|
 |
6a5d467 |
#rsyslog v3 config file
|
|
|
6a5d467 |
|
|
 |
502ec1b |
# if you experience problems, check
|
|
|
502ec1b |
# http://www.rsyslog.com/troubleshoot for assistance
|
|
|
6a5d467 |
|
|
|
6a5d467 |
#### MODULES ####
|
|
|
6a5d467 |
|
|
|
6a5d467 |
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
|
|
|
6a5d467 |
$ModLoad imklog.so # provides kernel logging support (previously done by rklogd)
|
|
|
6a5d467 |
#$ModLoad immark.so # provides --MARK-- message capability
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Provides UDP syslog reception
|
|
|
6a5d467 |
#$ModLoad imudp.so
|
|
|
6a5d467 |
#$UDPServerRun 514
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Provides TCP syslog reception
|
|
|
6a5d467 |
#$ModLoad imtcp.so
|
|
|
6a5d467 |
#$InputTCPServerRun 514
|
|
|
6a5d467 |
|
|
|
6a5d467 |
|
|
|
502ec1b |
#### GLOBAL DIRECTIVES ####
|
|
|
502ec1b |
|
|
|
502ec1b |
# Use default timestamp format
|
|
|
502ec1b |
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
|
|
502ec1b |
|
|
|
502ec1b |
# File syncing capability is disabled by default. This feature is usually not required,
|
|
|
502ec1b |
# not useful and an extreme performance hit
|
|
|
502ec1b |
#$ActionFileEnableSync on
|
|
|
502ec1b |
|
|
|
502ec1b |
|
|
|
6a5d467 |
#### RULES ####
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Log all kernel messages to the console.
|
|
|
6a5d467 |
# Logging much else clutters up the screen.
|
|
|
6a5d467 |
#kern.* /dev/console
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Log anything (except mail) of level info or higher.
|
|
|
6a5d467 |
# Don't log private authentication messages!
|
|
|
6a5d467 |
*.info;mail.none;authpriv.none;cron.none /var/log/messages
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# The authpriv file has restricted access.
|
|
|
6a5d467 |
authpriv.* /var/log/secure
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Log all the mail messages in one place.
|
|
|
6a5d467 |
mail.* -/var/log/maillog
|
|
|
6a5d467 |
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Log cron stuff
|
|
|
6a5d467 |
cron.* /var/log/cron
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Everybody gets emergency messages
|
|
|
6a5d467 |
*.emerg *
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Save news errors of level crit and higher in a special file.
|
|
|
6a5d467 |
uucp,news.crit /var/log/spooler
|
|
|
6a5d467 |
|
|
|
6a5d467 |
# Save boot messages also to boot.log
|
|
|
6a5d467 |
local7.* /var/log/boot.log
|
|
|
6a5d467 |
|
|
|
502ec1b |
|
|
|
502ec1b |
|
|
|
502ec1b |
# ### begin forwarding rule ###
|
|
|
502ec1b |
# The statement between the begin ... end define a SINGLE forwarding
|
|
|
502ec1b |
# rule. They belong together, do NOT split them. If you create multiple
|
|
|
502ec1b |
# forwarding rules, duplicate the whole block!
|
|
|
502ec1b |
# Remote Logging (we use TCP for reliable delivery)
|
|
|
502ec1b |
#
|
|
|
502ec1b |
# An on-disk queue is created for this action. If the remote host is
|
|
|
502ec1b |
# down, messages are spooled to disk and sent when it is up again.
|
|
|
502ec1b |
#$WorkDirectory /var/spppl/rsyslog # where to place spool files
|
|
|
502ec1b |
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
|
|
|
502ec1b |
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
|
|
502ec1b |
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
|
|
502ec1b |
#$ActionQueueType LinkedList # run asynchronously
|
|
|
502ec1b |
#$ActionResumeRetryCount -1 # infinite retries if host is down
|
|
|
502ec1b |
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
|
|
502ec1b |
#*.* @@remote-host:514
|
|
|
502ec1b |
# ### end of the forwarding rule ###
|