Rsyslog with tls support

I note that ubuntu core ships with rsyslog and that /etc/rsyslog.d is writable. I would like to send logs from an unattended IoT device to a centralized server. As far as I can tell, the rsyslog-gnutls package is not supplied and the rsyslogd provided is not compiled with TLS support. Is there any way to ship logs remotely with TLS support?

I could perhaps create a rsyslog snap that includes rsyslog-gnutls and use the log-observe interface. But I’d need to disable the built in rsyslog in the gadget, correct? I’m not sure if this would work as I need rsyslog to read from the systemd journal, i.e. /run/systemd/journal/socket.

Ubuntu Core comes with journald as well as rsyslog by default …
you should be able to create a snap that uses the log-observe interface and ships systemd-journal-upload via its stage-packages … then you can craft the necessary scripts to run $SNAP/usr/lib/systemd/systemd-journal-upload and ship them as a daemon …

unless you actually need text based logs you can also disable rsyslog completely with: snap set core service.rsyslog.disable=true

alternatively you can indeed just roll a log-observe enabled snap that simply uses tail -f of /var/log/syslog to pipe it though an nc socket or an ssh tunnel or some such.

1 Like