saz · mirekys · Jan 25, 2018 · Jan 25, 2018 · Jan 25, 2018 · Jan 25, 2018
diff --git a/README.md b/README.md
@@ -36,6 +36,9 @@ or send some bitcoins to ```1Na3YFUmdxKxJLiuRXQYJU2kiNqA3KY2j9```
     log_remote                => true,
     spool_size                => '1g',
     spool_timeoutenqueue      => false,
+    spool_queuesize           => 1200000,
+    spool_discardmark         => undef,
+    spool_discardseverity     => undef,
     remote_type               => 'tcp',
     remote_forward_format     => 'RSYSLOG_ForwardFormat',
     log_local                 => false,
@@ -249,6 +252,9 @@ The following lists all the class parameters this module accepts.
     -------------------------------------------------------------------
     log_remote                          true,false          Log Remotely. Defaults to true.
     spool_size                          STRING              Max size for disk queue if remote server failed. Defaults to '1g'.
+    spool_queuesize                     STRING              Maximum number of entries waiting in queue
+    spool_discardmark                   STRING              Start discarding messages after some number of msgs in queue
+    spool_discardseverity               STRING              Which severity of messages to discard when watermark is hit
     remote_type                         'tcp','udp','relp'  Which protocol to use when logging remotely. Defaults to 'tcp'.
     remote_forward_format               STRING              Which forward format for remote servers should be used. Only used if remote_servers is false.
     log_local                           true,false          Log locally. Defaults to false.

diff --git a/manifests/client.pp b/manifests/client.pp
@@ -7,6 +7,9 @@
 # [*log_remote*]
 # [*spool_size*]
 # [*spool_timeoutenqueue*]
+# [*spool_queuesize*]
+# [*spool_discardmark*]
+# [*spool_discardseverity*]
 # [*remote_type*]
 # [*remote_forward_format*]
 # [*log_local*]
@@ -42,6 +45,9 @@
   $log_remote                = true,
   $spool_size                = '1g',
   $spool_timeoutenqueue      = false,
+  $spool_queuesize           = 1200000,
+  $spool_discardmark         = undef,
+  $spool_discardseverity     = undef,
   $remote_type               = 'tcp',
   $remote_forward_format     = 'RSYSLOG_ForwardFormat',
   $log_local                 = false,
@@ -83,7 +89,7 @@
   }
 
   if $content_real {
-    rsyslog::snippet { '00_client':
+    rsyslog::snippet { '01_client':
       ensure  => present,
       content => $content_real,
     }
@@ -105,7 +111,7 @@
       ensure => absent,
     }
 
-    rsyslog::snippet { '00_client_config':
+    rsyslog::snippet { '01_client_config':
       ensure  => present,
       content => template("${module_name}/client/config.conf.erb"),
     }
@@ -121,6 +127,10 @@
     }
   }
 
+  if $spool_discard_severity and ! $spool_discardmark {
+    fail('You cannot use spool discard severity without discard mark set.')
+  }
+
   if $ssl and $ssl_ca == undef {
     fail('You need to define $ssl_ca in order to use SSL.')
   }

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -58,7 +58,7 @@
       $modules                             = [
         '$ModLoad imuxsock # provides support for local system logging',
         '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-        '#$ModLoad immark  # provides --MARK-- message capability',
+        '$ModLoad immark   # provides --MARK-- message capability',
       ]
       $service_hasrestart                  = true
       $service_hasstatus                   = true
@@ -79,7 +79,7 @@
         $modules                             = [
           '$ModLoad imuxsock # provides support for local system logging',
           '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-          '#$ModLoad immark  # provides --MARK-- message capability',
+          '$ModLoad immark   # provides --MARK-- message capability',
         ]
         $omit_local_logging                  = false
         $im_journal_ratelimit_interval       = undef
@@ -97,7 +97,7 @@
         $modules                             = [
           '$ModLoad imuxsock # provides support for local system logging',
           '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-          '#$ModLoad immark  # provides --MARK-- message capability',
+          '$ModLoad immark   # provides --MARK-- message capability',
         ]
         $omit_local_logging                  = false
         $im_journal_ratelimit_interval       = undef
@@ -115,15 +115,15 @@
         $modules                             = [
           '$ModLoad imuxsock # provides support for local system logging',
           '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-          '#$ModLoad immark  # provides --MARK-- message capability',
+          '$ModLoad immark   # provides --MARK-- message capability',
         ]
         $omit_local_logging                  = false
         $im_journal_ratelimit_interval       = undef
         $im_journal_ratelimit_burst          = undef
         $im_journal_ignore_previous_messages = undef
         $im_journal_statefile                = undef
       }
-      elsif versioncmp($::operatingsystemmajrelease, '7') >= 0 {
+      elsif versioncmp($::operatingsystemmajrelease, '7') == 0 {
         $rsyslog_package_name                = 'rsyslog'
         $mysql_package_name                  = 'rsyslog-mysql'
         $pgsql_package_name                  = 'rsyslog-pgsql'
@@ -134,7 +134,27 @@
           '$ModLoad imuxsock # provides support for local system logging',
           '$ModLoad imjournal # provides access to the systemd journal',
           '#$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-          '#$ModLoad immark  # provides --MARK-- message capability',
+          '$ModLoad immark    # provides --MARK-- message capability',
+        ]
+        $omit_local_logging                  = true
+        $im_journal_ratelimit_interval       = '600'
+        $im_journal_ratelimit_burst          = '20000'
+        $im_journal_ignore_previous_messages = 'off'
+        $im_journal_statefile                = 'imjournal.state'
+      }
+      elsif versioncmp($::operatingsystemmajrelease, '8') >= 0 {
+        $rsyslog_package_name                = 'rsyslog'
+        $mysql_package_name                  = 'rsyslog-mysql'
+        $pgsql_package_name                  = 'rsyslog-pgsql'
+        $gnutls_package_name                 = 'rsyslog-gnutls'
+        $relp_package_name                   = 'rsyslog-relp'
+        $default_config_file                 = 'rsyslog_default_rhel7'
+        $modules                             = [
+          '$ModLoad imuxsock # provides support for local system logging',
+          '#$ModLoad imjournal # provides access to the systemd journal',
+          'module(load="imjournal" FileCreateMode="0600") # workaround for https://github.com/rsyslog/rsyslog/issues/5375',
+          '#$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
+          '$ModLoad immark    # provides --MARK-- message capability',
         ]
         $omit_local_logging                  = true
         $im_journal_ratelimit_interval       = '600'
@@ -151,7 +171,7 @@
         $modules                             = [
           '$ModLoad imuxsock # provides support for local system logging',
           '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-          '#$ModLoad immark  # provides --MARK-- message capability',
+          '$ModLoad immark   # provides --MARK-- message capability',
         ]
         $omit_local_logging                  = false
         $im_journal_ratelimit_interval       = undef
@@ -200,7 +220,7 @@
       $modules                             = [
         '$ModLoad imuxsock # provides support for local system logging',
         '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-        '#$ModLoad immark  # provides --MARK-- message capability',
+        '$ModLoad immark   # provides --MARK-- message capability',
       ]
       $omit_local_logging                  = false
       $im_journal_ratelimit_interval       = undef
@@ -232,7 +252,7 @@
       $modules                             = [
         '$ModLoad imuxsock # provides support for local system logging',
         '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-        '#$ModLoad immark  # provides --MARK-- message capability',
+        '$ModLoad immark   # provides --MARK-- message capability',
       ]
       $service_hasrestart                  = true
       $service_hasstatus                   = true
@@ -268,7 +288,7 @@
           $modules                             = [
             '$ModLoad imuxsock # provides support for local system logging',
             '$ModLoad imklog   # provides kernel logging support (previously done by rklogd)',
-            '#$ModLoad immark  # provides --MARK-- message capability',
+            '$ModLoad immark   # provides --MARK-- message capability',
           ]
           $service_hasrestart                  = true
           $service_hasstatus                   = true

