From 1486dd4df1ff85b5490e2e91f6a8ea60d544aaa3 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Thu, 7 Jul 2016 16:34:08 +0200
Subject: [PATCH] add rsyslog

---
 rootfs/etc/rsyslog.conf           | 48 +++++++++++++++++++++++++++++++
 rootfs/etc/services.d/rsyslog/run |  3 ++
 2 files changed, 51 insertions(+)
 create mode 100644 rootfs/etc/rsyslog.conf
 create mode 100644 rootfs/etc/services.d/rsyslog/run

diff --git a/rootfs/etc/rsyslog.conf b/rootfs/etc/rsyslog.conf
new file mode 100644
index 0000000..f3f48e1
--- /dev/null
+++ b/rootfs/etc/rsyslog.conf
@@ -0,0 +1,48 @@
+# rsyslogd.conf
+#
+# if you experience problems, check:
+# http://www.rsyslog.com/troubleshoot
+
+#### MODULES ####
+
+module(load="imuxsock")    # local system logging support (e.g. via logger command)
+#module(load="imklog")     # kernel logging support (previously done by rklogd)
+module(load="immark")      # --MARK-- message support
+module(load="imudp")       # UDP listener support
+
+
+input(type="imudp" port="514")
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*                                                 action(type="omfile" file="/dev/console")
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                action(type="omfile" file="/var/log/messages")
+
+# The authpriv file has restricted access.
+authpriv.*                                              action(type="omfile" file="/var/log/secure")
+
+# Log all the mail messages in one place.
+mail.*                                                  action(type="omfile" file="/dev/console")
+
+# Log cron stuff
+cron.*                                                  action(type="omfile" file="/var/log/cron")
+
+# Everybody gets emergency messages
+*.emerg                                                 action(type="omusrmsg" users="*")
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          action(type="omfile" file="/var/log/spooler")
+
+# Save boot messages also to boot.log
+local7.*                                                action(type="omfile" file="/var/log/boot.log")
+
+# log every host in its own directory
+if $fromhost-ip then /var/log/$fromhost-ip/messages
+
+# Include all .conf files in /etc/rsyslog.d
+$IncludeConfig /etc/rsyslog.d/*.conf
+$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
+*.info;mail.none;authpriv.none;cron.none;*.* @@graylog:514;GRAYLOGRFC5424 # forward everything to remote server
diff --git a/rootfs/etc/services.d/rsyslog/run b/rootfs/etc/services.d/rsyslog/run
new file mode 100644
index 0000000..bf1bd9d
--- /dev/null
+++ b/rootfs/etc/services.d/rsyslog/run
@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+exec rsyslog -n