Slackware/system-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update logfile configurations.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2026-03-30 14:55:19 +00:00
commit 44b93b9422
17 changed files with 287 additions and 127 deletions
Download patch file Download diff file Expand all files Collapse all files

62
.gitattributesdb
View file

@ -341,6 +341,44 @@ ZXRjL2xkYXAvc2NoZW1hL3JmYzIzMDdiaXMuc2NoZW1h 1759835660.000000000 1759835660.000
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
ZXRjL2xvZ2luLmRlZnM= 1771509215.801996599 1745058028.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
ZXRjL2xvZ3JvdGF0ZS5jb25m 1774126916.834604932 1773949445.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL2FsdGVybmF0aXZlcw== 1774879964.524246639 1736567071.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL2FwYWNoZTI= 1774879843.654206932 1771512073.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL2FwdA== 1774880481.903855753 1753012285.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL2J0bXA= 1774880027.579223999 1773949445.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL2Rwa2c= 1774880076.286434085 1736567071.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3BocDguNC1mcG0= 1774880108.513911418 1771512192.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXM= 1774880202.364389342 1773502158.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXMtYWxlcnRtYW5hZ2Vy 1774880211.284244673 1773502158.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3Byb21ldGhldXMtbm9kZS1leHBvcnRlcg== 1774880189.240602186 1771512342.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3JzeXNsb2c= 1774880765.223259890 1771512334.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3d0bXA= 1774880296.026870307 1773949445.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
bG9ncm90YXRlLmQ= - -
ZXRjL2xvZ3JvdGF0ZS5kL3d0bXBkYg== 1774880340.794144279 1771511324.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
ZXRjL21vdGQ= 1774109784.320927406 1756052400.000000000 root:root 0644 - -
ZXRj 1774881279.806906802 1771501908.000000000 root:root 0755 - -
ZXRjL21zbXRwLWFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - -
@ -540,36 +578,36 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526.000000000 1758224526.000000000 root:
b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543.000000000 1757590543.000000000 root:root 0755 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
cm9vdC8uYmFzaHJj 1758887027.000000000 1757586493.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
cm9vdC8uZ2l0aWdub3Jl 1774104492.728356672 1757600312.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
LmxvY2Fs - -
c2hhcmU= - -
bmFubw== - -
cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
LnNzaA== - -
cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
LnNzaA== - -
cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
c3R1ZmYtdG8ta2VlcA== - -
cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
c3R1ZmYtdG8ta2VlcA== - -
cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - -
cm9vdA== 1774880600.237936610 1771512801.616005200 root:root 0755 - -
cm9vdA== 1774882471.247517956 1771512801.616005200 root:root 0755 - -
c3R1ZmYtdG8ta2VlcA== - -
cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - -
dXNy 1774107718.754827355 1771501851.000000000 root:root 0755 - -

2
etc/dehydrated/hooks/default
View file

@ -8,7 +8,7 @@
# Where the copies of the current certificates/keys should be placed. Comment for no copying.
CERTSDIR="/etc/certificates"
# The syslog facility and tag to use. Comment for no sysloging.
SYSLOG_FACILITY="local1"
SYSLOG_FACILITY="lpr"
SYSLOG_TAG="dehydrated-hooks"
# Where from/to to send emails. Comment for no emailing.
EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" <noreply@slackware.uk.net>"

2
etc/krb5.conf
View file

@ -1,5 +1,5 @@
[logging]
default = SYSLOG:WARNING:local2
default = SYSLOG:WARNING:news
[libdefaults]
ccache_type = 4

25
etc/logrotate.conf Normal file
View file

@ -0,0 +1,25 @@
# Rotate log files on a monthly basis.
monthly
# Name files based upon the year/month they are rotated.
dateext
dateformat -%Y-%m
dateyesterday
# Compress rotated logs.
compress
# Keep 5 years of old logs (just to be sure).
rotate 60
# Move rotated logs to this directory.
olddir /var/log/Archived
# After rotating, create new (empty) files with the same owner/perms.
create
# E-mail logs which are about to be deleted to this address.
mail sysadmin@slackware.uk
# Read log specific configurations.
include /etc/logrotate.d

4
etc/logrotate.d/alternatives Normal file
View file

@ -0,0 +1,4 @@
/var/log/alternatives.log {
missingok
notifempty
}

1
etc/logrotate.d/apache2 Normal file
View file

@ -0,0 +1 @@
# This file is intentionally empty to prevent new packages re-creating the original content.