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -48,6 +48,8 @@
   $enable_tcp                = true,
   $enable_udp                = true,
   $enable_relp               = true,
+  $custom_templates          = [],
+  $custom_rules              = [],
   $remote_ruleset_tcp        = true,
   $remote_ruleset_udp        = true,
   $remote_ruleset_relp       = true,

diff --git a/templates/client/config.conf.erb b/templates/client/config.conf.erb
@@ -6,6 +6,13 @@ $ActionQueueSaveOnShutdown on   # save messages to disk on shutdown
 <% if scope.lookupvar('rsyslog::client::spool_timeoutenqueue') -%>
 $ActionQueueTimeoutEnqueue <%= scope.lookupvar('rsyslog::client::spool_timeoutenqueue') -%>   # time to wait before discarding on full spool
 <% end -%>
+$ActionQueueSize <%= scope.lookupvar('rsyslog::client::spool_queuesize') %>   # Maximum number of entries waiting in queue
+<% if scope.lookupvar('rsyslog::client::spool_discardmark') -%>
+$ActionQueueDiscardMark <%= scope.lookupvar('rsyslog::client::spool_discardmark') %>  # Start discarding messages after NUM msgs in queue
+<% end -%>
+<% if scope.lookupvar('rsyslog::client::spool_discardseverity') -%>
+$ActionQueueDiscardSeverity <%= scope.lookupvar('rsyslog::client::spool_discardseverity') %>       # Which messages to discard when watermark is hit
+<% end -%>
 $ActionQueueType LinkedList     # run asynchronously
 $ActionResumeRetryCount -1      # infinety retries if host is down
 <% if scope.lookupvar('rsyslog::client::log_templates') and ! scope.lookupvar('rsyslog::client::log_templates').empty?-%>

diff --git a/templates/rsyslog.conf.erb b/templates/rsyslog.conf.erb
@@ -28,7 +28,7 @@ $MaxMessageSize <%= scope.lookupvar('rsyslog::max_message_size') %>
 
 #
 # Set rate limit for messages received.
-# 
+#
 <%- if @system_log_rate_limit_interval -%>
 $SystemLogRateLimitInterval <%= scope.lookupvar('rsyslog::system_log_rate_limit_interval') %>
 <%- end -%>

diff --git a/templates/server-default.conf.erb b/templates/server-default.conf.erb
@@ -42,9 +42,18 @@ $Template auditFormat,"%msg%\n"
 
 <% else -%>
 # Template
-$Template dynAllMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>messages"
-
+$Template dynAllMessages,"<%= scope.lookupvar('rsyslog::server::server_dir') -%>%FROMHOST:R,ERE,1,DFLT:[^.]*\.([^.]*)\.--end%<%= scope.lookupvar('rsyslog::server::logpath') -%>/%FROMHOST%/%PROGRAMNAME%.log"
+<% if scope.lookupvar('rsyslog::server::custom_templates') -%>
+<% scope.lookupvar('rsyslog::server::custom_templates').each do |template| -%>
+$Template <%= template %>
+<% end -%>
+<% end -%>
 # Rules
+<% if scope.lookupvar('rsyslog::server::custom_rules') -%>
+<% scope.lookupvar('rsyslog::server::custom_rules').each do |rule| -%>
+<%= rule %>
+<% end -%>
+<% end -%>
 *.*                 -?dynAllMessages
 <% end -%>
 <% end -%>