rsyslog.conf.

2025-10-29 17:08:38 +00:00 · 2025-10-29 17:08:38 +00:00 · bcc9130fa8
commit bcc9130fa8
parent 300875d8a6
2 changed files with 97 additions and 0 deletions
--- a/etc/rsyslog.conf
+++ b/etc/rsyslog.conf
@ -0,0 +1,96 @@
+# rsyslog configuration file
+#
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
+
+#### Global directives ####
+
+# Sets the directory that rsyslog uses for work files.
+$WorkDirectory /var/lib/rsyslog
+
+# Sets default permissions for all log files.
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+# Check config syntax on startup and abort if unclean (default off).
+#$AbortOnUncleanConfig on
+
+# Reduce repeating messages (default off).
+#$RepeatedMsgReduction on
+
+
+#### Modules ####
+
+# Provides --MARK-- message capability.
+module(load="immark")
+
+# Provides support for local system logging (e.g. via logger command).
+module(load="imuxsock")
+
+# Reads kernel messages.
+module(load="imklog")
+
+#### Config files ####
+
+# Include all config files in /etc/rsyslog.d/.
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+#### Rules ####
+
+*.*							/var/log/everything
+
+# Log all kernel messages to kern.log.
+kern.*							/var/log/kern.log
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+# NOTE: The minus sign in front of filename disables buffer flush.
+*.info;authpriv.none;cron.none;kern.none;mail.none	-/var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*						/var/log/auth.log
+
+# Log all the mail messages in one place.
+mail.*							-/var/log/mail.log
+
+# Log cron stuff.
+cron.*							-/var/log/cron.log
+
+# Everybody gets emergency messages.
+*.emerg							:omusrmsg:*
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*							/dev/console
+
+
+### Examples ####
+
+# Send all logs to remote syslog via UDP.
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#*.* action(
+#	type="omfwd"
+#	target="192.168.0.1"
+#	port="514"
+#	protocol="udp"
+#	queue.filename="fwdRule1"  # unique name prefix for spool files
+#	queue.type="LinkedList"
+#	queue.maxDiskSpace="256m"
+#	queue.saveOnShutdown="on"
+#	action.resumeRetryCount="-1"
+#	action.resumeInterval="30"
+#)
+
+# Receive messages from remote host via UDP
+# for parameters see http://www.rsyslog.com/doc/imudp.html
+#module(load="imudp")  # needs to be done just once
+#input(
+#	type="imudp"
+#	port="514"
+#)