Rsyslog使用omfile作为输出创建两个侦听器(使用和不使用TLS)。可能与否?

问题描述 投票:0回答:1

我正在尝试使用多个侦听器创建一个rsyslog.conf,例如有和没有TLS(使用streamdriver)。可以创建多个输入,但正如我在rsyslog文档中所读到的那样,似乎无法移动streamdriver参数,例如使用omfile时,从module()到input()或action()的streamdriver.mode =“1”。有没有人知道是否有办法用imtcp和omfile作为输出方法创建多个监听器?

我的单个监听器的工作脚本:

# Prints every message, even if repeated 1001 times in a second. Strongly recommend for use with Splunk
$RepeatedMsgReduction off

module(load="imtcp"
    streamdriver.name="gtls" # use gtls netstream driver
    streamdriver.mode="1" # require TLS for the connection
    streamdriver.authmode="x509/name" # server is NOT authenticated
)

global(
    defaultNetstreamDriverCAFile="/opt/splunk/etc/auth/sslCerts/CACertificate.pem"
    defaultNetstreamDriverCertFile="/opt/splunk/etc/auth/sslCerts/ServerCertificate.pem"
    defaultNetstreamDriverKeyFile="/opt/splunk/etc/auth/sslCerts/ServerPrivatKeyDec.key"
)

# Create as many inputs as you like. This listens to UDP + TCP 514.
input(type="imtcp" port="514" ruleset="SplunkNetwork")


# Template for directory + filename structure. Use %FROMHOST-IP% for IP without hostname resolution
template(name="filename-by-host" type="string" string="/opt/logfiles/%FROMHOST%/%$YEAR%-%$MONTH%-%$DAY%.log")

ruleset(name="SplunkNetwork") {
        action(type="omfile" DynaFile="filename-by-host" DirCreateMode="0755" FileCreateMode="0644" DirOwner="splunk" DirGroup="splunk" FileOwner="splunk" FileGroup="splunk")
}

我想做什么 - 不工作 - 将streamdriver参数传递给input()或action():

# Prints every message, even if repeated 1001 times in a second. Strongly recommend for use with Splunk
$RepeatedMsgReduction off

module(load="imtcp")

global(
    defaultNetstreamDriverCAFile="/opt/splunk/etc/auth/sslCerts/CACertificate.pem"
    defaultNetstreamDriverCertFile="/opt/splunk/etc/auth/sslCerts/ServerCertificate.pem"
    defaultNetstreamDriverKeyFile="/opt/splunk/etc/auth/sslCerts/ServerPrivatKeyDec.key"
)

# Create as many inputs as you like. This listens to UDP + TCP 514.
input(type="imtcp" port="514" ruleset="SplunkNetwork-anon-no-tsl")
input(type="imtcp" port="1514" ruleset="SplunkNetwork-anon-tsl")


# Template for directory + filename structure. Use %FROMHOST-IP% for IP without hostname resolution
template(name="filename-by-host" type="string" string="/opt/logfiles/%FROMHOST%/%$YEAR%-%$MONTH%-%$DAY%.log")

ruleset(name="SplunkNetwork-anon-no-tsl") {
        action(type="omfile" DynaFile="filename-by-host" DirCreateMode="0755" FileCreateMode="0644" DirOwner="splunk" DirGroup="splunk" FileOwner="splunk" FileGroup="splunk" StreamDriverMode="0" StreamDriver="gtls" StreamDriverAuthMode="anon")
}

ruleset(name="SplunkNetwork-anon-tsl") {
        action(type="omfile" DynaFile="filename-by-host" DirCreateMode="0755" FileCreateMode="0644" DirOwner="splunk" DirGroup="splunk" FileOwner="splunk" FileGroup="splunk" StreamDriverMode="1" StreamDriver="gtls" StreamDriverAuthMode="anon")
}
rsyslog rainerscript
1个回答
-1
投票

你可以用

  • imtcp for TLS
  • 用于TCP的imptcp
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.