-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.6
-
None
-
No
-
Low
-
rhel-security-compliance
-
1
-
False
-
False
-
-
No
-
Red Hat Enterprise Linux
-
None
-
None
-
None
-
Unspecified Release Note Type - Unknown
-
Unspecified
-
Unspecified
-
Unspecified
-
None
This is the continuation of RHEL-62731.
The above JIRA started to handle RainerScript format for xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost rule, but the pattern expects it's all on one line, while RainerScript is usually multi-lined.
For example Microsoft Azure AzureMonitorAgent for Linux ships a snippet that is multi-lined:
$ cat /etc/rsyslog.d/10-azuremonitoragent-omfwd.conf # Azure Monitor Agent configuration: forward logs to azuremonitoragent template(name="AMA_RSYSLOG_TraditionalForwardFormat" type="string" string="<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg:::sp-if-no-1st-sp%%msg%") # queue.workerThreads sets the maximum worker threads, it will scale back to 0 if there is no activity # Forwarding all events through TCP port *.* action(type="omfwd" template="AMA_RSYSLOG_TraditionalForwardFormat" queue.type="LinkedList" queue.filename="omfwd-azuremonitoragent" queue.maxFileSize="32m" queue.maxDiskSpace="1g" action.resumeRetryCount="-1" action.resumeInterval="5" action.reportSuspension="on" action.reportSuspensionContinuation="on" queue.size="25000" queue.workerThreads="100" queue.dequeueBatchSize="2048" queue.saveonshutdown="on" target="127.0.0.1" Port="28330" Protocol="tcp")