15
etc/logrotate.d/apt Normal file
View file

@ -0,0 +1,15 @@
/var/log/apt/eipp.log.xz {
missingok
nocompress
notifempty
}
/var/log/apt/term.log {
missingok
notifempty
}
/var/log/apt/history.log {
missingok
notifempty
}

3
etc/logrotate.d/btmp Normal file
View file

@ -0,0 +1,3 @@
/var/log/btmp {
missingok
}

4
etc/logrotate.d/dpkg Normal file
View file

@ -0,0 +1,4 @@
/var/log/dpkg.log {
missingok
notifempty
}

1
etc/logrotate.d/php8.4-fpm Normal file
View file

@ -0,0 +1 @@
# This file is intentionally empty to prevent new packages re-creating the original content.

5
etc/logrotate.d/prometheus Normal file
View file

@ -0,0 +1,5 @@
/var/log/prometheus/prometheus.log {
copytruncate
notifempty
missingok
}

5
etc/logrotate.d/prometheus-alertmanager Normal file
View file

@ -0,0 +1,5 @@
/var/log/prometheus/prometheus-alertmanager.log {
copytruncate
notifempty
missingok
}

5
etc/logrotate.d/prometheus-node-exporter Normal file
View file

@ -0,0 +1,5 @@
/var/log/prometheus/prometheus-node-exporter.log {
copytruncate
notifempty
missingok
}

9
etc/logrotate.d/rsyslog Normal file
View file

@ -0,0 +1,9 @@
/var/log/auth /var/log/crond /var/log/messages /var/log/ftpd /var/log/kernel /var/log/dehydrated /var/log/smtpd /var/log/kerberos /var/log/named /var/log/samba/samba /var/log/rsyncd /var/log/php /var/log/httpd /var/log/ERROR /var/log/EMERG /var/log/DEBUG {
{
missingok
notifempty
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

