
    • app_pki_ca_dir

Default value: simplib::lookup('simp_options::pki', {'default_value' => false})

app_pki_external_source

Data type: String

  • If pki = 'simp' or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.

  • If pki = false, this variable has no effect.

Default value: simplib::lookup('simp_options::pki::source', {'default_value' => '/etc/pki/simp/x509'})

app_pki_dir

Data type: Stdlib::Absolutepath

Basepath of $default_net_stream_driver_ca_file, default_net_stream_driver_cert_file, and $default_net_stream_driver_key_file

Default value: '/etc/pki/simp_apps/rsyslog/x509'

rules

Data type: Hash

A hash of rsyslog rules, this parameter will enable you to create rules via hieradata

Default value: {}

rsyslog::server

This class is designed to configure the externally facing interfaces for a RSyslog system. If you do not need external connectivity, you should just use the stock rsyslog Class.

Parameters

The following parameters are available in the rsyslog::server class:

enable_firewall

Data type: Boolean

Enable the SIMP firewall rules for RSyslog

Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })

enable_selinux

Data type: Optional[Boolean]

Enable the SIMP SELinux rules for RSyslog

Default value: $facts['os']['selinux']['enforced']

enable_tcpwrappers

Data type: Boolean

Enable the SIMP TCPWrapper rules for RSyslog

Default value: simplib::lookup('simp_options::tcpwrappers', { 'default_value' => false })

Defined types

rsyslog::rule

This is used by the various rsyslog::rule::* Defined Types to apply rules to the system.

The naming convention for the rule must be some_directory/rule_name.conf

Feel free to use this Defined Type to add your own rules but remember that order matters!

In general, the order will be:

Examples

Collect All kern.err Messages
rsyslog::rule { '99_simp_local/99_collect_kernel_errors.conf':
  content =>  "if prifilt('kern.err') then /var/log/kernel_errors.log"
}
Discard All info Messages
rsyslog::rule::other { '98_discard_info.conf':
  rule =>  "if prifilt('*.info') then stop"
}

Parameters

The following parameters are available in the rsyslog::rule defined type:

name

Data type: Pattern['^[^/]\S+/\S+\.conf$']

The filename that you will be dropping into place

  • WARNING: This must NOT be an absolute path!
content

Data type: String

The exact content of the rule to place in the target file

rsyslog::rule::console

These rules first in priority. In general, the order will be:

Examples

Log Emergency Messages to the Console
rsyslog::rule::console { 'emergency_rule':
  rule  => 'prifilt(\'*.emerg\'),
  users => ['*']
}

Parameters

The following parameters are available in the rsyslog::rule::console defined type:

name

Data type: String

The filename that you will be dropping into place

rule

Data type: String

The Rsyslog EXPRESSION to filter on

users

Data type: Array[String]

Users to which to send the console messages

rsyslog::rule::data_source

In general, the order will be:

The filename that you will be dropping into place.

Examples

Collect Logs From /opt/log/my_app
rsyslog::rule::data_source { 'new_input':
  rule => @(EOM)
    input(type="imfile"
      File="/opt/log/my_app"
      StateFile="my_app"
      Tag="my_app"
      Facility="local6"
      Severity="notice"
    )
    |EOM
}

Parameters

The following parameters are available in the rsyslog::rule::data_source defined type:

name

Data type: String

The filename that you will be dropping into place

rule

Data type: String

The Rsyslog EXPRESSION to filter on

rsyslog::rule::drop

In general, the order will be:

The filename that you will be dropping into place.

Examples

Drop Logs Matching ^.*bad_stuff.*$
rsyslog::rule::drop { 'drop_bad_stuff':
  rule => 're_match($msg, '^.*bad_stuff.*$')'
}

Parameters

The following parameters are available in the rsyslog::rule::drop defined type:

name

Data type: String

The filename that you will be dropping into place

rule

Data type: String

The Rsyslog EXPRESSION to filter on

rsyslog::rule::local

NOTE: Any option that is not explicitly documented here matches the ruleset options in the Rsyslog documentation.

In general, the order will be:

  • Data Source Rules
  • Console Rules
  • Drop Rules
  • Remote Rules
  • Other/Miscellaneous Rules
  • Local Rules

NOTE: Since many of the parameters here may need to be modified on a case-by-base basis, this defined type uses capabilities presented by the simplib::dlookup function to allow for either global overrides or instance-specific overrides.

