48 lines
2.0 KiB
Plaintext
48 lines
2.0 KiB
Plaintext
# rsyslogd.conf
|
|
#
|
|
# if you experience problems, check:
|
|
# http://www.rsyslog.com/troubleshoot
|
|
|
|
#### MODULES ####
|
|
|
|
module(load="imuxsock") # local system logging support (e.g. via logger command)
|
|
#module(load="imklog") # kernel logging support (previously done by rklogd)
|
|
module(load="immark") # --MARK-- message support
|
|
module(load="imudp") # UDP listener support
|
|
|
|
|
|
input(type="imudp" port="514")
|
|
|
|
# Log all kernel messages to the console.
|
|
# Logging much else clutters up the screen.
|
|
#kern.* action(type="omfile" file="/dev/console")
|
|
|
|
# Log anything (except mail) of level info or higher.
|
|
# Don't log private authentication messages!
|
|
*.info;mail.none;authpriv.none;cron.none action(type="omfile" file="/var/log/messages")
|
|
|
|
# The authpriv file has restricted access.
|
|
authpriv.* action(type="omfile" file="/var/log/secure")
|
|
|
|
# Log all the mail messages in one place.
|
|
mail.* action(type="omfile" file="/dev/console")
|
|
|
|
# Log cron stuff
|
|
cron.* action(type="omfile" file="/var/log/cron")
|
|
|
|
# Everybody gets emergency messages
|
|
*.emerg action(type="omusrmsg" users="*")
|
|
|
|
# Save news errors of level crit and higher in a special file.
|
|
uucp,news.crit action(type="omfile" file="/var/log/spooler")
|
|
|
|
# Save boot messages also to boot.log
|
|
local7.* action(type="omfile" file="/var/log/boot.log")
|
|
|
|
# log every host in its own directory
|
|
if $fromhost-ip then /var/log/$fromhost-ip/messages
|
|
|
|
# Include all .conf files in /etc/rsyslog.d
|
|
$IncludeConfig /etc/rsyslog.d/*.conf
|
|
$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
|
|
*.info;mail.none;authpriv.none;cron.none;*.* @@graylog:514;GRAYLOGRFC5424 # forward everything to remote server |