| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 1 | # if you experience problems, check |
| 2 | # http://www.rsyslog.com/troubleshoot for assistance |
| 3 | |
| 4 | # rsyslog v3: load input modules |
| 5 | # If you do not load inputs, nothing happens! |
| 6 | # You may need to set the module load path if modules are not found. |
| 7 | # |
| 8 | # Ported from debian's sysklogd.conf |
| 9 | |
| 10 | $ModLoad immark # provides --MARK-- message capability |
| 11 | $ModLoad imuxsock # provides support for local system logging (e.g. via logger command) |
| 12 | $ModLoad imklog # kernel logging (formerly provided by rklogd) |
| 13 | |
| 14 | # |
| 15 | # Set the default permissions |
| 16 | # |
| 17 | $FileOwner root |
| 18 | $FileGroup adm |
| 19 | $FileCreateMode 0640 |
| 20 | $DirCreateMode 0755 |
| 21 | $Umask 0022 |
| 22 | |
| 23 | auth,authpriv.* /var/log/auth.log |
| 24 | *.*;auth,authpriv.none -/var/log/syslog |
| 25 | cron.* /var/log/cron.log |
| 26 | daemon.* -/var/log/daemon.log |
| 27 | kern.* -/var/log/kern.log |
| 28 | lpr.* -/var/log/lpr.log |
| 29 | mail.* -/var/log/mail.log |
| 30 | user.* -/var/log/user.log |
| 31 | |
| 32 | # |
| 33 | # Logging for the mail system. Split it up so that |
| 34 | # it is easy to write scripts to parse these files. |
| 35 | # |
| 36 | mail.info -/var/log/mail.info |
| 37 | mail.warn -/var/log/mail.warn |
| 38 | mail.err /var/log/mail.err |
| 39 | |
| 40 | # Logging for INN news system |
| 41 | # |
| 42 | news.crit /var/log/news.crit |
| 43 | news.err /var/log/news.err |
| 44 | news.notice -/var/log/news.notice |
| 45 | |
| 46 | # |
| 47 | # Some `catch-all' logfiles. |
| 48 | # |
| 49 | *.=debug;\ |
| 50 | auth,authpriv.none;\ |
| 51 | news.none;mail.none -/var/log/debug |
| 52 | *.=info;*.=notice;*.=warn;\ |
| 53 | auth,authpriv.none;\ |
| 54 | cron,daemon.none;\ |
| 55 | mail,news.none -/var/log/messages |
| 56 | |
| 57 | # |
| 58 | # Emergencies are sent to everybody logged in. |
| 59 | # |
| 60 | *.emerg :omusrmsg:* |
| 61 | |
| 62 | # Save boot messages also to boot.log |
| 63 | local7.* /var/log/boot.log |
| 64 | |
| 65 | # Remote Logging (we use TCP for reliable delivery) |
| 66 | # An on-disk queue is created for this action. If the remote host is |
| 67 | # down, messages are spooled to disk and sent when it is up again. |
| 68 | #$WorkDirectory /var/spool/rsyslog # where to place spool files |
| 69 | #$ActionQueueFileName uniqName # unique name prefix for spool files |
| 70 | $ActionQueueMaxDiskSpace 10m # 1gb space limit (use as much as possible) |
| 71 | #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown |
| 72 | #$ActionQueueType LinkedList # run asynchronously |
| 73 | #$ActionResumeRetryCount -1 # infinite retries if host is down |
| 74 | # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional |
| 75 | #*.* @@remote-host:514 |
| 76 | |
| 77 | |
| 78 | # ######### Receiving Messages from Remote Hosts ########## |
| 79 | # TCP Syslog Server: |
| 80 | # provides TCP syslog reception and GSS-API (if compiled to support it) |
| 81 | #$ModLoad imtcp.so # load module |
| 82 | #$InputTCPServerRun 514 # start up TCP listener at port 514 |
| 83 | |
| 84 | # UDP Syslog Server: |
| 85 | #$ModLoad imudp.so # provides UDP syslog reception |
| 86 | #$UDPServerRun 514 # start a UDP syslog server at standard port 514 |
| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 87 | |
| 88 | # |
| 89 | # Include all config files in /etc/rsyslog.d/ |
| 90 | # |
| 91 | $IncludeConfig /etc/rsyslog.d/*.conf |