| # if you experience problems, check |
| # http://www.rsyslog.com/troubleshoot for assistance |
| |
| # rsyslog v3: load input modules |
| # If you do not load inputs, nothing happens! |
| # You may need to set the module load path if modules are not found. |
| # |
| # Ported from debian's sysklogd.conf |
| |
| $ModLoad immark # provides --MARK-- message capability |
| $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) |
| $ModLoad imklog # kernel logging (formerly provided by rklogd) |
| |
| # |
| # Set the default permissions |
| # |
| $FileOwner root |
| $FileGroup adm |
| $FileCreateMode 0640 |
| $DirCreateMode 0755 |
| $Umask 0022 |
| |
| auth,authpriv.* /var/log/auth.log |
| *.*;auth,authpriv.none -/var/log/syslog |
| cron.* /var/log/cron.log |
| daemon.* -/var/log/daemon.log |
| kern.* -/var/log/kern.log |
| lpr.* -/var/log/lpr.log |
| mail.* -/var/log/mail.log |
| user.* -/var/log/user.log |
| |
| # |
| # Logging for the mail system. Split it up so that |
| # it is easy to write scripts to parse these files. |
| # |
| mail.info -/var/log/mail.info |
| mail.warn -/var/log/mail.warn |
| mail.err /var/log/mail.err |
| |
| # Logging for INN news system |
| # |
| news.crit /var/log/news.crit |
| news.err /var/log/news.err |
| news.notice -/var/log/news.notice |
| |
| # |
| # Some `catch-all' logfiles. |
| # |
| *.=debug;\ |
| auth,authpriv.none;\ |
| news.none;mail.none -/var/log/debug |
| *.=info;*.=notice;*.=warn;\ |
| auth,authpriv.none;\ |
| cron,daemon.none;\ |
| mail,news.none -/var/log/messages |
| |
| # |
| # Emergencies are sent to everybody logged in. |
| # |
| *.emerg :omusrmsg:* |
| |
| # Save boot messages also to boot.log |
| local7.* /var/log/boot.log |
| |
| # Remote Logging (we use TCP for reliable delivery) |
| # An on-disk queue is created for this action. If the remote host is |
| # down, messages are spooled to disk and sent when it is up again. |
| #$WorkDirectory /var/spool/rsyslog # where to place spool files |
| #$ActionQueueFileName uniqName # unique name prefix for spool files |
| $ActionQueueMaxDiskSpace 10m # 1gb space limit (use as much as possible) |
| #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown |
| #$ActionQueueType LinkedList # run asynchronously |
| #$ActionResumeRetryCount -1 # infinite retries if host is down |
| # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional |
| #*.* @@remote-host:514 |
| |
| |
| # ######### Receiving Messages from Remote Hosts ########## |
| # TCP Syslog Server: |
| # provides TCP syslog reception and GSS-API (if compiled to support it) |
| #$ModLoad imtcp.so # load module |
| #$InputTCPServerRun 514 # start up TCP listener at port 514 |
| |
| # UDP Syslog Server: |
| #$ModLoad imudp.so # provides UDP syslog reception |
| #$UDPServerRun 514 # start a UDP syslog server at standard port 514 |
| |
| # |
| # Include all config files in /etc/rsyslog.d/ |
| # |
| $IncludeConfig /etc/rsyslog.d/*.conf |