From bcc9130fa811989309ab272c5857de61c6606629 Mon Sep 17 00:00:00 2001
From: Darren 'Tadgy' Austin <darren@afterdark.org.uk>
Date: Wed, 29 Oct 2025 17:08:38 +0000
Subject: [PATCH] rsyslog.conf.

---
 .gitattributesdb |  1 +
 etc/rsyslog.conf | 96 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 97 insertions(+)
 create mode 100644 etc/rsyslog.conf

diff --git a/.gitattributesdb b/.gitattributesdb
index 4b037b7..a6b4adc 100644
--- a/.gitattributesdb
+++ b/.gitattributesdb
@@ -57,6 +57,7 @@ ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - -
 ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - -
 ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - -
 ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - -
+ZXRjL3JzeXNsb2cuY29uZg== 1758295632 1747894670 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - -
diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf
new file mode 100644
index 0000000..2682e3c
--- /dev/null
+++ b/etc/rsyslog.conf
@@ -0,0 +1,96 @@
+# rsyslog configuration file
+#
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
+
+#### Global directives ####
+
+# Sets the directory that rsyslog uses for work files.
+$WorkDirectory /var/lib/rsyslog
+
+# Sets default permissions for all log files.
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+# Check config syntax on startup and abort if unclean (default off).
+#$AbortOnUncleanConfig on
+
+# Reduce repeating messages (default off).
+#$RepeatedMsgReduction on
+
+
+#### Modules ####
+
+# Provides --MARK-- message capability.
+module(load="immark")
+
+# Provides support for local system logging (e.g. via logger command).
+module(load="imuxsock")
+
+# Reads kernel messages.
+module(load="imklog")
+
+#### Config files ####
+
+# Include all config files in /etc/rsyslog.d/.
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+#### Rules ####
+
+*.*							/var/log/everything
+
+# Log all kernel messages to kern.log.
+kern.*							/var/log/kern.log
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+# NOTE: The minus sign in front of filename disables buffer flush.
+*.info;authpriv.none;cron.none;kern.none;mail.none	-/var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*						/var/log/auth.log
+
+# Log all the mail messages in one place.
+mail.*							-/var/log/mail.log
+
+# Log cron stuff.
+cron.*							-/var/log/cron.log
+
+# Everybody gets emergency messages.
+*.emerg							:omusrmsg:*
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*							/dev/console
+
+
+### Examples ####
+
+# Send all logs to remote syslog via UDP.
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#*.* action(
+#	type="omfwd"
+#	target="192.168.0.1"
+#	port="514"
+#	protocol="udp"
+#	queue.filename="fwdRule1"  # unique name prefix for spool files
+#	queue.type="LinkedList"
+#	queue.maxDiskSpace="256m"
+#	queue.saveOnShutdown="on"
+#	action.resumeRetryCount="-1"
+#	action.resumeInterval="30"
+#)
+
+# Receive messages from remote host via UDP
+# for parameters see http://www.rsyslog.com/doc/imudp.html
+#module(load="imudp")  # needs to be done just once
+#input(
+#	type="imudp"
+#	port="514"
+#)