From 992004b2fff7893c02cde14cb0364bcf64621fe6 Mon Sep 17 00:00:00 2001 From: Pierre Penhouet Date: Thu, 16 Nov 2023 10:59:47 +0100 Subject: [PATCH 1/2] Replace timestamp with local timestamp --- template.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/template.j2 b/template.j2 index 2d44226..5e95dfb 100644 --- a/template.j2 +++ b/template.j2 @@ -2,9 +2,9 @@ input(type="im{{ protocol | lower }}" port="{{ port }}" ruleset="remote{{ port } {% if debug %} template(name="SEKOIAIO_{{ name |lower }}_Input_Template" type="string" string="[Input \"{{ intake_key }}\"] %rawmsg%\n") -template(name="SEKOIAIO_{{ name |lower }}_Output_Template" type="string" string="[Output \"{{ intake_key }}\"] <%pri%>1 %timestamp:::date-rfc3339% %hostname% %app-name% %procid% LOG [SEKOIA@53288 intake_key=\"{{ intake_key }}\"] %msg:R,ERE,1,FIELD:^[ \t]*(.*)$--end%\n") +template(name="SEKOIAIO_{{ name |lower }}_Output_Template" type="string" string="[Output \"{{ intake_key }}\"] <%pri%>1 %timegenerated:::date-rfc3339% %hostname% %app-name% %procid% LOG [SEKOIA@53288 intake_key=\"{{ intake_key }}\"] %msg:R,ERE,1,FIELD:^[ \t]*(.*)$--end%\n") {% endif %} -template(name="SEKOIAIO_{{ name |lower }}_Template" type="string" string="<%pri%>1 %timestamp:::date-rfc3339% %hostname% %app-name% %procid% LOG [SEKOIA@53288 intake_key=\"{{ intake_key }}\"] %msg:R,ERE,1,FIELD:^[ \t]*(.*)$--end%\n") +template(name="SEKOIAIO_{{ name |lower }}_Template" type="string" string="<%pri%>1 %timegenerated:::date-rfc3339% %hostname% %app-name% %procid% LOG [SEKOIA@53288 intake_key=\"{{ intake_key }}\"] %msg:R,ERE,1,FIELD:^[ \t]*(.*)$--end%\n") ruleset(name="remote{{ port }}"){ action( type="omfwd" From bb2c7da3b566efeaad3d0bd7b507a29f0019a1f5 Mon Sep 17 00:00:00 2001 From: Pierre Penhouet Date: Thu, 16 Nov 2023 11:02:46 +0100 Subject: [PATCH 2/2] Bump docker image version to 2.1 --- .github/workflows/build-docker-image.yaml | 2 +- CHANGELOG.md | 4 ++++ docker-compose/docker-compose.yml | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker-image.yaml b/.github/workflows/build-docker-image.yaml index ab27493..6dba980 100644 --- a/.github/workflows/build-docker-image.yaml +++ b/.github/workflows/build-docker-image.yaml @@ -32,4 +32,4 @@ jobs: push: true tags: | ghcr.io/sekoia-io/sekoiaio-docker-concentrator:latest - ghcr.io/sekoia-io/sekoiaio-docker-concentrator:2.0 + ghcr.io/sekoia-io/sekoiaio-docker-concentrator:2.1 diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fc27ba..7223d79 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ All notable changes with sekoiaio concentrator will be documented in this file. +## [2.1] + +- Add local timestamp in rsyslog header instead of received timestamp + ## [2.0] - Manage syslog RFC 3164 (only 5424 in 1.0 version) diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml index 48203eb..708f947 100644 --- a/docker-compose/docker-compose.yml +++ b/docker-compose/docker-compose.yml @@ -1,7 +1,7 @@ version: "3.9" services: rsyslog: - image: ghcr.io/sekoia-io/sekoiaio-docker-concentrator:2.0 + image: ghcr.io/sekoia-io/sekoiaio-docker-concentrator:2.1 environment: - MEMORY_MESSAGES=2000000 - DISK_SPACE=180g