diff options
| -rw-r--r-- | remote/modules/rsyslogd/data/etc/rsyslog.conf | 208 |
1 files changed, 62 insertions, 146 deletions
diff --git a/remote/modules/rsyslogd/data/etc/rsyslog.conf b/remote/modules/rsyslogd/data/etc/rsyslog.conf index e2548c99..3099f250 100644 --- a/remote/modules/rsyslogd/data/etc/rsyslog.conf +++ b/remote/modules/rsyslogd/data/etc/rsyslog.conf @@ -1,169 +1,85 @@ -## -## === When you're using remote logging, enable on-disk queues === -## === in rsyslog.d/remote.conf. When neccesary also set the === -## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === -## === e.g. when rsyslog has to receive on a specific IP only. === -## -## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules -## (provided in separate rsyslog-module-* packages) are enabled, the -## configuration can't be used on a system with /usr on a remote -## filesystem, except on newer systems where initrd mounts /usr. -## [The modules are linked against libraries installed bellow of -## /usr thus also installed in /usr/lib*/rsyslog because of this.] -## - +# /etc/rsyslog.conf Configuration file for rsyslogd. # -# if you experience problems, check -# http://www.rsyslog.com/troubleshoot for assistance -# and report them at http://bugzilla.novell.com/ +# For more information see +# /usr/share/doc/rsyslog/html/rsyslog_conf.html +# +# First some standard logfiles. Log by facility. # -# since rsyslog v3: load input modules -# If you do not load inputs, nothing happens! - -# provides --MARK-- message capability (every 1 hour) -$ModLoad immark.so +$ModLoad imuxsock # provides support for local system logging +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +$ModLoad immark $MarkMessagePeriod 3600 - -# provides support for local system logging (e.g. via logger command) -$ModLoad imuxsock.so - -# reduce dupplicate log messages (last message repeated n times) $RepeatedMsgReduction on -# kernel logging (may be also provided by /sbin/klogd) -# see also http://www.rsyslog.com/doc-imklog.html. -$ModLoad imklog.so -# set log level 1 (same as in /etc/sysconfig/syslog). -$klogConsoleLogLevel 1 - -# Use rsyslog native, rfc5424 conform log format as default -# ($ActionFileDefaultTemplate RSYSLOG_FileFormat). -# -# To change a single file to use obsolete BSD syslog format -# (rfc 3164, no high-precision timestamps), set the variable -# bellow or append ";RSYSLOG_FileFormat" to the filename. -# See -# http://www.rsyslog.com/doc/rsyslog_conf_templates.html -# for more informations. -# -#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# -# Include config generated by /etc/init.d/syslog script -# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the -# /etc/sysconfig/syslog file. -# -#$IncludeConfig /var/run/rsyslog/additional-log-sockets.conf - -# -# Include config files, that the admin provided? : -# -$IncludeConfig /etc/rsyslog.d/*.conf - -### -# print most important on tty10 and on the xconsole pipe -# -if ( \ - /* kernel up to warning except of firewall */ \ - ($syslogfacility-text == 'kern') and \ - ($syslogseverity <= 4 /* warning */ ) and not \ - ($msg contains 'IN=' and $msg contains 'OUT=') \ - ) or ( \ - /* up to errors except of facility authpriv */ \ - ($syslogseverity <= 3 /* errors */ ) and not \ - ($syslogfacility-text == 'authpriv') \ - ) \ -then /dev/tty10 -& |/dev/console +if ( \ + /* kernel up to warning except of firewall */ \ + ($syslogfacility-text == 'kern') and \ + ($syslogseverity <= 4 /* warning */ ) and not \ + ($msg contains 'IN=' and $msg contains 'OUT=') \ + ) or ( \ + /* up to errors except of facility authpriv */ \ + ($syslogseverity <= 3 /* errors */ ) and not \ + ($syslogfacility-text == 'authpriv') \ + ) \ +then /dev/tty10 +& |/dev/console -# Emergency messages to everyone logged on (wall) -*.emerg :omusrmsg:* - -# enable this, if you want that root is informed -# immediately, e.g. of logins -#*.alert root - +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log # -# firewall messages into separate file and stop their further processing +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. # -if ($syslogfacility-text == 'kern') and \ - ($msg contains 'IN=' and $msg contains 'OUT=') \ -then -/var/log/firewall -& ~ - - +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err # -# acpid messages into separate file and stop their further processing +# Logging for INN news system # -# => all acpid messages for debuging (uncomment if needed): -#if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ -# -/var/log/acpid +news.crit /var/log/news/news.crit +news.err /var/log/news/news.err +news.notice -/var/log/news/news.notice # -# => up to notice (skip info and debug) -if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ - ($syslogseverity <= 5 /* notice */) \ -then -/var/log/acpid -& ~ - - +# Some `catch-all' logfiles. # -# NetworkManager into separate file and stop their further processing +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages # -if ($programname == 'NetworkManager') or \ - ($programname startswith 'nm-') \ -then -/var/log/NetworkManager -& ~ - - +# Emergencies are sent to everybody logged in. # -# email-messages -# -mail.* -/var/log/mail -mail.info -/var/log/mail.info -mail.warning -/var/log/mail.warn -mail.err /var/log/mail.err - - +*.emerg * # -# news-messages +# I like to have messages displayed on the console, but only on a virtual +# console I usually leave idle. # -news.crit -/var/log/news/news.crit -news.err -/var/log/news/news.err -news.notice -/var/log/news/news.notice -# enable this, if you want to keep all news messages -# in one file -#news.* -/var/log/news.all - - +#daemon,mail.*;\ +# news.=crit;news.=err;news.=notice;\ +# *.=debug;*.=info;\ +# *.=notice;*.=warn /dev/tty8 +# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, +# you must invoke `xconsole' with the `-file' option: # -# Warnings in one file +# $ xconsole -file /dev/xconsole [...] # -*.=warning;*.=err -/var/log/warn -*.crit /var/log/warn - - +# NOTE: adjust the list below, or you'll go crazy if you have a reasonably +# busy site.. # -# the rest in one file -# -*.*;mail.none;news.none -/var/log/messages - - -# -# enable this, if you want to keep all messages -# in one file -#*.* -/var/log/allmessages - - -# -# Some foreign boot scripts require local7 -# -local0.*;local1.* -/var/log/localmessages -local2.*;local3.* -/var/log/localmessages -local4.*;local5.* -/var/log/localmessages -local6.*;local7.* -/var/log/localmessages - -### +daemon.*;mail.*;\ + news.err;\ + *.=debug;*.=info;\ + *.=notice;*.=warn |/dev/console |