X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Frsyslog.conf;h=54022c1c90d3ed19be6b41819b2ee97cf92e1269;hb=refs%2Fheads%2Flog;hp=5ad1ede7ce0f4a0056afdf80b1e221be77d1c46a;hpb=c6b04db7d343fa7bd5e42b9ddbdd382011557706;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index 5ad1ede..54022c1 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -11,6 +11,8 @@ $ModLoad imuxsock # provides support for local system logging $ModLoad immark # provides --MARK-- message capability $MarkMessagePeriod 900 # mark messages appear every 15 Minutes +$ModLoad imtcp +$InputTCPServerRun 514 # Accept TCP connections on the default syslog port ########################### #### GLOBAL DIRECTIVES #### @@ -30,28 +32,70 @@ $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 +# Store any queues here. This directory is not created automatically, so it +# must already exist! +$WorkDirectory /var/spool/rsyslog + +# Use a (disk-assisted) main queue +# Use a linked list for queueing +$MainMsgQueueType LinkedList +# Name to use for the queue file +$MainMsgQueueFileName main +# save in-memory data if rsyslog shuts down +$MainMsgQueueSaveOnShutdown on + # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf +######################## +#### Remote logging #### +######################## -############### -#### RULES #### -############### +# Log lines received from other servers (as well as our own logs) centrally. +$template HostFacilityLog,"/data/log/rsyslog/hosts/%fromhost%/facilities/%syslogfacility-text%.log" +$template HostSeverityLog,"/data/log/rsyslog/hosts/%fromhost%/severities/%syslogseverity-text%.log" +$template HostAppLog,"/data/log/rsyslog/hosts/%fromhost%/apps/%app-name%.log" + +# Use a verbose logging format +$template LogFormat, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %syslogfacility-text%.%syslogseverity-text%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" + +# Log by facility, severity and appname +*.* ?HostFacilityLog;LogFormat +*.* ?HostSeverityLog;LogFormat +*.* ?HostAppLog;LogFormat +# Log all entries in a single file, which is meant to be parsed by logcheck +# (hence the traditional format). +*.* -/data/log/rsyslog/all.log;RSYSLOG_TraditionalFileFormat + +# Debugging format. Based on RSYSLOG_DebugFormat, available in later versions +# of rsyslogd, with some variations. +$template DebugFormat,"Debug line with all properties:\nFROMHOST: '%FROMHOST%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\nsyslogtag '%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%', PROCID: '%PROCID%', MSGID: '%MSGID%',\nTIMESTAMP: '%TIMESTAMP%', STRUCTURED-DATA: '%STRUCTURED-DATA%', syslogtag: '%syslogtag%'\nmsg: '%msg%'\nescaped msg: '%msg:::drop-cc%'\nrawmsg: '%rawmsg%'\n\n" +# Uncomment this to have detailed logging for debugging +#*.* -/data/log/rsyslog/debug.log;DebugFormat + + +####################### +#### Local logging #### +####################### + +# Discard all log entries not locally generated. Newer versions of rsyslogd +# have the $fromhost-ip property which can be checked against 127.0.0.1, which +# is probably slightly more reliable, but this will work for now. +if $fromhost != 'log' then ~ -# # Log each facility into its own log -auth,authpriv.* /var/log/auth.log -cron.* -/var/log/user.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log +auth,authpriv.* /var/log/rsyslog/auth.log +cron.* -/var/log/rsyslog/user.log +daemon.* -/var/log/rsyslog/daemon.log +kern.* -/var/log/rsyslog/kern.log +lpr.* -/var/log/rsyslog/lpr.log +mail.* -/var/log/rsyslog/mail.log +user.* -/var/log/rsyslog/user.log local0,local1,local2,\ local3,local4,local5,\ - local6,local7.* -/var/log/local.log + local6,local7.* -/var/log/rsyslog/local.log # Omitted facilities: syslog, news, uucp, ftp @@ -62,14 +106,14 @@ local0,local1,local2,\ *.*;\ *.!=debug;\ auth,authpriv.none;\ - mail.none -/var/log/syslog + mail.none -/var/log/rsyslog/syslog # Debug entries end up in debug.log as well as the corresponding facility log # above (except for auth and mail, which only end up in the facility logs for # privacy reasons). *.=debug;\ auth,authpriv.none;\ - news.none;mail.none -/var/log/debug.log + news.none;mail.none -/var/log/rsyslog/debug.log # # Emergencies are sent to everybody logged in. #