====== RSyslog ======

Pas facile de trouver des tutos à jour, et on s'y perd avec des syntaxes variantes selon les versions ...

La doc:
  * https://www.rsyslog.com/doc/v8-stable/
  * https://rsyslog.readthedocs.io/en/latest/configuration/

===== Configuration =====

  * [[https://www.rsyslog.com/doc/v8-stable/rainerscript/queue_parameters.html|General Queue Parameters]]
  * [[https://www.rsyslog.com/doc/v8-stable/configuration/properties.html|rsyslog Properties]]
  * [[https://www.rsyslog.com/doc/v8-stable/configuration/actions.html|Actions]]

==== Tips ====

For TAG don't forget to add **":"** at end of value !! Like ''$syslogtag=="foo:"''

==== protocol RELP ====

=== Server side ===

  * module [[https://rsyslog.readthedocs.io/en/latest/configuration/modules/imrelp.html|imrelp]]
  * module [[https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html|omfile]]

<code>
# sudo apt install rsyslog-relp
module(load="imrelp")
input(type="imrelp" Port="2514" MaxDataSize="10k"
        Address="10.0.1.104" KeepAlive="on"
        Ruleset="imrelpRemoteData")
# now define our ruleset, which also includes threading and queue parameters.
ruleset(name="imrelpRemoteData"
        queue.type="LinkedList"
        queue.workerThreads="2"
       ) {
    action(type="omfile" file="/var/log/remote.log"
           ioBufferSize="512k" flushOnTXEnd="off"
           asyncWriting="on")
}

</code>

=== Client side ===

  * module [[https://rsyslog.readthedocs.io/en/latest/configuration/modules/omrelp.html|omrelp]]

<code>
# forward some messages to server
module(load="omrelp")
*.* action(type="omrelp" target="10.0.1.104" port="2514")
</code>

=== Nginx ===

  * [[https://docs.nginx.com/nginx/admin-guide/monitoring/logging/#syslog]]
  * [[https://chabik.com/2019/02/nginx-logging-to-syslog/]]