rsyslog.conf

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html

###########################
#### GLOBAL DIRECTIVES ####
###########################

global(
    defaultNetstreamDriverCAFile="/SEKOIA-IO-intake.pem"
    maxMessageSize="250k"
    umask="0022"
    workDirectory="/var/spool/rsyslog"
)

#################
#### MODULES ####
#################
module(load="impstats" log.file="/var/log/rsyslog-stats.log" ruleset="stats" format="json")
module(load="imuxsock") # Provides support for local system logging
module(load="imtcp") # Provides support for tcp connections
module(load="imudp") # Provides support for udp connections


# Use traditional timestamp format and set the default permissions for all log files.
module(
    load="builtin:omfile"
    Template="RSYSLOG_TraditionalFileFormat"
    fileOwner="root"
    fileGroup="adm"
    fileCreateMode="0640"
    dirCreateMode="0755"
)

# Define main queue
main_queue(
    # file name template, also enables disk mode for the memory queue
    queue.filename="sekoia_queue"

    # allocate memory dynamically for the queue. Better for handling spikes
    queue.type="LinkedList"

    # maximum disk space used for the disk part of the queue
    queue.maxDiskSpace="${DISK_SPACE}"

    # how many messages (messages, not bytes!) to hold in memory
    queue.size="${MEMORY_MESSAGES}"

    # save the queue contents when stopping rsyslog
    queue.saveOnShutdown="on"
)


#
# Include all config files in /etc/rsyslog.d/
#
include(file="/etc/rsyslog.d/*.conf")
include(file="/extended_conf/*.conf")