Switch to gelf forwarding for rsyslog server

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -97,5 +97,5 @@ zammad-test.cert.sunet.se:
 
 internal-sto3-test-rsyslog-1.cert.sunet.se:
   soc::rsyslog::server:
-    syslog_servers: ['89.47.185.185:5140']
+    gelf_graylog_servers: ['89.47.185.185:12201']
     relp_port: 2514

global/overlay/etc/puppet/modules/soc/manifests/rsyslog/server.pp

@@ -2,6 +2,7 @@
 class soc::rsyslog::server(
   $daily_rotation = true,
   $syslog_servers = lookup(syslog_servers, undef, undef, []),
+  $gelf_graylog_servers = lookup(gelf_graylog_servers, undef, undef, []),
   $relp_syslog_servers = lookup(relp_syslog_servers, undef, undef, []),
   $syslog_enable_remote = lookup('syslog_enable_remote', undef, undef, 'true'),
   $udp_port = lookup(udp_port, undef, undef, undef),
@@ -33,19 +34,25 @@ class soc::rsyslog::server(
       require => Package['rsyslog'],
       notify  => Service['rsyslog'],
       ;
-    '/etc/rsyslog.d/50-default.conf':
+    '/etc/rsyslog.d/99-default.conf':
       ensure  => file,
       mode    => '0644',
       content => template('soc/rsyslog/rsyslog-default.conf.erb'),
       require => Package['rsyslog'],
       notify  => Service['rsyslog'],
       ;
-    '/etc/rsyslog.d/60-remote.conf':
+    '/etc/rsyslog.d/10-remote-syslog.conf':
       ensure  => file,
       mode    => '0644',
       content => template('soc/rsyslog/rsyslog-remote.conf.erb'),
       require => Package['rsyslog'],
       ;
+    '/etc/rsyslog.d/10-remote.conf':
+      ensure  => file,
+      mode    => '0644',
+      content => template('soc/rsyslog/rsyslog-remote-gelf.conf.erb'),
+      require => Package['rsyslog'],
+      ;
   }
 
   service { 'rsyslog':

global/overlay/etc/puppet/modules/soc/templates/rsyslog/rsyslog-remote-gelf.conf.erb

@@ -0,0 +1,25 @@
+# Remote syslog configuration managed by Puppet (sunet::rsyslog)
+# Remote enabled by syslog_enable_remote: <%= @do_remote %>
+
+template(name="gelf" type="list") {
+    constant(value="{\"version\":\"1.1\",")
+    constant(value="\"host\":\"")
+    property(name="hostname")
+    constant(value="\",\"short_message\":\"")
+    property(name="msg" format="json")
+    constant(value="\",\"timestamp\":\"")
+    property(name="timegenerated" dateformat="unixtimestamp")
+    constant(value="\",\"level\":\"")
+    property(name="syslogseverity")
+    constant(value="\"}")
+}
+
+<% @gelf_graylog_servers.each do |server| -%>
+action(
+  type="omfwd"
+  target="<%= server.split(':')[0] %>"
+  port="<%= server.split(':')[1] %>"
+  protocol="udp"
+  template="gelf"
+)
+<% end -%>

global/overlay/etc/puppet/modules/soc/templates/rsyslog/rsyslog-remote.conf.erb

@@ -1,24 +0,0 @@
-# Remote syslog configuration managed by Puppet (sunet::rsyslog)
-# Remote enabled by syslog_enable_remote: <%= @do_remote %>
-
-<% if @do_remote %>
-<% @syslog_servers.each do |server| -%>
-action(
-  type="omfwd"
-  Target="<%= server.split(':')[0] %>"
-  Port="<%= server.split(':')[1] %>"
-)
-<% end -%>
-
-<% if @relp_syslog_servers != [] -%>
-module(load="omrelp")
-
-<% @relp_syslog_servers.each do |server| -%>
-action(
-  type="omrelp"
-  target="<%= server.split(':')[0] %>"
-  port="<%= server.split(':')[1] %>"
-)
-<% end -%>
-<% end -%>
-<% end -%>