Global overrides work the same way as classes (rsyslog::rule::local::file_create_mode: '0644') but will affect all instances of the defined type that are not specifically overridden as shown below.

Instance specific overrides preclude the need for a resource collector in that you can place the follwing in Hiera to affect a single instance named my_rule: Rsyslog::Rule::Local[my_rule]::file_create_mode: '0600'

Examples

Capture OpenLDAP Logs Then Stop Processing
rsyslog::rule::local { 'collect_openldap':
  rule            => "prifilt('local4.*')",
  target_log_file => '/var/log/slapd.log',
  stop_processing => true
}

Parameters

The following parameters are available in the rsyslog::rule::local defined type:

name

Data type: String

The filename that you will be dropping into place

rule

Data type: Optional[String[1]]

The Rsyslog EXPRESSION to filter on

  • NOTE: Do NOT include the leading if/then

    • Correct: ``rule => "prifilt('.')"
    • Incorrect: rule => "if prifilt('*.*') then"

  • This must be set if $content is undefined

Default value: undef

target_log_file

Data type: Optional[Stdlib::Absolutepath]

The target log file that omfile will be writing to

  • This must be set if $dyna_file is undefined

Default value: undef

stop_processing

Data type: Boolean

Do not forward logs to any further rulesets after processing this ruleset

Default value: false

dyna_file

Data type: Optional[String[1]]

Set a dynamic filename using the property replacer rules

  • NOTE: If you make this the filename path itself, a template will automatically be created for you. Otherwise, you must make sure to have a rsyslog template in place and pass the name of the template to this option

  • Rsyslog templates can be created using the rsyslog::template::* defined types

Default value: undef

template

Data type: Optional[String[1]]

Default value: undef

dyna_file_cache_size

Data type: Integer[0]

Default value: 10

zip_level

Data type: Integer[0,9]

Default value: 0

very_robust_zip

Data type: Boolean

Default value: true

flush_interval

Data type: Integer[0]

Default value: 0

async_writing

Data type: Boolean

Default value: false

flush_on_tx_end

Data type: Boolean

Default value: true

io_buffer_size

Data type: Optional[Integer[0]]

Default value: undef

dir_owner

Data type: Optional[String[1]]

Default value: undef

dir_owner_num

Data type: Optional[Integer[0]]

Default value: undef

dir_group

Data type: Optional[String[1]]

Default value: undef

dir_group_num

Data type: Optional[Integer[0]]

Default value: undef

file_owner

Data type: Optional[String[1]]

Default value: undef

file_owner_num

Data type: Optional[Integer[0]]

Default value: undef

file_group

Data type: Optional[String[1]]

Default value: undef

file_group_num

Data type: Optional[Integer[0]]

Default value: undef

file_create_mode

Data type: Stdlib::Filemode

Default value: simplib::dlookup('rsyslog::rule::local', 'file_create_mode', $name, { 'default_value' => '0640' })

dir_create_mode

Data type: Stdlib::Filemode

Default value: simplib::dlookup('rsyslog::rule::local', 'dir_create_mode', $name, { 'default_value' => '0750' })

fail_on_chown_failure

Data type: Boolean

Default value: true

create_dirs

Data type: Boolean

Default value: true

sync

Data type: Boolean

Default value: false

sig_provider

Data type: Optional[String[1]]

Default value: undef

cry_provider

Data type: Optional[String[1]]

Default value: undef

queue_validation_log_level

Data type: Simplib::PuppetLogLevel

Default value: simplib::dlookup('rsyslog::rule::local', 'queue_validation_log_level', $name, { 'default_value' => 'warning' })

queue_filename

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

queue_spool_directory

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

queue_size

Data type: Optional[Integer[0]]

Default value: undef

queue_dequeue_batch_size

Data type: Optional[Integer[0]]

Default value: undef

queue_max_disk_space

Data type: Optional[Integer[0]]

Default value: undef

queue_high_watermark

Data type: Optional[Integer[0]]

Default value: undef

queue_low_watermark

Data type: Optional[Integer[0]]

Default value: undef

queue_full_delay_mark

Data type: Optional[Integer[0]]

Default value: undef

queue_light_delay_mark

Data type: Optional[Integer[0]]

Default value: undef

queue_discard_mark

Data type: Optional[Integer[0]]

Default value: undef

queue_discard_severity

Data type: Optional[Integer[0]]

Default value: undef

queue_checkpoint_interval

Data type: Optional[Integer[0]]

