Pas facile de trouver des tutos à jour, et on s'y perd avec des syntaxes variantes selon les versions …
La doc:
For TAG don't forget to add “:“ at end of value !! Like $syslogtag==“foo:”
# sudo apt install rsyslog-relp
module(load="imrelp")
input(type="imrelp" Port="2514" MaxDataSize="10k"
Address="10.0.1.104" KeepAlive="on"
Ruleset="imrelpRemoteData")
# now define our ruleset, which also includes threading and queue parameters.
ruleset(name="imrelpRemoteData"
queue.type="LinkedList"
queue.workerThreads="2"
) {
action(type="omfile" file="/var/log/remote.log"
ioBufferSize="512k" flushOnTXEnd="off"
asyncWriting="on")
}
# forward some messages to server module(load="omrelp") *.* action(type="omrelp" target="10.0.1.104" port="2514")