# Config generated by Chef - manual edits will be overwritten
#
#  /etc/rsyslog.conf  Configuration file for rsyslog.
#
#     For more information see
#     /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#
# Set max message size
#
$MaxMessageSize <%= node['rsyslog']['max_message_size'] %>

#
# Preserve FQDN
#
$PreserveFQDN <%= node['rsyslog']['preserve_fqdn'] %>

#################
#### MODULES ####
#################

<% if node['rsyslog']['modules'] && !node['rsyslog']['modules'].empty? %>
  <% [*node['rsyslog']['modules']].each do |mod| %>
$ModLoad <%= mod %>
  <% end %>
<% end %>

<% if node['rsyslog']['server'] -%>
  <% if node['rsyslog']['enable_tls'] && node['rsyslog']['tls_ca_file'] &&
        node['rsyslog']['tls_key_file'] && node['rsyslog']['tls_certificate_file'] -%>
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile <%= node['rsyslog']['tls_ca_file'] %>
$DefaultNetstreamDriverCertFile <%= node['rsyslog']['tls_certificate_file'] %>
$DefaultNetstreamDriverKeyFile <%= node['rsyslog']['tls_key_file'] %>

$ModLoad imtcp

$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
$InputTCPServerStreamDriverAuthMode <%= node['rsyslog']['tls_auth_mode'] || 'anon' %>
$InputTCPServerRun <%= node['rsyslog']['port'] %>
# Provide <%= node['rsyslog']['protocol'].upcase %> log reception
  <% else -%>
<% if node['rsyslog']['protocol'] =~ /tcp/ %>
  $ModLoad imtcp
  $InputTCPServerRun <%= node['rsyslog']['port'] %>
<% end -%>
<% if node['rsyslog']['protocol'] =~ /udp/ %>
  $ModLoad imudp
  $UDPServerAddress <%= node['rsyslog']['bind'] %>
  $UDPServerRun <%= node['rsyslog']['port'] %>
<% end -%>
  <% end -%>
<% end -%>

###########################
#### GLOBAL DIRECTIVES ####
###########################

<% if node["rsyslog"]["default_file_template"] -%>
#
# Default log format template
#
$ActionFileDefaultTemplate <%= node["rsyslog"]["default_file_template"] %>
<% elsif !node["rsyslog"]["high_precision_timestamps"] -%>
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
<% end -%>

# Filter duplicated messages
$RepeatedMsgReduction <%= node['rsyslog']['repeated_msg_reduction'] %>

#
# Set temporary directory to buffer syslog queue
#
$WorkDirectory <%= node['rsyslog']['working_dir'] %>

#
# Set the default permissions for all log files.
#
$FileOwner <%= node['rsyslog']['user'] %>
$FileGroup <%= node['rsyslog']['group'] %>
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
<% if node['rsyslog']['priv_seperation'] %>
$PrivDropToUser <%= node['rsyslog']['priv_user'] || node['rsyslog']['user'] %>
$PrivDropToGroup <%= node['rsyslog']['priv_group'] || node['rsyslog']['group'] %>
<% end %>
<% unless node['rsyslog']['rate_limit_interval'].nil? %>
#
# Set the amount of time that is being measured for rate limiting
#
$SystemLogRateLimitInterval <%= node['rsyslog']['rate_limit_interval'] %>
<% end %>
<% unless node['rsyslog']['rate_limit_burst'].nil? %>
#
# Set the amount of messages, that have to occur in the time limit of
#   SystemLogRateLimitInterval, to trigger rate limiting
#
$SystemLogRateLimitBurst <%= node['rsyslog']['rate_limit_burst'] %>
<% end %>

#
# Set other directives
#
<% node['rsyslog']['additional_directives'].each_pair do |k,v| %>
$<%= k %> <%= v %>
<% end %>

#
# Include all config files in <%= node['rsyslog']['config_prefix'] %>/rsyslog.d/
#
$IncludeConfig <%= node['rsyslog']['config_prefix'] %>/rsyslog.d/*.conf