4
etc/logrotate.d/wtmp Normal file
View file

@ -0,0 +1,4 @@
/var/log/wtmp {
notifempty
missingok
}

4
etc/logrotate.d/wtmpdb Normal file
View file

@ -0,0 +1,4 @@
/var/log/wtmp.db {
notifempty
missingok
}

263
etc/rsyslog.conf
View file

@ -1,143 +1,180 @@
# VMWare: RFC5424 message format.
# Load modules.
module(load="imuxsock" sysSock.usePIDFromSystem="on")
module(load="imudp")
module(load="imtcp")
module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
module(load="imfile" Mode="inotify")
module(load="builtin:omfile" dirCreateMode="0755" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0644" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
# Global configuration.
global(
workDirectory="/var/lib/rsyslog"
workDirectory="/var/spool/rsyslog"
#stdlog.channelspec="on"
maxMessageSize="16K"
senders.keepTrack="on"
senders.timeoutAfter="2419200"
senders.reportGoneAway="on"
senders.reportNew="on"
parser.permitSlashInProgramName="on"
)
# Inputs.
input(type="imudp" port="25414" ruleset="syslog")
input(type="imudp" port="25415" ruleset="httplog")
input(type="imtcp" port="25414" ruleset="syslog")
# Templates.
# For the log lines.
# The format for any version of message received is:
# <date> <short-hostname> <facility>.<severity> <msgid> <tag> <message>
# Where <msgid> may be '-' for none, and <tag> is either the message's "tag", "app-name", or '-' for none.
template(name="localLogLine" type="string" string="%timereported% %$.host% %syslogfacility-text%.%syslogseverity-text% %$.id% %$.tag%%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
template(name="centralLogLine" type="string" string="%timereported:::date-utc% %$.host% %syslogfacility-text%.%syslogseverity-text% %$.id% %$.tag%%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
# For the logfile locations.
template(name="localFile" type="string" string="/var/log/%$.logfile%")
template(name="centralFile" type="string" string="/data/logs/%$.fqdn%/%timegenerated:1:4:date-utc,date-rfc3339%/%timegenerated:6:7:date-utc,date-rfc3339%/%timegenerated:9:10:date-utc,date-rfc3339%/%$.logfile%")
# Rulesets.
ruleset(name="syslog") {
set $.host = tolower(field($hostname, ".", 1));
set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain"));
if ($app-name != "") then {
set $.proc = $app-name;
if ($procid != "" and $procid != "-") then {
set $.proc = '[' & $procid & ']';
}
# Rulesets. Must be defined before inputs that use them.
ruleset(name="localSyslog") {
# Use the host's lowercased FQDN.
set $.fqdn = tolower("core.slackware.uk.net");
# Extract the hostname part of the FQDN the message was receieved from.
set $.host = field($.fqdn, ".", 1);
# Hack for RFC3164 messages that do not contain a 'tag' (usually the process name and ID ending in :).
if ($syslogtag == "") then {
set $.tag = "-:";
} else {
set $.proc = '-';
set $.tag = $syslogtag;
}
if ($msgid != "") then {
# Hack for messages that do not contain a 'msgid'.
if ($msgid == "") then {
set $.id = "-";
} else {
set $.id = $msgid;
} else {
set $.id = '-';
}
template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
# Direct the message to the correct log(s).
if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
if prifilt("cron.*") then set $.logfile = "crond";
if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $.logfile = "messages";
if prifilt("ftp.*") then set $.logfile = "ftpd";
if prifilt("kern.*") then set $.logfile = "kernel";
if prifilt("lpr.*") then set $.logfile = "dehydrated";
if prifilt("mail.*") then set $.logfile = "smtpd";
if prifilt("news.*") then set $.logfile = "kerberos";
if prifilt("local3.*") then set $.logfile = "named";
# FIXME: Correct logfile for samba?
if prifilt("local4.*") then set $.logfile = "samba/samba";
if prifilt("local5.*") then set $.logfile = "rsyncd";
if prifilt("local6.*") then set $.logfile = "php";
if prifilt("local7.*") then set $.logfile = "httpd";
# For next release of rsyslog:
# set $.ret = parse_json('[]', "\$!logfiles");
# if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
# if prifilt("cron.*") then set $!logfiles = append_json($!logfiles, "crond");
# if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $!logfiles = append_json($!logfiles, "messages");
# if prifilt("ftp.*") then set $!logfiles = append_json($!logfiles, "ftpd");
# if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
# if prifilt("lpr.*") then set $!logfiles = append_json($!logfiles, "dehydrated");
# if prifilt("mail.*") then set $!logfiles = append_json($!logfiles, "smtpd");
# if prifilt("news.*") then set $!logfiles = append_json($!logfiles, "kerberos");
# if prifilt("local3.*") then set $!logfiles = append_json($!logfiles, "named");
# if prifilt("local4.*") then set $!logfiles = append_json($!logfiles, "samba/samba");
# if prifilt("local5.*") then set $!logfiles = append_json($!logfiles, "rsyncd");
# if prifilt("local6.*") then set $!logfiles = append_json($!logfiles, "php");
# if prifilt("local7.*") then set $!logfiles = append_json($!logfiles, "httpd");
# if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
# if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
# if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
# FIXME: Log each facility to the AllHosts logs. Compression?
if prifilt("auth.*,authpriv.*") then {
action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" )
} else if ... then {
template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/
%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
if prifilt("*.info") then {
action(type="omfile" file="/var/log/info.log")
}
# Write the logs.
# foreach ($.logfile in $!logfiles) do {
action(type="omfile" dynaFile="localFile" template="localLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
action(type="omfile" dynaFile="centralFile" template="centralLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
# }
}
ruleset(name="remoteSyslog") {
