Update logfile configurations.

2026-03-30 14:55:19 +00:00 · 2026-03-30 14:55:19 +00:00 · 44b93b9422
commit 44b93b9422
parent 9f1e0b51c8
17 changed files with 287 additions and 127 deletions
--- a/.gitattributesdb
+++ b/.gitattributesdb
@ -341,6 +341,44 @@ ZXRjL2xkYXAvc2NoZW1hL3JmYzIzMDdiaXMuc2NoZW1h 1759835660.000000000 1759835660.000
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 ZXRjL2xvZ2luLmRlZnM= 1771509215.801996599 1745058028.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 ZXRjL2xvZ3JvdGF0ZS5jb25m 1774126916.834604932 1773949445.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL2FsdGVybmF0aXZlcw== 1774879964.524246639 1736567071.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL2FwYWNoZTI= 1774879843.654206932 1771512073.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL2FwdA== 1774880481.903855753 1753012285.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL2J0bXA= 1774880027.579223999 1773949445.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL2Rwa2c= 1774880076.286434085 1736567071.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3BocDguNC1mcG0= 1774880108.513911418 1771512192.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXM= 1774880202.364389342 1773502158.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXMtYWxlcnRtYW5hZ2Vy 1774880211.284244673 1773502158.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXMtbm9kZS1leHBvcnRlcg== 1774880189.240602186 1771512342.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3JzeXNsb2c= 1774880765.223259890 1771512334.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3d0bXA= 1774880296.026870307 1773949445.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 bG9ncm90YXRlLmQ=  - -
 ZXRjL2xvZ3JvdGF0ZS5kL3d0bXBkYg== 1774880340.794144279 1771511324.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 ZXRjL21vdGQ= 1774109784.320927406 1756052400.000000000 root:root 0644 - -
 ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
 ZXRjL21zbXRwLWFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - -
@ -540,36 +578,36 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526.000000000 1758224526.000000000 root:
 b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
 c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
 b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543.000000000 1757590543.000000000 root:root 0755 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 cm9vdC8uYmFzaHJj 1758887027.000000000 1757586493.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 cm9vdC8uZ2l0aWdub3Jl 1774104492.728356672 1757600312.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 LmxvY2Fs  - -
 c2hhcmU=  - -
 bmFubw==  - -
 cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 LnNzaA==  - -
 cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 LnNzaA==  - -
 cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - -
-cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
+cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
 c3R1ZmYtdG8ta2VlcA==  - -
 cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - -
 dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -
--- a/etc/dehydrated/hooks/default
+++ b/etc/dehydrated/hooks/default
@ -8,7 +8,7 @@
 # Where the copies of the current certificates/keys should be placed.  Comment for no copying.
 CERTSDIR="/etc/certificates"
 # The syslog facility and tag to use.  Comment for no sysloging.
-SYSLOG_FACILITY="local1"
+SYSLOG_FACILITY="lpr"
 SYSLOG_TAG="dehydrated-hooks"
 # Where from/to to send emails.  Comment for no emailing.
 EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" <noreply@slackware.uk.net>"
--- a/etc/krb5.conf
+++ b/etc/krb5.conf
@ -1,5 +1,5 @@
 [logging]
-default = SYSLOG:WARNING:local2
+default = SYSLOG:WARNING:news
 [libdefaults]
