From 1fcc2dd407036049bdbf9954e3972479bdca781f Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 19 Jul 2019 18:04:53 +0300
Subject: [PATCH] add remote logging support to rsyslog

---
 roles/rsyslog/tasks/main.yml           |  9 +++++++++
 roles/rsyslog/templates/remote.conf.j2 | 11 +++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 roles/rsyslog/templates/remote.conf.j2

diff --git a/roles/rsyslog/tasks/main.yml b/roles/rsyslog/tasks/main.yml
index 29ef305..d512590 100644
--- a/roles/rsyslog/tasks/main.yml
+++ b/roles/rsyslog/tasks/main.yml
@@ -16,6 +16,15 @@
     group: "{{ ansible_wheel }}"
   notify: restart rsyslog
 
+- name: configure remote logging
+  template:
+    dest: /etc/rsyslog.d/remote.conf
+    src: remote.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart rsyslog
+
 - name: enable rsyslog service
   service:
     name: rsyslog
diff --git a/roles/rsyslog/templates/remote.conf.j2 b/roles/rsyslog/templates/remote.conf.j2
new file mode 100644
index 0000000..997302c
--- /dev/null
+++ b/roles/rsyslog/templates/remote.conf.j2
@@ -0,0 +1,11 @@
+# make gtls driver the default
+$DefaultNetstreamDriver gtls
+
+# certificate files
+$DefaultNetstreamDriverCAFile {{ tls_bundle }}
+$DefaultNetstreamDriverCertFile {{ tls_certs }}/{{ inventory_hostname }}.crt
+$DefaultNetstreamDriverKeyFile {{ tls_private }}/{{ inventory_hostname }}.key
+
+$ActionSendStreamDriverMode 1
+
+*.* @@{{ log_server }}:6514