X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Frsyslog.conf;h=54022c1c90d3ed19be6b41819b2ee97cf92e1269;hb=refs%2Fheads%2Flog;hp=d88cb68f4e74e22ef7a132b27d62cf790be7e429;hpb=4ae8d6bc43e64060d82691f0814833a146e19a9a;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index d88cb68..54022c1 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -9,17 +9,10 @@ ################# $ModLoad imuxsock # provides support for local system logging -$ModLoad imklog # provides kernel logging support (previously done by rklogd) -#$ModLoad immark # provides --MARK-- message capability - -# provides UDP syslog reception -#$ModLoad imudp -#$UDPServerRun 514 - -# provides TCP syslog reception -#$ModLoad imtcp -#$InputTCPServerRun 514 - +$ModLoad immark # provides --MARK-- message capability +$MarkMessagePeriod 900 # mark messages appear every 15 Minutes +$ModLoad imtcp +$InputTCPServerRun 514 # Accept TCP connections on the default syslog port ########################### #### GLOBAL DIRECTIVES #### @@ -39,77 +32,89 @@ $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf +# Store any queues here. This directory is not created automatically, so it +# must already exist! +$WorkDirectory /var/spool/rsyslog - -############### -#### RULES #### -############### - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -#cron.* /var/log/cron.log -daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -user.* -/var/log/user.log +# Use a (disk-assisted) main queue +# Use a linked list for queueing +$MainMsgQueueType LinkedList +# Name to use for the queue file +$MainMsgQueueFileName main +# save in-memory data if rsyslog shuts down +$MainMsgQueueSaveOnShutdown on # -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files. +# Include all config files in /etc/rsyslog.d/ # -mail.info -/var/log/mail.info -mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err +$IncludeConfig /etc/rsyslog.d/*.conf -# -# Logging for INN news system. -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice +######################## +#### Remote logging #### +######################## + +# Log lines received from other servers (as well as our own logs) centrally. +$template HostFacilityLog,"/data/log/rsyslog/hosts/%fromhost%/facilities/%syslogfacility-text%.log" +$template HostSeverityLog,"/data/log/rsyslog/hosts/%fromhost%/severities/%syslogseverity-text%.log" +$template HostAppLog,"/data/log/rsyslog/hosts/%fromhost%/apps/%app-name%.log" + +# Use a verbose logging format +$template LogFormat, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %syslogfacility-text%.%syslogseverity-text%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n" + +# Log by facility, severity and appname +*.* ?HostFacilityLog;LogFormat +*.* ?HostSeverityLog;LogFormat +*.* ?HostAppLog;LogFormat +# Log all entries in a single file, which is meant to be parsed by logcheck +# (hence the traditional format). +*.* -/data/log/rsyslog/all.log;RSYSLOG_TraditionalFileFormat + +# Debugging format. Based on RSYSLOG_DebugFormat, available in later versions +# of rsyslogd, with some variations. +$template DebugFormat,"Debug line with all properties:\nFROMHOST: '%FROMHOST%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\nsyslogtag '%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%', PROCID: '%PROCID%', MSGID: '%MSGID%',\nTIMESTAMP: '%TIMESTAMP%', STRUCTURED-DATA: '%STRUCTURED-DATA%', syslogtag: '%syslogtag%'\nmsg: '%msg%'\nescaped msg: '%msg:::drop-cc%'\nrawmsg: '%rawmsg%'\n\n" +# Uncomment this to have detailed logging for debugging +#*.* -/data/log/rsyslog/debug.log;DebugFormat + + +####################### +#### Local logging #### +####################### + +# Discard all log entries not locally generated. Newer versions of rsyslogd +# have the $fromhost-ip property which can be checked against 127.0.0.1, which +# is probably slightly more reliable, but this will work for now. +if $fromhost != 'log' then ~ + +# Log each facility into its own log +auth,authpriv.* /var/log/rsyslog/auth.log +cron.* -/var/log/rsyslog/user.log +daemon.* -/var/log/rsyslog/daemon.log +kern.* -/var/log/rsyslog/kern.log +lpr.* -/var/log/rsyslog/lpr.log +mail.* -/var/log/rsyslog/mail.log +user.* -/var/log/rsyslog/user.log +local0,local1,local2,\ + local3,local4,local5,\ + local6,local7.* -/var/log/rsyslog/local.log + +# Omitted facilities: syslog, news, uucp, ftp + +# All logs end up in syslog as weel as the corresponding facility log above +# (except for auth, mail which only end up in the facility log for privacy +# reasons and debug which only ends up in the debug log below to prevent +# flooding). +*.*;\ + *.!=debug;\ + auth,authpriv.none;\ + mail.none -/var/log/rsyslog/syslog -# -# Some "catch-all" log files. -# +# Debug entries end up in debug.log as well as the corresponding facility log +# above (except for auth and mail, which only end up in the facility logs for +# privacy reasons). *.=debug;\ auth,authpriv.none;\ - news.none;mail.none -/var/log/debug -*.=info;*.=notice;*.=warn;\ - auth,authpriv.none;\ - cron,daemon.none;\ - mail,news.none -/var/log/messages - + news.none;mail.none -/var/log/rsyslog/debug.log # # Emergencies are sent to everybody logged in. # *.emerg * - -# -# I like to have messages displayed on the console, but only on a virtual -# console I usually leave idle. -# -#daemon,mail.*;\ -# news.=crit;news.=err;news.=notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn /dev/tty8 - -# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, -# you must invoke `xconsole' with the `-file' option: -# -# $ xconsole -file /dev/xconsole [...] -# -# NOTE: adjust the list below, or you'll go crazy if you have a reasonably -# busy site.. -# -daemon.*;mail.*;\ - news.err;\ - *.=debug;*.=info;\ - *.=notice;*.=warn |/dev/xconsole