aboutsummaryrefslogtreecommitdiffstats
path: root/main/rsyslog/rsyslog.conf
blob: 99b715e7a85c411a93da93e0432865c5cc8803bf (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# rsyslog configuration file
#
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html


#### Global directives ####

# Sets the directory that rsyslog uses for work files.
$WorkDirectory /var/lib/rsyslog

# Sets default permissions for all log files.
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

# Check config syntax on startup and abort if unclean (default off).
#$AbortOnUncleanConfig on

# Reduce repeating messages (default off).
#$RepeatedMsgReduction on

# Include all config files in /etc/rsyslog.d/.
include(file="/etc/rsyslog.d/*.conf" mode="optional")


#### Modules ####

# Provides --MARK-- message capability.
module(load="immark")

# Provides support for local system logging (e.g. via logger command).
module(load="imuxsock")

# Reads kernel messages.
module(load="imklog")


#### Rules ####

# Log all kernel messages to kern.log.
kern.*							/var/log/kern.log

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# NOTE: The minus sign in front of filename disables buffer flush.
*.info;authpriv.none;cron.none;kern.none;mail.none	-/var/log/messages

# The authpriv file has restricted access.
authpriv.*						/var/log/auth.log

# Log all the mail messages in one place.
mail.*							-/var/log/mail.log

# Log cron stuff.
cron.*							-/var/log/cron.log

# Everybody gets emergency messages.
*.emerg							:omusrmsg:*

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console


### Examples ####

# Send all logs to remote syslog via UDP.
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#*.* action(
#	type="omfwd"
#	target="192.168.0.1"
#	port="514"
#	protocol="udp"
#	queue.filename="fwdRule1"  # unique name prefix for spool files
#	queue.type="LinkedList"
#	queue.maxDiskSpace="256m"
#	queue.saveOnShutdown="on"
#	action.resumeRetryCount="-1"
#	action.resumeInterval="30"
#)

# Receive messages from remote host via UDP
# for parameters see http://www.rsyslog.com/doc/imudp.html
#module(load="imudp")  # needs to be done just once
#input(
#	type="imudp"
#	port="514"
#)