Default value: undef

queue_sync_queue_files

Data type: Boolean

Default value: false

queue_type

Data type: Rsyslog::QueueType

Default value: 'Direct'

queue_worker_threads

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_shutdown

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_action_completion

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_enqueue

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_worker_thread_shutdown

Data type: Optional[Integer[0]]

Default value: undef

queue_worker_thread_minimum_messages

Data type: Optional[Integer[0]]

Default value: undef

queue_max_file_size

Data type: Optional[String[1]]

Default value: simplib::dlookup('rsyslog::rule::local', 'queue_max_file_size', $name, { 'default_value' => undef })

queue_save_on_shutdown

Data type: Boolean

Default value: false

queue_dequeue_slowdown

Data type: Optional[Integer[0]]

Default value: undef

queue_dequeue_time_begin

Data type: Optional[Integer[0]]

Default value: undef

queue_dequeue_time_end

Data type: Optional[Integer[0]]

Default value: undef

content

Data type: Optional[String[1]]

the *entire content of the rsyslog::rule

  • If you do not specify this, $rule is a required variable

  • If you do specify this, $rule will be ignored

Default value: undef

rsyslog::rule::other

The main reason to use this is to ensure proper ordering in the stack. If you want to insert a rule anywhere, use the $rsyslog::rule Defined Type

In general, the order will be:

  • Data Source Rules
  • Console Rules
  • Drop Rules
  • Remote Rules
  • Other/Miscellaneous Rules
  • Local Rules

fine: rsyslog::rule::other

The filename that you will be dropping into place.

Examples

Send All local0 Messages to 1.2.3.4 via TCP
rsyslog::rule::other { 'send_local0_away':
  rule =>  "if prifilt('local0.*') then @@1.2.3.4"
}

Parameters

The following parameters are available in the rsyslog::rule::other defined type:

name

Data type: String

The filename that you will be dropping into place

rule

Data type: String

The Rsyslog EXPRESSION to filter on

rsyslog::rule::remote

The rule will include a forwarding ('omfwd') action for each primary and failover syslog server specified via $dest and $failover_log_servers, respectively.

In general, the order will be:

  • Data Source Rules
  • Console Rules
  • Drop Rules
  • Remote Rules
  • Other/Miscellaneous Rules
  • Local Rules

In general, individual send stream driver settings are properly supported with the Rsyslog 8 EL versions available for CentOS 7 and the Rsyslog 7 EL versions available for CentOS 6. However, for TLS support, you must also configure global Rsyslog parameters as follows:

  • TLS sending and/or receiving requires the global DefaultNetStreamDriver, DefaultNetStreamDriverCAFile, DefaultNetStreamDriverCertFile, and DefaultNetStreamDriverKeyFile parameters to be configure via rsyslog::config.

  • TLS sending for Rsyslog 7 EL versions requires the global ActionSendStreamDriverMode configuration parameter to be configured via rsyslog::config IN ADDITION TO the $stream_driver_mode.

WARNING

If possible, this module will take pains to prevent adding a target that is equivalent to the current system to prevent syslog loops.

Unfortunately, there is no foolproof method for getting this correct 100% of the time so please take care when setting your destination targets.

WARNING

Examples

Send All local0 Messages to 1.2.3.4 via TCP
rsyslog::rule::remote { 'send_local0_away':
  rule => "prifilt('local0.*')",
  dest => ['1.2.3.4']
}

Parameters

The following parameters are available in the rsyslog::rule::remote defined type:

name

Data type: String

The filename that you will be dropping into place

rule

Data type: Optional[String[1]]

The Rsyslog EXPRESSION to filter on

  • This should only be the matching part of the expression, the remaining parameters take care of ensuring that the material is properly routed.

  • NOTE: Do NOT include the leading if/then

    • Correct: ``rule => "prifilt('.')"
    • Incorrect: rule => "if prifilt('*.*') then"

Default value: undef

stop_processing

Data type: Boolean

Do not forward logs to any further rulesets after processing this ruleset

Default value: false

template

Data type: Optional[String[1]]

The template that should be used to format the content

Default value: undef

dest

Data type: Simplib::Netlist

If filled, logs matching $rule will be sent to all hosts in this Array.

  • WARNING: If using this, do NOT add a destination to your rule

Default value: []

dest_type

Data type: Enum['tcp','udp','relp']

The destination type for all entries in $dest

  • At this time, if you wish to have different types per destination, you will need to either create a rsyslog::rule::remote for each destnation or craft your own ruleset and leave $dest empty.

