Switch to gelf forwarding for rsyslog server

2025-02-24 14:47:15 +01:00 · 2025-02-24 14:47:15 +01:00 · 670d3bac24
commit 670d3bac24
parent 03b58db18a
4 changed files with 35 additions and 27 deletions
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@ -97,5 +97,5 @@ zammad-test.cert.sunet.se:

 internal-sto3-test-rsyslog-1.cert.sunet.se:
  soc::rsyslog::server:
-    syslog_servers: ['89.47.185.185:5140']
+    gelf_graylog_servers: ['89.47.185.185:12201']
    relp_port: 2514
--- a/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp
+++ b/global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp
@ -2,6 +2,7 @@
 class soc::rsyslog::server(
  $daily_rotation = true,
  $syslog_servers = lookup(syslog_servers, undef, undef, []),
+  $gelf_graylog_servers = lookup(gelf_graylog_servers, undef, undef, []),
  $relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),
  $syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),
  $udp_port = lookup(udp_port, undef, undef, undef),
@ -33,19 +34,25 @@ class soc::rsyslog::server(
      require => Package['rsyslog'],
      notify  => Service['rsyslog'],
      ;
-    '/etc/rsyslog.d/50-default.conf':
+    '/etc/rsyslog.d/99-default.conf':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog-default.conf.erb'),
      require => Package['rsyslog'],
      notify  => Service['rsyslog'],
      ;
-    '/etc/rsyslog.d/60-remote.conf':
+    '/etc/rsyslog.d/10-remote-syslog.conf':
      ensure  => file,
      mode    => '0644',
      content => template('soc/rsyslog/rsyslog-remote.conf.erb'),
      require => Package['rsyslog'],
      ;
+    '/etc/rsyslog.d/10-remote.conf':
+      ensure  => file,
+      mode    => '0644',
+      content => template('soc/rsyslog/rsyslog-remote-gelf.conf.erb'),
+      require => Package['rsyslog'],
+      ;
  }

  service { 'rsyslog':
--- a/global/overlay/etc/puppet/modules/soc/templates/rsyslog/rsyslog-remote-gelf.conf.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/rsyslog/rsyslog-remote-gelf.conf.erb
@ -0,0 +1,25 @@
+# Remote syslog configuration managed by Puppet (sunet::rsyslog)
+# Remote enabled by syslog_enable_remote: <%= @do_remote %>
+
+template(name="gelf" type="list") {
+    constant(value="{\"version\":\"1.1\",")
+    constant(value="\"host\":\"")
+    property(name="hostname")
+    constant(value="\",\"short_message\":\"")
+    property(name="msg" format="json")
+    constant(value="\",\"timestamp\":\"")
+    property(name="timegenerated" dateformat="unixtimestamp")
+    constant(value="\",\"level\":\"")
+    property(name="syslogseverity")
+    constant(value="\"}")
+}
+
+<% @gelf_graylog_servers.each do |server| -%>
+action(
+  type="omfwd"
+  target="<%= server.split(':')[0] %>"
+  port="<%= server.split(':')[1] %>"
+  protocol="udp"
+  template="gelf"
+)
+<% end -%>
--- a/global/overlay/etc/puppet/modules/soc/templates/rsyslog/rsyslog-remote.conf.erb
+++ b/global/overlay/etc/puppet/modules/soc/templates/rsyslog/rsyslog-remote.conf.erb
@ -1,24 +0,0 @@
-# Remote syslog configuration managed by Puppet (sunet::rsyslog)
-# Remote enabled by syslog_enable_remote: <%= @do_remote %>
-
-<% if @do_remote %>
-<% @syslog_servers.each do |server| -%>
-action(
-  type="omfwd"
-  Target="<%= server.split(':')[0] %>"
-  Port="<%= server.split(':')[1] %>"
-)
-<% end -%>
-
-<% if @relp_syslog_servers != [] -%>
-module(load="omrelp")
-
-<% @relp_syslog_servers.each do |server| -%>
-action(
-  type="omrelp"
-  target="<%= server.split(':')[0] %>"
-  port="<%= server.split(':')[1] %>"
-)
-<% end -%>
-<% end -%>
-<% end -%>