 ccache_type = 4
--- a/etc/logrotate.conf
+++ b/etc/logrotate.conf
@ -0,0 +1,25 @@
 # Rotate log files on a monthly basis.
 monthly
 # Name files based upon the year/month they are rotated.
 dateext
 dateformat -%Y-%m
 dateyesterday
 # Compress rotated logs.
 compress
 # Keep 5 years of old logs (just to be sure).
 rotate 60
 # Move rotated logs to this directory.
 olddir /var/log/Archived
 # After rotating, create new (empty) files with the same owner/perms.
 create
 # E-mail logs which are about to be deleted to this address.
 mail sysadmin@slackware.uk
 # Read log specific configurations.
 include /etc/logrotate.d
--- a/etc/logrotate.d/alternatives
+++ b/etc/logrotate.d/alternatives
@ -0,0 +1,4 @@
 /var/log/alternatives.log {
  missingok
  notifempty
 }
--- a/etc/logrotate.d/apache2
+++ b/etc/logrotate.d/apache2
@ -0,0 +1 @@
 # This file is intentionally empty to prevent new packages re-creating the original content.
--- a/etc/logrotate.d/apt
+++ b/etc/logrotate.d/apt
@ -0,0 +1,15 @@
 /var/log/apt/eipp.log.xz {
  missingok
  nocompress
  notifempty
 }
 /var/log/apt/term.log {
  missingok
  notifempty
 }
 /var/log/apt/history.log {
  missingok
  notifempty
 }
--- a/etc/logrotate.d/btmp
+++ b/etc/logrotate.d/btmp
@ -0,0 +1,3 @@
 /var/log/btmp {
  missingok
 }
--- a/etc/logrotate.d/dpkg
+++ b/etc/logrotate.d/dpkg
@ -0,0 +1,4 @@
 /var/log/dpkg.log {
  missingok
  notifempty
 }
--- a/etc/logrotate.d/php8.4-fpm
+++ b/etc/logrotate.d/php8.4-fpm
@ -0,0 +1 @@
 # This file is intentionally empty to prevent new packages re-creating the original content.
--- a/etc/logrotate.d/prometheus
+++ b/etc/logrotate.d/prometheus
@ -0,0 +1,5 @@
 /var/log/prometheus/prometheus.log {
  copytruncate
  notifempty
  missingok
 }
--- a/etc/logrotate.d/prometheus-alertmanager
+++ b/etc/logrotate.d/prometheus-alertmanager
@ -0,0 +1,5 @@
 /var/log/prometheus/prometheus-alertmanager.log {
  copytruncate
  notifempty
  missingok
 }
--- a/etc/logrotate.d/prometheus-node-exporter
+++ b/etc/logrotate.d/prometheus-node-exporter
@ -0,0 +1,5 @@
 /var/log/prometheus/prometheus-node-exporter.log {
  copytruncate
  notifempty
  missingok
 }
--- a/etc/logrotate.d/rsyslog
+++ b/etc/logrotate.d/rsyslog
@ -0,0 +1,9 @@
 /var/log/auth /var/log/crond /var/log/messages /var/log/ftpd /var/log/kernel /var/log/dehydrated /var/log/smtpd /var/log/kerberos /var/log/named /var/log/samba/samba /var/log/rsyncd /var/log/php /var/log/httpd /var/log/ERROR /var/log/EMERG /var/log/DEBUG {
 {
  missingok
  notifempty
  sharedscripts
  postrotate
    /usr/lib/rsyslog/rsyslog-rotate
  endscript
 }
--- a/etc/logrotate.d/wtmp
+++ b/etc/logrotate.d/wtmp
@ -0,0 +1,4 @@
 /var/log/wtmp {
  notifempty
  missingok
 }
--- a/etc/logrotate.d/wtmpdb
+++ b/etc/logrotate.d/wtmpdb
@ -0,0 +1,4 @@
 /var/log/wtmp.db {
  notifempty
  missingok
 }
--- a/etc/rsyslog.conf
+++ b/etc/rsyslog.conf
@ -1,143 +1,180 @@
 # VMWare: RFC5424 message format.
 # Load modules.
 module(load="imuxsock" sysSock.usePIDFromSystem="on")
 module(load="imudp")
 module(load="imtcp")
-module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
+module(load="imfile" Mode="inotify")
-
+module(load="builtin:omfile" dirCreateMode="0755" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0644" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
 # Global configuration.
 global(
-  workDirectory="/var/lib/rsyslog"
+  workDirectory="/var/spool/rsyslog"
  #stdlog.channelspec="on"
  maxMessageSize="16K"
  senders.keepTrack="on"
  senders.timeoutAfter="2419200"
  senders.reportGoneAway="on"
  senders.reportNew="on"
  parser.permitSlashInProgramName="on"
 )
-# Inputs.
+# Templates.
-input(type="imudp" port="25414" ruleset="syslog")
+# For the log lines.
-input(type="imudp" port="25415" ruleset="httplog")
+# The format for any version of message received is:
-input(type="imtcp" port="25414" ruleset="syslog")
+# <date> <short-hostname> <facility>.<severity> <msgid> <tag> <message>
 # Where <msgid> may be '-' for none, and <tag> is either the message's "tag", "app-name", or '-' for none.
 template(name="localLogLine" type="string" string="%timereported% %$.host% %syslogfacility-text%.%syslogseverity-text% %$.id% %$.tag%%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
 template(name="centralLogLine" type="string" string="%timereported:::date-utc% %$.host% %syslogfacility-text%.%syslogseverity-text% %$.id% %$.tag%%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
 # For the logfile locations.
 template(name="localFile" type="string" string="/var/log/%$.logfile%")
 template(name="centralFile" type="string" string="/data/logs/%$.fqdn%/%timegenerated:1:4:date-utc,date-rfc3339%/%timegenerated:6:7:date-utc,date-rfc3339%/%timegenerated:9:10:date-utc,date-rfc3339%/%$.logfile%")
-
+# Rulesets.  Must be defined before inputs that use them.
-# Rulesets.
+ruleset(name="localSyslog") {
-ruleset(name="syslog") {
+  # Use the host's lowercased FQDN.
