jinhoyim/99-logstash.conf

## 99-logstash.conf
# Put this file to /etc/rsyslog.d as 99-logstash.con
#
# Make spool directory  -p /var/spool/rsyslog when needed
#
# Change last address

#  $WorkDirectory /var/spool/rsyslog # use this if you don't like default /var/lib/rsyslog

$ActionQueueFileName logstash       # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g         # 1gb limit on log queue
$ActionQueueSaveOnShutdown on       # save messages to disk on shutdown
$ActionQueueType LinkedList         # run asynchronously
$ActionResumeRetryCount -1          # infinite retries if host is down

*.* @@192.168.1.207:514
                                    # Forward to ELK stack
	# Put this file to /etc/rsyslog.d as 99-logstash.con
	#
	# Make spool directory -p /var/spool/rsyslog when needed
	#
	# Change last address

	# $WorkDirectory /var/spool/rsyslog # use this if you don't like default /var/lib/rsyslog

	$ActionQueueFileName logstash # unique name prefix for spool files
	$ActionQueueMaxDiskSpace 1g # 1gb limit on log queue
	$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
	$ActionQueueType LinkedList # run asynchronously
	$ActionResumeRetryCount -1 # infinite retries if host is down

	. @@192.168.1.207:514
	# Forward to ELK stack