1 # /etc/rsyslog.conf Configuration file for rsyslog v3.
3 # For more information see
4 # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
11 $ModLoad imuxsock # provides support for local system logging
12 $ModLoad immark # provides --MARK-- message capability
13 $MarkMessagePeriod 900 # mark messages appear every 15 Minutes
15 $InputTCPServerRun 514 # Accept TCP connections on the default syslog port
17 ###########################
18 #### GLOBAL DIRECTIVES ####
19 ###########################
22 # Use traditional timestamp format.
23 # To enable high precision timestamps, comment out the following line.
25 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
28 # Set the default permissions for all log files.
35 # Store any queues here. This directory is not created automatically, so it
37 $WorkDirectory /var/spool/rsyslog
39 # Use a (disk-assisted) main queue
40 # Use a linked list for queueing
41 $MainMsgQueueType LinkedList
42 # Name to use for the queue file
43 $MainMsgQueueFileName main
44 # save in-memory data if rsyslog shuts down
45 $MainMsgQueueSaveOnShutdown on
48 # Include all config files in /etc/rsyslog.d/
50 $IncludeConfig /etc/rsyslog.d/*.conf
52 ########################
53 #### Remote logging ####
54 ########################
56 # Log lines received from other servers (as well as our own logs) centrally.
57 $template FacilityLog,"/data/log/rsyslog/%hostname%/facilities/%syslogfacility-text%.log"
58 $template SeverityLog,"/data/log/rsyslog/%hostname%/severities/%syslogseverity-text%.log"
59 $template AppLog,"/data/log/rsyslog/%hostname%/apps/%app-name%.log"
60 $template AllLog,"/data/log/rsyslog/all.log"
62 # Use a verbose logging format
63 $template LogFormat, "%TIMESTAMP:::date-rfc3339% %HOSTNAME% %syslogtag% %syslogfacility-text%.%syslogseverity-text%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
65 # Log by facility, severity and appname
66 *.* ?FacilityLog;LogFormat
67 *.* ?SeverityLog;LogFormat
69 # Log all entries in a single file, which is meant to be parsed by logcheck
70 # (hence the traditional format).
71 *.* ?AllLog;RSYSLOG_TraditionalFileFormat
73 #######################
74 #### Local logging ####
75 #######################
77 # Discard all log entries not locally generated. Newer versions of rsyslogd
78 # have the $fromhost-ip property which can be checked against 127.0.0.1, which
79 # is probably slightly more reliable, but this will work for now.
80 if $fromhost != 'log' then ~
82 # Log each facility into its own log
83 auth,authpriv.* /var/log/rsyslog/auth.log
84 cron.* -/var/log/rsyslog/user.log
85 daemon.* -/var/log/rsyslog/daemon.log
86 kern.* -/var/log/rsyslog/kern.log
87 lpr.* -/var/log/rsyslog/lpr.log
88 mail.* -/var/log/rsyslog/mail.log
89 user.* -/var/log/rsyslog/user.log
90 local0,local1,local2,\
91 local3,local4,local5,\
92 local6,local7.* -/var/log/rsyslog/local.log
94 # Omitted facilities: syslog, news, uucp, ftp
96 # All logs end up in syslog as weel as the corresponding facility log above
97 # (except for auth, mail which only end up in the facility log for privacy
98 # reasons and debug which only ends up in the debug log below to prevent
103 mail.none -/var/log/rsyslog/syslog
105 # Debug entries end up in debug.log as well as the corresponding facility log
106 # above (except for auth and mail, which only end up in the facility logs for
110 news.none;mail.none -/var/log/rsyslog/debug.log
112 # Emergencies are sent to everybody logged in.