-  set $.host = tolower(field($hostname, ".", 1));
+  set $.fqdn = tolower("core.slackware.uk.net");
-  set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain"));
+  # Extract the hostname part of the FQDN the message was receieved from.
-  if ($app-name != "") then {
+  set $.host = field($.fqdn, ".", 1);
-    set $.proc = $app-name;
+  # Hack for RFC3164 messages that do not contain a 'tag' (usually the process name and ID ending in :).
-    if ($procid != "" and $procid != "-") then {
+  if ($syslogtag == "") then {
-      set $.proc = '[' & $procid & ']';
+    set $.tag = "-:";
    }
  } else {
-    set $.proc = '-';
+    set $.tag = $syslogtag;
  }
-  if ($msgid != "") then {
+  # Hack for messages that do not contain a 'msgid'.
  if ($msgid == "") then {
    set $.id = "-";
  } else {
    set $.id = $msgid;
  } else {
    set $.id = '-';
  }
-  template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+  # Direct the message to the correct log(s).
-  template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+  if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
  if prifilt("cron.*") then set $.logfile = "crond";
  if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $.logfile = "messages";
  if prifilt("ftp.*") then set $.logfile = "ftpd";
  if prifilt("kern.*") then set $.logfile = "kernel";
  if prifilt("lpr.*") then set $.logfile = "dehydrated";
  if prifilt("mail.*") then set $.logfile = "smtpd";
  if prifilt("news.*") then set $.logfile = "kerberos";
  if prifilt("local3.*") then set $.logfile = "named";
 # FIXME: Correct logfile for samba?
  if prifilt("local4.*") then set $.logfile = "samba/samba";
  if prifilt("local5.*") then set $.logfile = "rsyncd";
  if prifilt("local6.*") then set $.logfile = "php";
  if prifilt("local7.*") then set $.logfile = "httpd";
 # For next release of rsyslog:
 #  set $.ret = parse_json('[]', "\$!logfiles");
 #  if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
 #  if prifilt("cron.*") then set $!logfiles = append_json($!logfiles, "crond");
 #  if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $!logfiles = append_json($!logfiles, "messages");
 #  if prifilt("ftp.*") then set $!logfiles = append_json($!logfiles, "ftpd");
 #  if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
 #  if prifilt("lpr.*") then set $!logfiles = append_json($!logfiles, "dehydrated");
 #  if prifilt("mail.*") then set $!logfiles = append_json($!logfiles, "smtpd");
 #  if prifilt("news.*") then set $!logfiles = append_json($!logfiles, "kerberos");
 #  if prifilt("local3.*") then set $!logfiles = append_json($!logfiles, "named");
 #  if prifilt("local4.*") then set $!logfiles = append_json($!logfiles, "samba/samba");
 #  if prifilt("local5.*") then set $!logfiles = append_json($!logfiles, "rsyncd");
 #  if prifilt("local6.*") then set $!logfiles = append_json($!logfiles, "php");
 #  if prifilt("local7.*") then set $!logfiles = append_json($!logfiles, "httpd");
 #  if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
 #  if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
 #  if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
-# FIXME: Log each facility to the AllHosts logs.  Compression?
+  # Write the logs.
-  if prifilt("auth.*,authpriv.*") then {
+#  foreach ($.logfile in $!logfiles) do {
-    action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" )
+    action(type="omfile" dynaFile="localFile" template="localLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
-  } else if ... then {
+    action(type="omfile" dynaFile="centralFile" template="centralLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
-
+#  }
  template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/
 %timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
    if prifilt("*.info") then {
        action(type="omfile" file="/var/log/info.log")
    }
 }
 ruleset(name="remoteSyslog") {
  # Use the incoming host's lowercased FQDN.
  set $.fqdn = tolower($fromhost);
  # Extract the hostname part of the FQDN the message was receieved from.
  set $.host = field($.fqdn, ".", 1);
  # Hack for RFC5424 messages that do not contain an app-name or procid.
  if ($app-name == "") then {
    if ($syslogtag == "") then {
      set $.tag = "-";
    } else {
      set $.tag = $syslogtag;
    }
  } else {
    if ($procid == "") then {
      set $.tag = $app-name;
    } else {
      set $.tag = $app-name & '[' & $procid & ']';
    }
  }
  # Hack for messages that do not contain a 'msgid'.
  if ($msgid == "") then {
    set $.id = "-";
  } else {
    set $.id = $msgid;
