ioc32 · August 29, 2015 14:02
diff --git a/rsyslog-vagrant.test b/rsyslog-vagrant.test
 [root@s2 etc]# cat rsyslog.conf
 #### GLOBAL DIRECTIVES ####
 # Use default timestamp format
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 $WorkDirectory /var/lib/rsyslog
 $IncludeConfig /etc/rsyslog.d/*.conf


 [root@s2 etc]# cat rsyslog.d/system-logs.conf
 #### MODULES ####
 # provides support for local system logging (e.g. via logger command)
 module(load="imuxsock")
 # provides kernel logging support (previously done by rklogd)
 module(load="imklog")
 # Log all kernel messages to the console.
 # Logging much else clutters up the screen.
 kern.*                                                 /dev/console
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
 *.info;mail.none;authpriv.none;cron.none                /var/log/messages
 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure
 # Log all the mail messages in one place.
 #mail.*                                                  /var/log/maillog
 # Log cron stuff
 cron.*                                                  /var/log/cron
 # Save boot messages also to boot.log
 local7.*                                                /var/log/boot.log


 [root@s2 etc]# cat rsyslog.d/test-profile.conf
 $MaxMessageSize 64k
 module(load="imfile")
 module(load="mmjsonparse")
 module(load="omelasticsearch")
 module(load="impstats"
       interval="10"
       severity="7"
       resetCounters="on"
       log.syslog="off"
       log.file="/var/log/impstats.log")
 input(type="imfile" File="/var/log/all.cee.100k.json"
      Tag="cluster1-hdp"
      PersistStateInterval="10000"
      StateFile="all.cee.100k.state"
      Severity="info"
      MaxSubmitAtOnce="20000"
      Facility="user"
      Ruleset="cluster1")
 template(name="cluster1-log" type="subtree" subtree="$!")
 ruleset(name="cluster1") {
  action(type="mmjsonparse"
        name="jsonparse")
  action(type="omelasticsearch"
        name="bulkidx"
  template="ursa-log"
  searchIndex="rsyslog-test"
  #asyncrepl="on"
  queue.type="LinkedList"
  queue.dequeuebatchsize="1000"
  queue.workerthreads="1"
  queue.size="20000"
  server="10.20.30.2"
  bulkmode="on"
  errorFile="/var/log/rsyslog.es-error.log")
 }
	[root@s2 etc]# cat rsyslog.conf
	#### GLOBAL DIRECTIVES ####
	# Use default timestamp format
	$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
	$WorkDirectory /var/lib/rsyslog
	$IncludeConfig /etc/rsyslog.d/*.conf


	[root@s2 etc]# cat rsyslog.d/system-logs.conf
	#### MODULES ####
	# provides support for local system logging (e.g. via logger command)
	module(load="imuxsock")
	# provides kernel logging support (previously done by rklogd)
	module(load="imklog")
	# Log all kernel messages to the console.
	# Logging much else clutters up the screen.
	kern.* /dev/console
	# Log anything (except mail) of level info or higher.
	# Don't log private authentication messages!
	*.info;mail.none;authpriv.none;cron.none /var/log/messages
	# The authpriv file has restricted access.
	authpriv.* /var/log/secure
	# Log all the mail messages in one place.
	#mail.* /var/log/maillog
	# Log cron stuff
	cron.* /var/log/cron
	# Save boot messages also to boot.log
	local7.* /var/log/boot.log


	[root@s2 etc]# cat rsyslog.d/test-profile.conf
	$MaxMessageSize 64k
	module(load="imfile")
	module(load="mmjsonparse")
	module(load="omelasticsearch")
	module(load="impstats"
	interval="10"
	severity="7"
	resetCounters="on"
	log.syslog="off"
	log.file="/var/log/impstats.log")
	input(type="imfile" File="/var/log/all.cee.100k.json"
	Tag="cluster1-hdp"
	PersistStateInterval="10000"
	StateFile="all.cee.100k.state"
	Severity="info"
	MaxSubmitAtOnce="20000"
	Facility="user"
	Ruleset="cluster1")
	template(name="cluster1-log" type="subtree" subtree="$!")
	ruleset(name="cluster1") {
	action(type="mmjsonparse"
	name="jsonparse")
	action(type="omelasticsearch"
	name="bulkidx"
	template="ursa-log"
	searchIndex="rsyslog-test"
	#asyncrepl="on"
	queue.type="LinkedList"
	queue.dequeuebatchsize="1000"
	queue.workerthreads="1"
	queue.size="20000"
	server="10.20.30.2"
	bulkmode="on"
	errorFile="/var/log/rsyslog.es-error.log")
	}