Untitled

##CEE TEMPLATE
template(name="cee" type="list") {
    constant(value="<") property(name="pri") constant(value=">")
    property(name="timereported" dateFormat="rfc3339")
    constant(value=" ") property(name="$myhostname")
    constant(value=" ") property(name="programname")
    constant(value=" ")
    constant(value="@cee: {")
    #SYSLOG
    constant(value="\"using_cee_relp\":\"yes\", ")
    property(name="uuid" format="jsonf" outname="uuid") constant(value=", ")
    property(name="$myhostname" format="jsonf" outname="host") constant(value=", ")
    property(name="syslogtag" format="jsonf" outname="tag") constant(value=", ")
    property(name="programname" format="jsonf" outname="prog") constant(value=", ")
    property(name="syslogfacility-text" format="jsonf" outname="facility") constant(value=", ")
    property(name="syslogpriority-text" format="jsonf" outname="priority") constant(value=", ")
    property(name="timegenerated" dateFormat="rfc3339" format="jsonf" outname="@ts_cli") constant(value=", ")
    ##ES TIMESTAMP
    constant(value="\"@timestamp\":\"")
    property(name="timereported" dateFormat="unixtimestamp")
    constant(value="000\", ")
    #REST
    property(name="$!all-json" position.from="2")
}

---


ruleset(name="client_relp_cee" queue.filename="client_relp_cee" 		queue.highwatermark="10000" queue.lowwatermark="500" queue.size="12000000" queue.discardmark="10000000" queue.dequeuebatchsize="2000" queue.type="linkedlist" queue.saveonshutdown="on" queue.checkpointinterval="30" queue.timeoutshutdown="2000" queue.workerthreads="2") {
	action(type="omrelp" action.resumeRetryCount="-1" action.resumeInterval="15" action.reportSuspension="on"  action.reportSuspensionContinuation="on" Template="cee" Target="localhost" Port="20516")
}