  }
  # Direct the message to the correct log(s).
  if (re_match_i($.host, '^(esx[[:alnum:]]|vcsa)$')) then {
    if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
    if prifilt("cron.*,daemon.*,ftp.*,lpr.*,news.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*,local3.*,local4.*,local5.*,local6.*,local7.*") then set $.logfile = "messages";
    if prifilt("kern.*") then set $.logfile = "kernel";
    if prifilt("mail.*") then set $.logfile = "mail";
 # For next release of rsyslog:
 #    if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
 #    if prifilt("cron.*,daemon.*,ftp.*,lpr.*,news.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*,local3.*,local4.*,local5.*,local6.*,local7.*") then set $!logfiles = append_json($!logfiles, "messages");
 #    if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
 #    if prifilt("mail.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "mail");
 #    if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
 #    if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
 #    if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
  } else {
    if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
    if prifilt("cron.*") then set $.logfile = "crond";
    if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $.logfile = "messages";
    if prifilt("ftp.*") then set $.logfile = "ftpd";
    if prifilt("kern.*") then set $.logfile = "kernel";
    if prifilt("lpr.*") then set $.logfile = "dehydrated";
    if prifilt("mail.*") then set $.logfile = "smtpd";
    if prifilt("news.*") then set $.logfile = "kerberos";
    if prifilt("local3.*") then set $.logfile = "named";
    if prifilt("local4.*") then set $.logfile = "samba/samba";
    if prifilt("local5.*") then set $.logfile = "rsyncd";
    if prifilt("local6.*") then set $.logfile = "php";
    if prifilt("local7.*") then set $.logfile = "httpd";
 # For next release of rsyslog:
 #    set $.ret = parse_json('[]', "\$!logfiles");
 #    if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
 #    if prifilt("cron.*") then set $!logfiles = append_json($!logfiles, "crond");
 #    if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $!logfiles = append_json($!logfiles, "messages");
 #    if prifilt("ftp.*") then set $!logfiles = append_json($!logfiles, "ftpd");
 #    if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
 #    if prifilt("lpr.*") then set $!logfiles = append_json($!logfiles, "dehydrated");
 #    if prifilt("mail.*") then set $!logfiles = append_json($!logfiles, "smtpd");
 #    if prifilt("news.*") then set $!logfiles = append_json($!logfiles, "kerberos");
 #    if prifilt("local3.*") then set $!logfiles = append_json($!logfiles, "named");
 #    if prifilt("local4.*") then set $!logfiles = append_json($!logfiles, "samba/samba");
 #    if prifilt("local5.*") then set $!logfiles = append_json($!logfiles, "rsyncd");
 #    if prifilt("local6.*") then set $!logfiles = append_json($!logfiles, "php");
 #    if prifilt("local7.*") then set $!logfiles = append_json($!logfiles, "httpd");
 #    if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
 #    if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
 #    if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
  }
  # Write the logs.
 #  foreach ($.logfile in $!logfiles) do {
    action(type="omfile" dynaFile="centralFile" template="centralLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
 #  }
 }
-#template(name="SyslogLineFormat" type="list") {
+# Inputs.
-#  property(name="timereported" dateFormat="rfc3339" caseConversion="lower")		# Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+input(type="imuxsock" socket="/dev/log" usePIDFromSystem="on" ruleset="localSyslog")
-#  constant(value=" ")
+input(type="imudp" port="25414" ruleset="remoteSyslog")
-#  property(name="hostname")								# Hostname
+input(type="imtcp" port="25414" ruleset="remoteSyslog")
 #  constant(value=" ")
 #  property(name="syslogfacility")							# Facility
 #  constant(value=".")
 #  property(name="syslogpriority")							# Log priority
 #  constant(value=" ")
 #  property(name="syslogtag")								# Syslog tag
 #  constant(value=": ")
 #  property(name="msg")									# Message content
 #  constant(value="\n")
 #}
 #template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/
 #%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
 # %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
 #template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/
 #%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
 # %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
 #VMWare: RFC 5424
 # Parser.
 #parser(
 #  name="FIXME"
 #  type="pmnormalize"
 #  rule=[
 #    "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%",
 #    "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%"
 #  ]
 #)
 # Rules
 #ruleset(name="outp" parser="custom.pmnormalize") {
 #   action(type="omfile" File="/tmp/output")
 #}
 # Outputs.
 action(type="omfile" file="/tmp/messages" template="LogLineSingleHost")
 # Include additional configurations.
 include(file="/etc/rsyslog.d/*.conf" mode="optional")
 ### Examples ####
 # Send all logs to remote syslog via UDP.
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
 #*.* action(
 #	type="omfwd"
 #	target="192.168.0.1"
 #	port="514"
 #	protocol="udp"
 #	queue.filename="fwdRule1"  # unique name prefix for spool files
 #	queue.type="LinkedList"
 #	queue.maxDiskSpace="256m"
 #	queue.saveOnShutdown="on"
 #	action.resumeRetryCount="-1"
 #	action.resumeInterval="30"
 #)
		`@ -0,0 +1 @@`
							`# This file is intentionally empty to prevent new packages re-creating the original content.`