X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Frsyslog.conf;fp=etc%2Frsyslog.conf;h=b6ce47bec4c1c77985ed57b2b81334d7a657dca6;hb=18389d5c0a1128f195ac315d8cd6eacbe800961f;hp=c6e706be16f977a902719e8b94f3c67036c3685c;hpb=033368ac1cf3e8576f589405dcfbe5a3e0dc6816;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index c6e706b..b6ce47b 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -11,6 +11,8 @@ $ModLoad imuxsock # provides support for local system logging $ModLoad immark # provides --MARK-- message capability $MarkMessagePeriod 900 # mark messages appear every 15 Minutes +$ModLoad imtcp +$InputTCPServerRun 514 # Accept TCP connections on the default syslog port ########################### #### GLOBAL DIRECTIVES #### @@ -30,11 +32,6 @@ $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - # Store any queues here. This directory is not created automatically, so it # must already exist! $WorkDirectory /var/spool/rsyslog @@ -47,11 +44,41 @@ $MainMsgQueueFileName main # save in-memory data if rsyslog shuts down $MainMsgQueueSaveOnShutdown on +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + +######################## +#### Remote logging #### +######################## + +# Log lines received from other servers (as well as our own logs) centrally. +$template FacilityLog,"/data/log/rsyslog/%hostname%/facilities/%syslogfacility-text%.log" +$template SeverityLog,"/data/log/rsyslog/%hostname%/severities/%syslogseverity-text%.log" +$template AppLog,"/data/log/rsyslog/%hostname%/apps/%app-name%.log" +$template AllLog,"/data/log/rsyslog/all.log" + +# Use a verbose logging format +$template LogFormat, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %syslogfacility-text%.%syslogseverity-text%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" + +# Log by facility, severity and appname +*.* ?FacilityLog;LogFormat +*.* ?SeverityLog;LogFormat +*.* ?AppLog;LogFormat +# Log all entries in a single file, which is meant to be parsed by logcheck +# (hence the traditional format). +*.* ?AllLog;RSYSLOG_TraditionalFileFormat + ####################### #### Local logging #### ####################### -# +# Discard all log entries not locally generated. Newer versions of rsyslogd +# have the $fromhost-ip property which can be checked against 127.0.0.1, which +# is probably slightly more reliable, but this will work for now. +if $fromhost != 'log' then ~ + # Log each facility into its own log auth,authpriv.* /var/log/rsyslog/auth.log cron.* -/var/log/rsyslog/user.log @@ -85,19 +112,3 @@ local0,local1,local2,\ # Emergencies are sent to everybody logged in. # *.emerg * - -######################## -#### Remote logging #### -######################## - -# Send all log entries to the log vserver, but queue them in memory as well as -# on disk if needed. -# Use a linked list for queueing -$ActionQueueType LinkedList -# Name to use for the queue file -$ActionQueueFileName remote -# infinite retries on insert failure -$ActionResumeRetryCount -1 -# save in-memory data if rsyslog shuts down -$ActionQueueSaveOnShutdown on -*.* @@log;RSYSLOG_SyslogProtocol23Format