SkillAgentSearch skills...

Rsyslog

Development repository for the rsyslog cookbook

GenerateConvertImprove

Install / Use

/learn @sous-chefs/Rsyslog
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

rsyslog Cookbook

Cookbook Version CI State OpenCollective OpenCollective License

Installs and configures rsyslog to replace syslogd for client and/or server use. By default, the service will be configured to log to files on local disk. See the Recipes and Examples sections for other uses.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

Platforms

  • CentOS 8+ (incl. Rocky & Alma)
  • Debian 11+
  • Fedora
  • OpenSUSE Leap
  • SmartOS / OmniOS
  • Ubuntu 20.04+

Chef

  • Chef 15.3+

Other

To use the recipe[rsyslog::client] recipe, you'll need to set up the rsyslog.server_search or rsyslog.server_ip attributes. See the Recipes and Examples sections below.

Attributes

See attributes/default.rb for default values.

  • node['rsyslog']['log_dir'] - If the node is an rsyslog server, this specifies the directory where the logs should be stored.
  • node['rsyslog']['working_dir'] - The temporary working directory where messages are buffered
  • node['rsyslog']['working_dir_mode'] - The temporary working directory access mode
  • node['rsyslog']['server'] - Determined automatically and set to true on the server.
  • node['rsyslog']['server_ip'] - If not defined then search will be used to determine rsyslog server. Default is nil. This can be a string or an array.
  • node['rsyslog']['server_search'] - Specify the criteria for the server search operation. Default is role:loghost.
  • node['rsyslog']['protocol'] - Specify whether to use udp or tcp for remote loghost. Default is tcp. To use both specify both in a string e.g. 'udptcp'.
  • node['rsyslog']['bind'] - Specify the address to which the server should be listening; only use with node['rsyslog']['protocol'] = 'udp' because the feature does not work with the tcp protocol (more info).
  • node['rsyslog']['port'] - Specify the port which rsyslog should connect to a remote loghost.
  • node['rsyslog']['remote_logs'] - Specify whether to send all logs to a remote server (client option). Default is true.
  • node['rsyslog']['per_host_dir'] - "PerHost" directories for template statements in 35-server-per-host.conf. Default value is the previous cookbook version's value, to preserve compatibility. See server recipe below.
  • node['rsyslog']['priv_seperation'] - Whether to use privilege separation or not.
  • node['rsyslog']['priv_user'] - User to run as when using privilege separation. Defult is node['rsyslog']['user']
  • node['rsyslog']['priv_group'] - Group to run as when using privilege separation. Defult is node['rsyslog']['group']
  • node['rsyslog']['max_message_size'] - Specify the maximum allowed message size. Default is 2k. Specifying 'nil' or 'false' will not generate the associated directive in the configuration at all.
  • node['rsyslog']['user'] - Who should own the configuration files and directories
  • node['rsyslog']['group'] - Who should group-own the configuration files and directories
  • node['rsyslog']['dir_owner'] - Who should own the log directories
  • node['rsyslog']['dir_group'] - Who should group-own the log directories
  • node['rsyslog']['config_dir']['mode'] - Mode that should be set when creating the configuration directory
  • node['rsyslog']['file_create_mode'] - Mode that should be set when creating log files
  • node['rsyslog']['dir_create_mode'] - Mode that should be set when creating log directories
  • node['rsyslog']['umask'] - Specify the processes umask
  • node['rsyslog']['defaults_file'] - The full path to the defaults/sysconfig file for the service.
  • node['rsyslog']['package_name'] - Specify rsyslog package name
  • node['rsyslog']['service_name'] - The platform-specific name of the service
  • node['rsyslog']['preserve_fqdn'] - Value of the $PreserveFQDN configuration directive in /etc/rsyslog.conf. Default is 'off' for compatibility purposes.
  • node['rsyslog']['high_precision_timestamps'] - Enable high precision timestamps, instead of the "old style" format. Default is 'false'.
  • node['rsyslog']['repeated_msg_reduction'] - Value of $RepeatedMsgReduction configuration directive in /etc/rsyslog.conf. Default is 'on'
  • node['rsyslog']['logs_to_forward'] - Specifies what logs should be sent to the remote rsyslog server. Default is all ( . ).
  • node['rsyslog']['default_log_dir'] - log directory used in 50-default.conf template, defaults to /var/log
  • node['rsyslog']['default_facility_logs'] - Hash containing log facilities and destinations used in 50-default.conf template.
