diff options
Diffstat (limited to 'system/rsyslog/config/rsyslog.conf')
| -rw-r--r-- | system/rsyslog/config/rsyslog.conf | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/system/rsyslog/config/rsyslog.conf b/system/rsyslog/config/rsyslog.conf new file mode 100644 index 0000000000..1b88783343 --- /dev/null +++ b/system/rsyslog/config/rsyslog.conf @@ -0,0 +1,76 @@ +# if you experience problems, check +# http://www.rsyslog.com/troubleshoot for assistance +# look also into /usr/doc/rsyslog-*/html/rsyslog-example.conf + +# rsyslog v3: load input modules +# If you do not load inputs, nothing happens! +# You may need to set the module load path if modules are not found. + +$ModLoad immark # provides --MARK-- message capability +$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) +$ModLoad imklog # kernel logging (formerly provided by rklogd) + +# maintain the sysklogd output format +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# backward compatibility with klogd -c 3 behaviour, thanks to Rodrigo L. Fernandez +$klogConsoleLogLevel 3 + +# Uncomment this to see kernel messages on the console. +#kern.* /dev/console + +# Log anything 'info' or higher, but lower than 'warn'. +# Exclude authpriv, cron, mail, and news. These are logged elsewhere. +*.info;*.!warn;\ + authpriv.none;cron.none;mail.none;news.none -/var/log/messages + +# Log anything 'warn' or higher. +# Exclude authpriv, cron, mail, and news. These are logged elsewhere. +*.warn;\ + authpriv.none;cron.none;mail.none;news.none -/var/log/syslog + +# Debugging information is logged here. +*.=debug -/var/log/debug + +# Private authentication message logging: +authpriv.* -/var/log/secure + +# Cron related logs: +cron.* -/var/log/cron + +# Mail related logs: +mail.* -/var/log/maillog + +# Emergency level messages go to all users: +*.emerg * + +# This log is for news and uucp errors: +uucp,news.crit -/var/log/spooler + +# Uncomment these if you'd like INN to keep logs on everything. +# You won't need this if you don't run INN (the InterNetNews daemon). +#news.=crit -/var/log/news/news.crit +#news.=err -/var/log/news/news.err +#news.notice -/var/log/news/news.notice + +# Remote Logging (we use TCP for reliable delivery) +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#$WorkDirectory /rsyslog/spool # where to place spool files +#$ActionQueueFileName uniqName # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinite retries if host is down +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 + +# ######### Receiving Messages from Remote Hosts ########## +# TCP Syslog Server: +# provides TCP syslog reception and GSS-API (if compiled to support it) +#$ModLoad imtcp.so # load module +#$InputTCPServerRun 514 # start up TCP listener at port 514 + +# UDP Syslog Server: +#$ModLoad imudp.so # provides UDP syslog reception +#$UDPServerRun 514 # start a UDP syslog server at standard port 514 |