rsyslog: Update configuration.

This adds the rsyslog configuration taken from drsnuggles, nearly verbatim.
This splits out the syslog messages into different files, keeps a work queue
and contains configuration to send log messages to a central server (still
disabled).

diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf
index 2a7f9f9867dc34010b45727786c9b1a3d013358a..5dfd304d8d1224d529f62bd7714cd958303f7148 100644 (file)
--- a/etc/rsyslog.conf
+++ b/etc/rsyslog.conf
@@ -9,17 +9,8 @@
 #################
 
 $ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
-#$ModLoad immark  # provides --MARK-- message capability
-
-# provides UDP syslog reception
-#$ModLoad imudp
-#$UDPServerRun 514
-
-# provides TCP syslog reception
-#$ModLoad imtcp
-#$InputTCPServerRun 514
-
+$ModLoad immark   # provides --MARK-- message capability
+$MarkMessagePeriod  900 # mark messages appear every 15 Minutes
 
 ###########################
 #### GLOBAL DIRECTIVES ####
@@ -45,72 +36,71 @@ $Umask 0022
 #
 $IncludeConfig /etc/rsyslog.d/*.conf
 
+# Store any queues here. This directory is not created automatically, so it
+# must already exist!
+$WorkDirectory /var/spool/rsyslog
+
+# Use a (disk-assisted) main queue
+# Use a linked list for queueing
+$MainMsgQueueType LinkedList
+# Name to use for the queue file
+$MainMsgQueueFileName main
+# save in-memory data if rsyslog shuts down
+$MainMsgQueueSaveOnShutdown on
+
+#######################
+#### Local logging ####
+#######################
+
+#
+# Log each facility into its own log
+auth,authpriv.*                        /var/log/rsyslog/auth.log
+cron.*                         -/var/log/rsyslog/user.log
+daemon.*                       -/var/log/rsyslog/daemon.log
+kern.*                         -/var/log/rsyslog/kern.log
+lpr.*                          -/var/log/rsyslog/lpr.log
+mail.*                         -/var/log/rsyslog/mail.log
+user.*                         -/var/log/rsyslog/user.log
+local0,local1,local2,\
+       local3,local4,local5,\
+       local6,local7.*         -/var/log/rsyslog/local.log
+
+# Omitted facilities: syslog, news, uucp, ftp
+
+# All logs end up in syslog as weel as the corresponding facility log above
+# (except for auth, mail which only end up in the facility log for privacy
+# reasons and debug which only ends up in the debug log below to prevent
+# flooding).
+*.*;\
+       *.!=debug;\
+       auth,authpriv.none;\
+       mail.none               -/var/log/rsyslog/syslog
 
-###############
-#### RULES ####
-###############
-
-#
-# First some standard log files.  Log by facility.
-#
-auth,authpriv.*                        /var/log/auth.log
-*.*;auth,authpriv.none         -/var/log/syslog
-#cron.*                                /var/log/cron.log
-daemon.*                       -/var/log/daemon.log
-kern.*                         -/var/log/kern.log
-lpr.*                          -/var/log/lpr.log
-mail.*                         -/var/log/mail.log
-user.*                         -/var/log/user.log
-
-#
-# Logging for the mail system.  Split it up so that
-# it is easy to write scripts to parse these files.
-#
-mail.info                      -/var/log/mail.info
-mail.warn                      -/var/log/mail.warn
-mail.err                       /var/log/mail.err
-
-#
-# Logging for INN news system.
-#
-news.crit                      /var/log/news/news.crit
-news.err                       /var/log/news/news.err
-news.notice                    -/var/log/news/news.notice
-
-#
-# Some "catch-all" log files.
-#
+# Debug entries end up in debug.log as well as the corresponding facility log
+# above (except for auth and mail, which only end up in the facility logs for
+# privacy reasons).
 *.=debug;\
        auth,authpriv.none;\
-       news.none;mail.none     -/var/log/debug
-*.=info;*.=notice;*.=warn;\
-       auth,authpriv.none;\
-       cron,daemon.none;\
-       mail,news.none          -/var/log/messages
-
+       news.none;mail.none     -/var/log/rsyslog/debug.log
 #
 # Emergencies are sent to everybody logged in.
 #
 *.emerg                                *
 
-#
-# I like to have messages displayed on the console, but only on a virtual
-# console I usually leave idle.
-#
-#daemon,mail.*;\
-#      news.=crit;news.=err;news.=notice;\
-#      *.=debug;*.=info;\
-#      *.=notice;*.=warn       /dev/tty8
-
-# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
-# you must invoke `xconsole' with the `-file' option:
-# 
-#    $ xconsole -file /dev/xconsole [...]
-#
-# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
-#      busy site..
-#
-daemon.*;mail.*;\
-       news.err;\
-       *.=debug;*.=info;\
-       *.=notice;*.=warn       |/dev/xconsole
+########################
+#### Remote logging ####
+########################
+
+# Send all log entries to the log vserver, but queue them in memory as well as
+# on disk if needed.
+# Use a linked list for queueing
+$ActionQueueType LinkedList
+# Name to use for the queue file
+$ActionQueueFileName remote
+# infinite retries on insert failure
+$ActionResumeRetryCount -1
+# save in-memory data if rsyslog shuts down
+$ActionQueueSaveOnShutdown on
+# Disabled for now
+#*.*                           @@log.local;RSYSLOG_SyslogProtocol23Format
+