|
 |
f4f2f7 |
# rsyslog configuration file
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
|
|
|
f4f2f7 |
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
|
|
|
f4f2f7 |
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
#### GLOBAL DIRECTIVES ####
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Where to place auxiliary files
|
|
|
f4f2f7 |
global(workDirectory="/var/lib/rsyslog")
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Use default timestamp format
|
|
|
f4f2f7 |
module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Include all config files in /etc/rsyslog.d/
|
|
|
f4f2f7 |
include(file="/etc/rsyslog.d/*.conf" mode="optional")
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
#### MODULES ####
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
module(load="imuxsock" # provides support for local system logging (e.g. via logger command)
|
|
|
f4f2f7 |
SysSock.Use="off") # Turn off message reception via local log socket;
|
|
|
f4f2f7 |
# local messages are retrieved through imjournal now.
|
|
|
f4f2f7 |
module(load="imjournal" # provides access to the systemd journal
|
|
|
f4f2f7 |
StateFile="imjournal.state") # File to store the position in the journal
|
|
|
f4f2f7 |
#module(load="imklog") # reads kernel messages (the same are read from journald)
|
|
|
f4f2f7 |
#module(load="immark") # provides --MARK-- message capability
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Provides UDP syslog reception
|
|
|
f4f2f7 |
# for parameters see http://www.rsyslog.com/doc/imudp.html
|
|
|
f4f2f7 |
#module(load="imudp") # needs to be done just once
|
|
|
f4f2f7 |
#input(type="imudp" port="514")
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Provides TCP syslog reception
|
|
|
f4f2f7 |
# for parameters see http://www.rsyslog.com/doc/imtcp.html
|
|
|
f4f2f7 |
#module(load="imtcp") # needs to be done just once
|
|
|
f4f2f7 |
#input(type="imtcp" port="514")
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
#### RULES ####
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Log all kernel messages to the console.
|
|
|
f4f2f7 |
# Logging much else clutters up the screen.
|
|
|
f4f2f7 |
#kern.* /dev/console
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Log anything (except mail) of level info or higher.
|
|
|
f4f2f7 |
# Don't log private authentication messages!
|
|
|
f4f2f7 |
*.info;mail.none;authpriv.none;cron.none /var/log/messages
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# The authpriv file has restricted access.
|
|
|
f4f2f7 |
authpriv.* /var/log/secure
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Log all the mail messages in one place.
|
|
|
f4f2f7 |
mail.* -/var/log/maillog
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Log cron stuff
|
|
|
f4f2f7 |
cron.* /var/log/cron
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Everybody gets emergency messages
|
|
|
f4f2f7 |
*.emerg :omusrmsg:*
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Save news errors of level crit and higher in a special file.
|
|
|
f4f2f7 |
uucp,news.crit /var/log/spooler
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# Save boot messages also to boot.log
|
|
|
f4f2f7 |
local7.* /var/log/boot.log
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
|
|
|
f4f2f7 |
# ### sample forwarding rule ###
|
|
|
f4f2f7 |
#action(type="omfwd"
|
|
|
f4f2f7 |
# # An on-disk queue is created for this action. If the remote host is
|
|
|
f4f2f7 |
# # down, messages are spooled to disk and sent when it is up again.
|
|
|
f4f2f7 |
#queue.filename="fwdRule1" # unique name prefix for spool files
|
|
|
f4f2f7 |
#queue.maxdiskspace="1g" # 1gb space limit (use as much as possible)
|
|
|
f4f2f7 |
#queue.saveonshutdown="on" # save messages to disk on shutdown
|
|
|
f4f2f7 |
#queue.type="LinkedList" # run asynchronously
|
|
|
f4f2f7 |
#action.resumeRetryCount="-1" # infinite retries if host is down
|
|
|
f4f2f7 |
# # Remote Logging (we use TCP for reliable delivery)
|
|
|
f4f2f7 |
# # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
|
|
|
f4f2f7 |
#Target="remote_host" Port="XXX" Protocol="tcp")
|