| # rsyslog v5: load input modules |
| # If you do not load inputs, nothing happens! |
| # You may need to set the module load path if modules are not found. |
| |
| $ModLoad immark.so # provides --MARK-- message capability |
| $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) |
| $ModLoad imklog.so # kernel logging (formerly provided by rklogd) |
| |
| # Include configuration files from directory |
| $IncludeConfig /etc/rsyslog.d/* |
| |
| # Check config syntax on startup and abort if unclean (default off) |
| #$AbortOnUncleanConfig on |
| |
| # Reduce repeating messages (default off) |
| #$RepeatedMsgReduction on |
| |
| # Log all kernel messages to the console. |
| # Logging much else clutters up the screen. |
| #kern.* /dev/console |
| |
| # Log anything (except mail) of level info or higher. |
| # Don't log private authentication messages! |
| *.info;mail.none;authpriv.none;cron.none -/var/log/messages |
| |
| # The authpriv file has restricted access. |
| authpriv.* /var/log/secure |
| |
| # Log all the mail messages in one place. |
| mail.* -/var/log/maillog |
| |
| # Log cron stuff |
| cron.* -/var/log/cron |
| |
| # Everybody gets emergency messages |
| *.emerg * |
| |
| # Save news errors of level crit and higher in a special file. |
| uucp,news.crit -/var/log/spooler |
| |
| # Save boot messages also to boot.log |
| local7.* /var/log/boot.log |
| |
| # More configuration examples: |
| # |
| # Remote Logging (we use TCP for reliable delivery) |
| # An on-disk queue is created for this action. If the remote host is |
| # down, messages are spooled to disk and sent when it is up again. |
| #$WorkDirectory /var/spool/rsyslog # where to place spool files |
| #$ActionQueueFileName uniqName # unique name prefix for spool files |
| #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) |
| #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown |
| #$ActionQueueType LinkedList # run asynchronously |
| #$ActionResumeRetryCount -1 # infinety retries if host is down |
| #$ActionResumeInterval 30 # retry interval |
| # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional |
| #*.* @@remote-host |
| |
| # Remote Logging with TCP + SSL/TLS |
| #$DefaultNetstreamDriver gtls |
| #$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem |
| #$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem |
| #$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem |
| #$ActionSendStreamDriverAuthMode x509/name # enable peer authentication |
| #$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo |
| #$ActionSendStreamDriverMode 1 # run driver in TLS-only mode |
| |
| # ######### Receiving Messages from Remote Hosts ########## |
| # TCP Syslog Server: |
| #$ModLoad imtcp # provides TCP syslog reception |
| #$TCPServerRun 10514 # start a TCP syslog server at port 10514 |
| |
| # TCP + SSL/TLS Syslog Server: |
| #$ModLoad imtcp # provides TCP syslog reception |
| #$DefaultNetstreamDriver gtls # use gnuTLS for data encryption |
| #$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem |
| #$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem |
| #$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem |
| #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode |
| #$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication |
| #$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client) |
| #$TCPServerRun 10514 # start a TCP syslog server at port 10514 |
| |
| # UDP Syslog Server: |
| #$ModLoad imudp.so # provides UDP syslog reception |
| #$UDPServerRun 514 # start a UDP syslog server at standard port 514 |
| |
| # RELP Syslog Server: |
| #$ModLoad imrelp # provides RELP syslog reception |
| #$InputRELPServerRun 10515 # start a RELP syslog server at port 10515 |