Hi all, in the past we used rsyslog role for log forwarding. Since everything was in private subnet (inside VPN) we didn't use pki. With the same configuration: rsyslog__forward: [ '*.* @@logger0.datenkollektiv.net', '*.* ~' ] rsyslog__pki: False the remote-forward rule isn't created anymore in /etc/rsyslog.d/ The reason seems to be complete redesign of the rsyslog role. Looks like this is responsible: + - name: '00forward-logs.conf' + state: '{{ "present" + if (rsyslog__forward_enabled|bool and + rsyslog__pki|bool) + else "absent" }}' + options: so any forwarding is ignored if rsyslog__pki is set to false. Is there any way to work around this? Wouldn't it better to have the choice between encrypted and unencrypted logging forwarding? Cheers Jan