2009-09-19 15:28:14 +02:00
|
|
|
# if you experience problems, check
|
|
|
|
# http://www.rsyslog.com/troubleshoot for assistance
|
|
|
|
|
|
|
|
# rsyslog v3: load input modules
|
|
|
|
# If you do not load inputs, nothing happens!
|
|
|
|
# You may need to set the module load path if modules are not found.
|
|
|
|
|
|
|
|
$ModLoad immark # provides --MARK-- message capability
|
|
|
|
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
|
|
|
|
$ModLoad imklog # kernel logging (formerly provided by rklogd)
|
|
|
|
|
2012-01-14 10:38:55 +01:00
|
|
|
# Include config file snippets.
|
|
|
|
$IncludeConfig /etc/rsyslog.d/
|
|
|
|
|
2009-09-19 15:28:14 +02:00
|
|
|
# Log all kernel messages to the console.
|
|
|
|
# Logging much else clutters up the screen.
|
|
|
|
#kern.* /dev/console
|
|
|
|
|
|
|
|
# Log anything (except mail) of level info or higher.
|
|
|
|
# Don't log private authentication messages!
|
|
|
|
*.info;mail.none;authpriv.none;cron.none -/var/log/messages
|
|
|
|
|
|
|
|
# The authpriv file has restricted access.
|
|
|
|
authpriv.* /var/log/secure
|
|
|
|
|
|
|
|
# Log all the mail messages in one place.
|
|
|
|
mail.* -/var/log/maillog
|
|
|
|
|
|
|
|
|
|
|
|
# Log cron stuff
|
|
|
|
cron.* -/var/log/cron
|
|
|
|
|
|
|
|
# Everybody gets emergency messages
|
|
|
|
*.emerg *
|
|
|
|
|
|
|
|
# Save news errors of level crit and higher in a special file.
|
|
|
|
#uucp,news.crit -/var/log/spooler
|
|
|
|
|
|
|
|
# Save boot messages also to boot.log
|
|
|
|
#local7.* /var/log/boot.log
|
|
|
|
|
|
|
|
# Remote Logging (we use TCP for reliable delivery)
|
|
|
|
# An on-disk queue is created for this action. If the remote host is
|
|
|
|
# down, messages are spooled to disk and sent when it is up again.
|
|
|
|
#$WorkDirectory /rsyslog/spool # where to place spool files
|
|
|
|
#$ActionQueueFileName uniqName # unique name prefix for spool files
|
|
|
|
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
|
|
|
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
|
|
|
#$ActionQueueType LinkedList # run asynchronously
|
|
|
|
#$ActionResumeRetryCount -1 # infinite retries if host is down
|
|
|
|
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
|
|
|
#*.* @@remote-host:514
|
|
|
|
|
|
|
|
|
|
|
|
# ######### Receiving Messages from Remote Hosts ##########
|
|
|
|
# TCP Syslog Server:
|
|
|
|
# provides TCP syslog reception and GSS-API (if compiled to support it)
|
|
|
|
#$ModLoad imtcp.so # load module
|
|
|
|
#$InputTCPServerRun 514 # start up TCP listener at port 514
|
|
|
|
|
|
|
|
# UDP Syslog Server:
|
|
|
|
#$ModLoad imudp.so # provides UDP syslog reception
|
|
|
|
#$UDPServerRun 514 # start a UDP syslog server at standard port 514
|