Rsyslog: Debian forward only logging. journald takes care of the rest

roles/rsyslog/tasks/main.yml

@@ -55,8 +55,19 @@
   template:
     src: "rsyslog.conf.j2"
     dest: "/etc/rsyslog.conf"
+  when: 
+  notify:
+    - "restart rsyslog"
+  when: ansible_os_family == 'RedHat'
+
+- name: put ryslog config file
+  template:
+    src: "rsyslog_onlyforward.conf.j2"
+    dest: "/etc/rsyslog.conf"
+  when: 
   notify:
     - "restart rsyslog"
+  when: ansible_os_family == 'Debian'
 
 - name: include tasks for central syslog server
   include_tasks: rsyslog_central.yml

roles/rsyslog/templates/rsyslog_onlyforward.conf.j2

@@ -0,0 +1,37 @@
+# This rsyslog configuration takes logs from journald and forwards them to a remote log serverad="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+module(load="immark" 
+             MarkMessagePeriod="600"
+            )  # provides --MARK-- message capability
+module(load="imjournal" 
+       PersistStateInterval="100"
+       StateFile="/var/spool/rsyslog/imjournal.state"
+       ratelimit.interval="30"
+       ratelimit.burst="20000" ) # Reads journald logs 
+
+$PreserveFQDN on
+
+$WorkDirectory /var/spool/rsyslog
+$IncludeConfig /etc/rsyslog.d/*.conf
+*.emerg                         :omusrmsg:* 
+
+{% if rsyslog_remote_server_relp is defined and 'sysloghost' not in group_names %}
+# Forward all logs to the central logging server using relp
+module(load="omrelp")
+action(type="omrelp" 
+target="{{ rsyslog_remote_server_relp }}" 
+port="{{ rsyslog_remote_relp_port }}" 
+tls="on" 
+tls.caCert="/etc/pki/rsyslog/rsyslogclientca.crt" 
+tls.MyCert="/etc/pki/rsyslog/rsyslogclient.crt"
+tls.MyPrivKey="/etc/pki/rsyslog/rsyslogclient.key"
+tls.authmode="name" 
+tls.permittedpeer=["{{ rsyslog_remote_server_relp }}"]
+queue.type="LinkedList" 
+queue.filename="rsyslog_relp_q"
+queue.maxdiskspace="1G"
+queue.saveonshutdown="on" 
+action.resumeRetryCount="-1"
+action.resumeInterval="5"
+action.writeAllMarkMessages="on")
+{% endif %}