diff --git a/.gitattributesdb b/.gitattributesdb index 60d0b26..39e8172 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -113,7 +113,7 @@ ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - - ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - -ZXRjL3JzeXNsb2cuY29uZg== 1758295632 1747894670 root:root 0644 - - +ZXRjL3JzeXNsb2cuY29uZg== 1757785113 1757785113 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - - diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf index 2682e3c..e3caae5 100644 --- a/etc/rsyslog.conf +++ b/etc/rsyslog.conf @@ -1,72 +1,127 @@ -# rsyslog configuration file -# -# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html -# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html -# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html +# Load modules. +module(load="imudp") +module(load="imtcp") +module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd") -#### Global directives #### - -# Sets the directory that rsyslog uses for work files. -$WorkDirectory /var/lib/rsyslog - -# Sets default permissions for all log files. -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# Check config syntax on startup and abort if unclean (default off). -#$AbortOnUncleanConfig on - -# Reduce repeating messages (default off). -#$RepeatedMsgReduction on +# Global configuration. +global( + workDirectory="/var/lib/rsyslog" + #stdlog.channelspec="on" + maxMessageSize="16K" + senders.keepTrack="on" + senders.timeoutAfter="2419200" + senders.reportGoneAway="on" + senders.reportNew="on" +) -#### Modules #### +# Inputs. +input(type="imudp" port="25414" ruleset="syslog") +input(type="imudp" port="25415" ruleset="httplog") +input(type="imtcp" port="25414" ruleset="syslog") -# Provides --MARK-- message capability. -module(load="immark") -# Provides support for local system logging (e.g. via logger command). -module(load="imuxsock") +# Rulesets. +ruleset(name="syslog") { + set $.host = tolower(field($hostname, ".", 1)); + set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain")); + if ($app-name != "") then { + set $.proc = $app-name; + if ($procid != "" and $procid != "-") then { + set $.proc = '[' & $procid & ']'; + } + } else { + set $.proc = '-'; + } + if ($msgid != "") then { + set $.id = $msgid; + } else { + set $.id = '-'; + } -# Reads kernel messages. -module(load="imklog") + template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") -#### Config files #### +# FIXME: Log each facility to the AllHosts logs. Compression? + if prifilt("auth.*,authpriv.*") then { + action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" ) + } else if ... then { -# Include all config files in /etc/rsyslog.d/. + + + template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/ +%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + + + + if prifilt("*.info") then { + action(type="omfile" file="/var/log/info.log") + } +} + + + + +#template(name="SyslogLineFormat" type="list") { +# property(name="timereported" dateFormat="rfc3339" caseConversion="lower") # Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +# constant(value=" ") +# property(name="hostname") # Hostname +# constant(value=" ") +# property(name="syslogfacility") # Facility +# constant(value=".") +# property(name="syslogpriority") # Log priority +# constant(value=" ") +# property(name="syslogtag") # Syslog tag +# constant(value=": ") +# property(name="msg") # Message content +# constant(value="\n") +#} + + + + +#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/ +#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/ +# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n") + +#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/ +#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/ +# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n") + + + + +#VMWare: RFC 5424 + + + +# Parser. +#parser( +# name="FIXME" +# type="pmnormalize" +# rule=[ +# "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%", +# "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%" +# ] +#) + + +# Rules +#ruleset(name="outp" parser="custom.pmnormalize") { +# action(type="omfile" File="/tmp/output") +#} + + +# Outputs. +action(type="omfile" file="/tmp/messages" template="LogLineSingleHost") + + + +# Include additional configurations. include(file="/etc/rsyslog.d/*.conf" mode="optional") -#### Rules #### -*.* /var/log/everything - -# Log all kernel messages to kern.log. -kern.* /var/log/kern.log - -# Log anything (except mail) of level info or higher. -# Don't log private authentication messages! -# NOTE: The minus sign in front of filename disables buffer flush. -*.info;authpriv.none;cron.none;kern.none;mail.none -/var/log/messages - -# The authpriv file has restricted access. -authpriv.* /var/log/auth.log - -# Log all the mail messages in one place. -mail.* -/var/log/mail.log - -# Log cron stuff. -cron.* -/var/log/cron.log - -# Everybody gets emergency messages. -*.emerg :omusrmsg:* - -# Log all kernel messages to the console. -# Logging much else clutters up the screen. -#kern.* /dev/console ### Examples #### @@ -86,11 +141,3 @@ cron.* -/var/log/cron.log # action.resumeRetryCount="-1" # action.resumeInterval="30" #) - -# Receive messages from remote host via UDP -# for parameters see http://www.rsyslog.com/doc/imudp.html -#module(load="imudp") # needs to be done just once -#input( -# type="imudp" -# port="514" -#)