Default value: 'tcp'

failover_log_servers

Data type: Simplib::Netlist

The listed systems will be used as failover servers for all logs matching this rule

  • Uses $dest_type above

Default value: []

tcp_framing

Data type: Enum['traditional','octet-counted']

Default value: 'traditional'

zip_level

Data type: Integer[0,9]

Default value: 0

max_error_messages

Data type: Integer[0]

Default value: 5

compression_mode

Data type: Enum['none','single','stream:always']

Default value: 'none'

compression_stream_flush_on_tx_end

Data type: Boolean

Default value: true

rebind_interval

Data type: Optional[Integer[0]]

Default value: undef

keep_alive

Data type: Optional[Boolean]

Default value: undef

keep_alive_probes

Data type: Optional[Integer[0]]

Default value: undef

keep_alive_interval

Data type: Optional[Integer[0]]

Default value: undef

keep_alive_time

Data type: Optional[Integer[0]]

Default value: undef

action_resume_interval

Data type: Integer[0]

Default value: 30

action_resume_retry_count

Data type: Integer[-1]

Default value: -1

stream_driver

Data type: Optional[String[1]]

  • This is only used to set the StreamDriver directive in the forwarding actions for remote servers if TLS is enabled and $dest_type is not UDP.

  • Overridden by 'DefaultNetstreamDriver' global stream configuration specified by rsyslog::config::default_net_stream_driver.

Default value: undef

stream_driver_mode

Data type: Integer[0]

  • This is only used to set the StreamDriverMode directive in the forwarding actions for remote servers if TLS is enabled and $dest_type is not UDP.

Default value: 1

stream_driver_auth_mode

Data type: String

This is only used to set the StreamDriverAuthMode directive in the forwarding actions for remote servers if TLS is enabled and $dest_type is not UDP.

Default value: 'x509/name'

stream_driver_permitted_peers

Data type: Optional[String[1]]

  • This is only used to set the StreamDriverPermittedPeers directive in the forwarding actions for remote servers if TLS is enabled and $dest_type is not UDP.

  • If this is set, the value will be used for all forwarding actions for the remote servers in $dest and $failover_log_servers.

  • If this is undefined,

    • If ALL of the remote servers in $dest and $failover_log_servers are specified as a hostname variants, the StreamDriverPermittedPeers directive for the forwarding action for each server will be set to that server's hostname.

    • If ANY and of the remote servers in $dest and $failover_log_servers is specified as an IP address variant, the StreamDriverPermittedPeers directive for the forwarding action for each server will be set to the domain of the Puppet client. This behavior provides backward compatibility with earlier versions of this module.

  • rsyslog expects StreamDriverPermittedPeers to be a comma-separated list of fingerprints (SHA1) and/or names of remote peers, which it will use to match against the certificate presented from the remote server.

Default value: undef

resend_last_msg_on_reconnect

Data type: Boolean

Default value: true

udp_send_to_all

Data type: Boolean

Default value: false

queue_validation_log_level

Data type: Simplib::PuppetLogLevel

Default value: simplib::dlookup('rsyslog::rule::remote', 'queue_validation_log_level', $name, { 'default_value' => 'warning' })

queue_filename

Data type: Optional[String[1]]

Default value: undef

queue_spool_directory

Data type: Optional[Stdlib::Absolutepath]

Default value: undef

queue_size

Data type: Optional[Integer[0]]

Default value: undef

queue_dequeue_batch_size

Data type: Optional[Integer[0]]

Default value: undef

queue_max_disk_space

Data type: Optional[Integer[0]]

Default value: undef

queue_high_watermark

Data type: Optional[Integer[0]]

Default value: undef

queue_low_watermark

Data type: Optional[Integer[0]]

Default value: undef

queue_full_delay_mark

Data type: Optional[Integer[0]]

Default value: undef

queue_light_delay_mark

Data type: Optional[Integer[0]]

Default value: undef

queue_discard_mark

Data type: Optional[Integer[0]]

Default value: undef

queue_discard_severity

Data type: Optional[Integer[0]]

Default value: undef

queue_checkpoint_interval

Data type: Optional[Integer[0]]

Default value: undef

queue_sync_queue_files

Data type: Boolean

Default value: false

queue_type

Data type: Rsyslog::QueueType

Default value: 'LinkedList'

queue_worker_threads

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_shutdown

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_action_completion

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_enqueue

Data type: Optional[Integer[0]]

