# file is managed by puppet
#
# Log to remote syslog server
# Templates
# RFC3164 emulation with long tags (32+)
$Template RemoteLog, "<%pri%>%timestamp% ironic/@DEPLOYMENT_ID@/%syslogtag%%msg:::sp-if-no-1st-sp%%msg%\n"
# RFC544 emulation would be: "<%pri%>1 %timestamp:::date-rfc3339% %hostname% %syslogtag% %procid% %msgid% %structured-data% %msg%\n"
# Note: don't use %app-name% cuz it would be empty for some cases
$ActionFileDefaultTemplate RemoteLog
$WorkDirectory /var/spool/rsyslog/
#Start remote server 0
$ActionQueueType LinkedList   # use asynchronous processing
$ActionQueueFileName remote0 # set file name, also enables disk mode
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueLowWaterMark 2000
$ActionQueueHighWaterMark 8000
$ActionQueueSize              1000000       # Reserve 500Mb memory, each queue element is 512b
$ActionQueueDiscardMark       950000        # If the queue looks like filling, start discarding to not block ssh/login/etc.
$ActionQueueDiscardSeverity   0             # When in discarding mode discard everything.
$ActionQueueTimeoutEnqueue    0             # When in discarding mode do not enable throttling.
$ActionQueueDequeueSlowdown 1000
$ActionQueueWorkerThreads 2
$ActionQueueDequeueBatchSize 128
$ActionResumeRetryCount -1


# Isolate sudo logs locally
# match if "program name" is equal to "sudo"
:programname, isequal, "sudo" -/var/log/sudo.log
&~

# Send messages we receive to master node via tcp
# Use an octet-counted framing (understood for rsyslog only) to ensure correct multiline messages delivery
*.* @(o)@SYSLOG_SERVER_IP@:514;RemoteLog
#End remote server 0