]>
Commit | Line | Data |
---|---|---|
ec96f36f AZ |
1 | #rsyslog v4 config file |
2 | ||
3 | # if you experience problems, check | |
4 | # http://www.rsyslog.com/troubleshoot for assistance | |
5 | ||
6 | #### MODULES #### | |
7 | ||
8 | $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) | |
9 | $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) | |
10 | #$ModLoad immark.so # provides --MARK-- message capability | |
11 | ||
12 | # Provides UDP syslog reception | |
13 | #$ModLoad imudp.so | |
14 | #$UDPServerRun 514 | |
15 | ||
16 | # Provides TCP syslog reception | |
d2b53787 | 17 | #$ModLoad imtcp.so |
ec96f36f AZ |
18 | #$InputTCPServerRun 514 |
19 | ||
d2b53787 | 20 | |
ec96f36f AZ |
21 | # ### GLOBAL DIRECTIVES #### |
22 | ||
23 | # | |
24 | # Use traditional timestamp format. | |
25 | # To enable high precision timestamps, comment out the following line. | |
26 | $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat | |
27 | ||
28 | # File syncing capability is disabled by default. This feature is usually not required, | |
29 | # not useful and an extreme performance hit. | |
30 | # Without that dash doesn't work. | |
31 | #$ActionFileEnableSync on | |
32 | ||
33 | # | |
34 | # Set the default permissions for all log files. | |
35 | # | |
36 | $FileOwner root | |
37 | $FileGroup logs | |
38 | $FileCreateMode 0640 | |
39 | $DirCreateMode 0750 | |
40 | ||
41 | ||
42 | # ### RULES #### | |
d2b53787 SP |
43 | |
44 | # Log all kernel messages to the console. | |
45 | # Logging much else clutters up the screen. | |
ec96f36f | 46 | #kern.* /dev/console |
d2b53787 SP |
47 | |
48 | # The authpriv file has restricted access. | |
ec96f36f | 49 | authpriv.* /var/log/secure |
d2b53787 SP |
50 | |
51 | # Log all the mail messages in one place. | |
ec96f36f | 52 | mail.* -/var/log/maillog |
d2b53787 SP |
53 | |
54 | # Log cron stuff | |
ec96f36f | 55 | cron.* /var/log/cron |
d2b53787 SP |
56 | |
57 | # Everybody gets emergency messages | |
ec96f36f | 58 | *.emerg * |
d2b53787 SP |
59 | |
60 | # Save news errors of level crit and higher in a special file. | |
ec96f36f | 61 | uucp,news.crit /var/log/spooler |
d2b53787 SP |
62 | |
63 | # Save boot messages also to boot.log | |
ec96f36f AZ |
64 | local7.* /var/log/boot.log |
65 | ||
66 | # | |
67 | # Some "catch-all" log files. | |
68 | # | |
69 | *.=debug;\ | |
70 | auth,authpriv.none;\ | |
71 | news.none;mail.none -/var/log/debug | |
72 | *.=info;*.=notice;*.=warn;\ | |
73 | auth,authpriv.none;\ | |
74 | cron,daemon.none;\ | |
75 | mail,news.none -/var/log/messages | |
76 | ||
77 | # ### Additional - from wiki ### | |
78 | # A basic template mostly from the docs, but I wanted to know what system forwarded the | |
79 | # messages so I added some text. Also I added the ":::space" to handle the windows | |
80 | # events (based on the other suggestions in the wiki) | |
81 | # | |
82 | # $template SyslFormat,"%timegenerated% [WJCG]-%HOSTNAME% %syslogtag%%msg:::space$ | |
83 | ||
84 | # this is for Windows events from SNARE | |
85 | # | |
86 | # $EscapeControlCharactersOnReceive off | |
87 | ||
88 | # ### misc | |
89 | # | |
90 | # reduce any duplicates | |
91 | # | |
92 | # $RepeatedMsgReduction on | |
93 | # $OptimizeForUniprocessor on | |
94 | ||
95 | ||
96 | ||
97 | # ### Begin forwarding rule ### | |
98 | # The statement between the begin ... end define a SINGLE forwarding | |
99 | # rule. They belong together, do NOT split them. If you create multiple | |
100 | # forwarding rules, duplicate the whole block! | |
101 | # Remote Logging (we use TCP for reliable delivery) | |
102 | # | |
103 | # An on-disk queue is created for this action. If the remote host is | |
104 | # down, messages are spooled to disk and sent when it is up again. | |
105 | #$WorkDirectory /var/spppl/rsyslog # where to place spool files | |
106 | #$ActionQueueFileName fwdRule1 # unique name prefix for spool files | |
107 | #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) | |
108 | #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown | |
109 | #$ActionQueueType LinkedList # run asynchronously | |
110 | #$ActionResumeRetryCount -1 # infinite retries if host is down | |
111 | # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional | |
112 | #*.* @@remote-host:514 | |
113 | ||
114 | ||
115 | ||
116 | # ### For central logs server use an example: host/year/month/day/facility ### | |
117 | # | |
118 | #$template DailyPerHostLogs,"/var/log/remote/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%syslogfacility-text%" #*.* -?DailyPerHostLogs | |
119 |