Default value: undef

queue_timeout_worker_thread_shutdown

Data type: Optional[Integer[0]]

Default value: undef

queue_worker_thread_minimum_messages

Data type: Optional[Integer[0]]

Default value: undef

queue_max_file_size

Data type: Optional[String[1]]

Default value: undef

queue_save_on_shutdown

Data type: Boolean

Default value: true

queue_dequeue_slowdown

Data type: Optional[Integer[0]]

Default value: undef

queue_dequeue_time_begin

Data type: Optional[Integer[0]]

Default value: undef

queue_dequeue_time_end

Data type: Optional[Integer[0]]

Default value: undef

content

Data type: Optional[String[1]]

the *entire content of the rsyslog::rule

  • If you do not specify this, $rule is a required variable

  • If you do specify this, $rule will be ignored

Default value: undef

rsyslog::template::list

RSyslog list templates can contain properties and constants. In order to capture this functionality, we have opted for making a hash of these. The Hash will be ordered as given to the content variable.

Examples

Content Settings
$content_hash = {
  'constant' => 'values="Syslog MSG is: \'"',
  'property' => 'name="msg"'
}

rsyslog::template::list { 'example_list':
  $content => $content_hash
}

### Produces:

template(name="example_list" type="list") {
  constant(value="Syslog MSG is: '")
  property(name="msg")
}

Parameters

The following parameters are available in the rsyslog::template::list defined type:

name

Data type: String

The literal name (not path) of the file that will be written

content

Data type: Hash[String,String,1]

The rsyslog list content that you wish to add to the system, as a Hash

rsyslog::template::plugin

NOTE: Plugins are as-is. This means that you will only supply the plugin name and assume that the plugin has already been loaded by RSyslog.

Examples

Adding the my_plugin Plugin to the System
rsyslog::template::string { 'example_plugin':
  $plugin => 'my_plugin'
}

### Produces:

template(name="example_plugin" type="plugin" plugin="my_plugin")

Parameters

The following parameters are available in the rsyslog::template::plugin defined type:

name

Data type: String

The literal name of the file (not the full path) that will be used

plugin

Data type: String

The rsyslog plugin content that you wish to add to the system

  • This is provided, without formatting, directly into the target file

rsyslog::template::string

You'll need to write the entire template line due to the complexity of the rsyslog configuration parameters.

Leading spaces will be removed.

Examples

Template String
rsyslog::template::string { 'example':
  $content => '/var/log/hosts/%HOSTNAME%/example.log'
}

### Produces:

template(name="example" type="string" string="/var/log/hosts/%HOSTNAME%/example.log")

Parameters

The following parameters are available in the rsyslog::template::string defined type:

name

Data type: String

The literal name of the file (not file path) that will be used

string

Data type: String

The rsyslog template string that you wish to add to the system

  • This is fed, without formatting, directly into the target file

rsyslog::template::subtree

You'll need to write the entire subtree line due to the complexity of the rsyslog configuration parameters.

Examples

Subtree (From the Official RSyslog Docs)
rsyslog::template::subtree { 'example_subtree':
  $variables => ['$!usr!tp12!msg = $msg;', '$!usr!tp12!dataflow = field($msg, 58, 2);'],
  $subtree   => '$!usr!tp12'
}

### Produces:

set $!usr!tp12!msg = $msg;
set $!usr!tp12!dataflow = field($msg, 58, 2);
template(name="example" type="subtree" subtree="$!usr!tp12")

Parameters

The following parameters are available in the rsyslog::template::subtree defined type:

name

Data type: String

The literal name of the file (not a path) that will be used

subtree

Data type: String

The rsyslog subtree content that you wish to add to the system

  • This is fed, without formatting, directly into the subtree parameter
variables

Data type: Array[String]

Variables to be set prior to the template being created

Default value: []

Data types

Rsyslog::Boolean

Representation of boolean values that are translated to 'on' and 'off' in Rsyslog configuration

Alias of Variant[Enum['on','off'], Boolean]

Rsyslog::Options

Hash of options to be used for Rsyslog global, legacy global or module configuration

Alias of Hash[String, Variant[Numeric,String]]

Rsyslog::QueueType

Rsyslog Queue Types

Alias of Enum['FixedArray', 'LinkedList', 'Direct', 'Disk']