Create option to configure action() on a single line.

[bschonec]

What are you seeing

CIS/STIG products that audit rsyslog configurations use regular expression checks that expect the action() configuration to be on a single line. Regex such as:

^\s*([^#]+\s+)?action\(([^#]+\s+)?\btarget="?[^#"]+"?\b
and

^\s*\*\.\*\s+@
will fail even if the configuration is correct but spans multiple lines. For example, the following configuration will fail the regex even though the configuration is correct:

# all_logs_to_siem
  *.*;local6.none                action(type="omfwd" 
                                             target="siem-01.example.com"
                                           protocol="udp"
                                           port="514"

[root@cis-01d rsyslog.d]# egrep '^\s*([^#]+\s+)?action\(([^#]+\s+)?\btarget="?[^#"]+"?\b' siem.conf

However, if the configuration for action, 'omfwd' were on a single line, the regex would pass.

[root@cis-01d rsyslog.d]# cat siem.conf
# all_logs_to_siem
  *.*;local6.none                action(type="omfwd" target="siem-01.example.com" protocol="udp" port="514")
[root@cis-01d rsyslog.d]# egrep '^\s*([^#]+\s+)?action\(([^#]+\s+)?\btarget="?[^#"]+"?\b' siem.conf
  *.*;local6.none                action(type="omfwd" target="siem-01.example.com" protocol="udp" port="514")
[root@cis-01d rsyslog.d]# 

I propose modifying the action.epp template so that it's possible to configure the action() section to be on a single line when desired.
Perhaps parameterizing this integer or this integer.