<aside> <img src="/icons/info-alternate_blue.svg" alt="/icons/info-alternate_blue.svg" width="40px" />

Для работы TLS: раскомментируйте в файле /etc/rsyslog.d/00-modules.conf секцию “For tls”

</aside>

# module(load="gtls") # For TLS
# global(DefaultNetstreamDriver="gtls") # For TLS

if ($programname == 'sudo' or $programname == 'sshd') then {
    action(
        name="Lxc_sshd-sudo"
        type="omfwd"
        target="IP or FQDN" # IP or FQDN of Sysylog server (FQDN only for TLS)
        port="port" # port of Sysylog server
        protocol="udp" # tcp or udp
        # StreamDriver="gtls"              # For TLS
        # StreamDriverMode="1"             # For TLS
        # StreamDriverAuthMode="anon"      # For TLS without Verification
        # StreamDriverAuthMode="x509/name" # For TLS with Verification
        # StreamDriverPermittedPeer="FQDN" # For TLS with Verification
        # tls.cacert="/etc/rsyslog/ca.crt" # For TLS with Verification
        queue.type="LinkedList"
        queue.size="10000"
        action.resumeRetryCount="-1"
    )
    stop
}

if ($programname == 'systemd' and
    ($msg contains 'Stopped ' or
     $msg contains '.service: Deactivated' or
     $msg contains '.service: Main process exited' or
     $msg contains 'Failed ' or
     $msg contains 'code=exited' or
     $msg contains 'status=')) then {
    action(
        name="fwd_systemd_stops"
        type="omfwd"
        target="IP or FQDN" # IP or FQDN of Sysylog server (FQDN only for TLS)				
        port="port" # port of Sysylog server
        protocol="udp" # tcp or udp
        # StreamDriver="gtls"              # For TLS
        # StreamDriverMode="1"             # For TLS
        # StreamDriverAuthMode="anon"      # For TLS without Verification
        # StreamDriverAuthMode="x509/name" # For TLS with Verification
        # StreamDriverPermittedPeer="FQDN" # For TLS with Verification
        # tls.cacert="/etc/rsyslog/ca.crt" # For TLS with Verification
        queue.type="LinkedList"
        queue.size="10000"
        action.resumeRetryCount="-1"
    )
    stop
}

<aside> <img src="/icons/info-alternate_blue.svg" alt="/icons/info-alternate_blue.svg" width="40px" />

Для сбора логов приложений (например, веб-серверов, баз данных и пользовательских сервисов) внутри LXC-контейнера необходимо отдельно настроить rsyslog на отправку соответствующих файлов журналов.

Пример настройки для Nginx: Linux Nginx

</aside>