# Use the incoming host's lowercased FQDN.
set $.fqdn = tolower($fromhost);
# Extract the hostname part of the FQDN the message was receieved from.
set $.host = field($.fqdn, ".", 1);
# Hack for RFC5424 messages that do not contain an app-name or procid.
if ($app-name == "") then {
if ($syslogtag == "") then {
set $.tag = "-";
} else {
set $.tag = $syslogtag;
}
} else {
if ($procid == "") then {
set $.tag = $app-name;
} else {
set $.tag = $app-name & '[' & $procid & ']';
}
}
# Hack for messages that do not contain a 'msgid'.
if ($msgid == "") then {
set $.id = "-";
} else {
set $.id = $msgid;
}
# Direct the message to the correct log(s).
if (re_match_i($.host, '^(esx[[:alnum:]]|vcsa)$')) then {
if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
if prifilt("cron.*,daemon.*,ftp.*,lpr.*,news.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*,local3.*,local4.*,local5.*,local6.*,local7.*") then set $.logfile = "messages";
if prifilt("kern.*") then set $.logfile = "kernel";
if prifilt("mail.*") then set $.logfile = "mail";
# For next release of rsyslog:
# if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
# if prifilt("cron.*,daemon.*,ftp.*,lpr.*,news.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*,local3.*,local4.*,local5.*,local6.*,local7.*") then set $!logfiles = append_json($!logfiles, "messages");
# if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
# if prifilt("mail.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "mail");
# if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
# if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
# if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
} else {
if prifilt("auth.*,authpriv.*") then set $.logfile = "auth";
if prifilt("cron.*") then set $.logfile = "crond";
if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $.logfile = "messages";
if prifilt("ftp.*") then set $.logfile = "ftpd";
if prifilt("kern.*") then set $.logfile = "kernel";
if prifilt("lpr.*") then set $.logfile = "dehydrated";
if prifilt("mail.*") then set $.logfile = "smtpd";
if prifilt("news.*") then set $.logfile = "kerberos";
if prifilt("local3.*") then set $.logfile = "named";
if prifilt("local4.*") then set $.logfile = "samba/samba";
if prifilt("local5.*") then set $.logfile = "rsyncd";
if prifilt("local6.*") then set $.logfile = "php";
if prifilt("local7.*") then set $.logfile = "httpd";
# For next release of rsyslog:
# set $.ret = parse_json('[]', "\$!logfiles");
# if prifilt("auth.*,authpriv.*") then set $!logfiles = append_json($!logfiles, "auth");
# if prifilt("cron.*") then set $!logfiles = append_json($!logfiles, "crond");
# if prifilt("daemon.*,syslog.*,user.*,uucp.*,local0.*,local1.*,local2.*") then set $!logfiles = append_json($!logfiles, "messages");
# if prifilt("ftp.*") then set $!logfiles = append_json($!logfiles, "ftpd");
# if prifilt("kern.*") then set $!logfiles = append_json($!logfiles, "kernel");
# if prifilt("lpr.*") then set $!logfiles = append_json($!logfiles, "dehydrated");
# if prifilt("mail.*") then set $!logfiles = append_json($!logfiles, "smtpd");
# if prifilt("news.*") then set $!logfiles = append_json($!logfiles, "kerberos");
# if prifilt("local3.*") then set $!logfiles = append_json($!logfiles, "named");
# if prifilt("local4.*") then set $!logfiles = append_json($!logfiles, "samba/samba");
# if prifilt("local5.*") then set $!logfiles = append_json($!logfiles, "rsyncd");
# if prifilt("local6.*") then set $!logfiles = append_json($!logfiles, "php");
# if prifilt("local7.*") then set $!logfiles = append_json($!logfiles, "httpd");
# if prifilt("*.err,*.crit') then set $!logfiles = append_json($!logfiles, "ERROR");
# if prifilt("*.alert,*.emerg') then set $!logfiles = append_json($!logfiles, "EMERG");
# if prifilt("*.debug") then set $!logfiles = append_json($!logfiles, "DEBUG");
}
# Write the logs.
# foreach ($.logfile in $!logfiles) do {
action(type="omfile" dynaFile="centralFile" template="centralLogLine" asyncWriting="on" flushInterval="5" ioBufferSize="64k" createDirs="on")
# }
}
#template(name="SyslogLineFormat" type="list") {
# property(name="timereported" dateFormat="rfc3339" caseConversion="lower") # Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
# constant(value=" ")
# property(name="hostname") # Hostname
# constant(value=" ")
# property(name="syslogfacility") # Facility
# constant(value=".")
# property(name="syslogpriority") # Log priority
# constant(value=" ")
# property(name="syslogtag") # Syslog tag
# constant(value=": ")
# property(name="msg") # Message content
# constant(value="\n")
#}
#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/
#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/
#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
#VMWare: RFC 5424
# Parser.
#parser(
# name="FIXME"
# type="pmnormalize"
# rule=[
# "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%",
# "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%"
# ]
#)
# Rules
#ruleset(name="outp" parser="custom.pmnormalize") {
# action(type="omfile" File="/tmp/output")
#}
# Outputs.
action(type="omfile" file="/tmp/messages" template="LogLineSingleHost")
# Inputs.
input(type="imuxsock" socket="/dev/log" usePIDFromSystem="on" ruleset="localSyslog")
input(type="imudp" port="25414" ruleset="remoteSyslog")
input(type="imtcp" port="25414" ruleset="remoteSyslog")
# Include additional configurations.
include(file="/etc/rsyslog.d/*.conf" mode="optional")
### Examples ####
# Send all logs to remote syslog via UDP.
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#*.* action(
# type="omfwd"
# target="192.168.0.1"
# port="514"
# protocol="udp"
# queue.filename="fwdRule1" # unique name prefix for spool files
# queue.type="LinkedList"
# queue.maxDiskSpace="256m"
# queue.saveOnShutdown="on"
# action.resumeRetryCount="-1"
# action.resumeInterval="30"
#)