# rsyslog configuration file # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html # or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html #### GLOBAL DIRECTIVES #### # Where to place auxiliary files global(workDirectory="/var/lib/rsyslog") #### MODULES #### # Use default timestamp format module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") module(load="imuxsock" # provides support for local system logging (e.g. via logger command) SysSock.Use="off") # Turn off message reception via local log socket; # local messages are retrieved through imjournal now. module(load="imjournal" # provides access to the systemd journal UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from FileCreateMode="0644" # Set the access permissions for the state file StateFile="imjournal.state") # File to store the position in the journal # Include all config files in /etc/rsyslog.d/ include(file="/etc/rsyslog.d/*.conf" mode="optional") #module(load="imklog") # reads kernel messages (the same are read from journald) #module(load="immark") # provides --MARK-- message capability # Provides UDP syslog reception # for parameters see http://www.rsyslog.com/doc/imudp.html #module(load="imudp") # needs to be done just once #input(type="imudp" port="514") # Provides TCP syslog reception # for parameters see http://www.rsyslog.com/doc/imtcp.html #module(load="imtcp") # needs to be done just once #input(type="imtcp" port="514") #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* action(type="omfile" file="/dev/console") # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none action(type="omfile" file="/var/log/messages") # The authpriv file has restricted access. authpriv.* action(type="omfile" file="/var/log/secure") # Log all the mail messages in one place. mail.* action(type="omfile" file="/var/log/maillog" sync="on") # Log cron stuff cron.* action(type="omfile" file="/var/log/cron") # Everybody gets emergency messages *.emerg action(type="omusrmsg" users="*") # Save news errors of level crit and higher in a special file. uucp,news.crit action(type="omfile" file="/var/log/spooler") # Save boot messages also to boot.log local7.* action(type="omfile" file="/var/log/boot.log") # ### sample forwarding rule ### #action(type="omfwd" # # An on-disk queue is created for this action. If the remote host is # # down, messages are spooled to disk and sent when it is up again. #queue.filename="fwdRule1" # unique name prefix for spool files #queue.maxdiskspace="1g" # 1gb space limit (use as much as possible) #queue.saveonshutdown="on" # save messages to disk on shutdown #queue.type="LinkedList" # run asynchronously #action.resumeRetryCount="-1" # infinite retries if host is down # # Remote Logging (we use TCP for reliable delivery) # # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514 #Target="remote_host" Port="XXX" Protocol="tcp")