  • node['rsyslog']['default_file_template'] - The name of a pre-defined log format template (ie - RSYSLOG_FileFormat), used for local log files.
  • node['rsyslog']['default_remote_template'] - The name of a pre-defined log format template (ie - RSYSLOG_FileFormat), used for sending to remote servers.
  • node['rsyslog']['templates'] - Allows a user to specify a dynamic filename and the format of the logs
  • node['rsyslog']['rate_limit_interval'] - Value of the $SystemLogRateLimitInterval configuration directive in /etc/rsyslog.conf. Default is nil, leaving it to the platform default.
  • node['rsyslog']['rate_limit_burst'] - Value of the $SystemLogRateLimitBurst configuration directive in /etc/rsyslog.conf. Default is nil, leaving it to the platform default.
  • node['rsyslog']['action_queue_max_disk_space'] - Max amount of disk space the disk-assisted queue is allowed to use (more info).
  • node['rsyslog']['tcp_max_sessions'] - Maximum number of TCP sessions (ie. clients) this rsyslog server will handle. Default is 200.
  • node['rsyslog']['enable_tls'] - Whether or not to enable TLS encryption. When enabled, forces protocol to tcp. Default is false.
  • node['rsyslog']['tls_driver'] - Defaults to ossl.
  • node['rsyslog']['tls_ca_file'] - Path to TLS CA file. Required for both server and clients.
  • node['rsyslog']['tls_certificate_file'] - Path to TLS certificate file. Required for server, optional for clients.
  • node['rsyslog']['tls_key_file'] - Path to TLS key file. Required for server, optional for clients.
  • node['rsyslog']['tls_auth_mode'] - Value for $InputTCPServerStreamDriverAuthMode/$ActionSendStreamDriverAuthMode, determines whether client certs are validated. Defaults to anon (no validation).
  • node['rsyslog']['tls_permitted_peer'] - Value for ActionSendStreamDriverPermittedPeer, it narrows the list of the allowed hosts. Works with TLS only. Defaults to nil.
  • node['rsyslog']['use_local_ipv4'] - Whether or not to make use the remote local IPv4 address on cloud systems when searching for servers (where available). Default is 'false'.
  • node['rsyslog']['allow_non_local'] - Whether or not to allow non-local messages. If 'false', incoming messages are only allowed from 127.0.0.1. Default is 'false'.
  • node['rsyslog']['custom_remote'] - Array of hashes for configuring custom remote server targets
  • node['rsyslog']['additional_directives'] - Hash of additional directives and their values to place in the main rsyslog config file
  • node['rsyslog']['local_host_name'] - permits to overwrite the system hostname with the one specified in the directive
  • node['rsyslog']['default_conf_file'] - If false it skips the creation of default configuration file 50-default.conf
  • node['rsyslog']['server_per_host_template'] - Template to use in the rsyslog::server recipe when creating the 35-server-per-host.conf file
  • node['rsyslog']['server_per_host_cookbook'] - Cookbook name to get the node['rsyslog']['server_per_host_template'] template from
  • node['rsyslog']['imfile']['KEY'] - Set imfile module parameters of label KEY to value. e.g. PollingInterval. Consult rsyslog documentation for valid entries.
  • node['rsyslog']['modules'] - Array of modules to load in the main rsyslog config filex
  • node['rsyslog']['<module>_directives'] - Hash of module directives and their values that apply to each node['rsyslog']['modules'] when the module is loaded

Recipes

default

Installs the rsyslog package, manages the rsyslog service and sets up basic configuration for a standalone machine.

client

Includes recipe[rsyslog].

Uses node['rsyslog']['server_ip'] or Chef search (in that precedence order) to determine the remote syslog server's IP address. If search is used, the search query will look for the first ipaddress returned from the criteria specified in node['rsyslog']['server_search'].

You can use node['rsyslog']['custom_config'] to define custom entries for sending logs to remote servers. Available attributes:

    'server': Ip/hostname of remote syslog server (Required)
    'port': Port to send logs to
    'logs': Syslog log facilities to send (auth, authpriv, daemon, etc)
    'protocol': Can be tcp or udp
    'remote_template': Rsyslog template used for the messages

Example:

node['rsyslog']['custom_remote'] = [
  { 'server' => '10.10.4.4', 'port' => '567', 'logs' => 'auth.*,mail.*', 'protocol' => 'udp', 'remote_template' => 'RSYSLOG_Sy

sous-chefs

View profile

View on GitHub
GitHub Stars65
CategoryDevelopment
Updated26d ago
Forks198
sous-chefs/rsyslog

Languages

Ruby

Security Score

100/100

Audited on Mar 6, 2026

No findings