| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| # |
| |
| # provides --MARK-- message capability |
| $ModLoad immark.so |
| |
| module(load="imuxsock" |
| SysSock.Name="/dev/log" |
| SysSock.UsePIDFromSystem="on") |
| |
| # Allow messages from upstart, which logs through /dev/klog. |
| module(load="imklog" |
| PermitNonKernelFacility="on") |
| # Socket to collect stdout/stderr from processes via syslog-cat command. |
| module(load="imstdoutsock" path="/run/rsyslogd/stdout") |
| |
| $PrivDropToUser syslog |
| $PrivDropToGroup syslog |
| |
| # Don't include hostname in log messages. |
| template(name="LogWithoutHostname" type="string" |
| string="%TIMESTAMP:1:26:date-rfc3339,date-utc%Z %syslogseverity-text:::uppercase% %syslogtag%%msg:::sp-if-no-1st-sp%%msg::drop-last-lf%\n") |
| module(load="builtin:omfile" Template="LogWithoutHostname") |
| |
| $RepeatedMsgReduction on |
| |
| # Merge and include all *.conf files. |
| # This should come after any settings that are meant to be inherited by the |
| # *.conf files that are to be included. |
| $IncludeConfig /etc/rsyslog.d/*.conf |
| |
| # Keep network stuff in /var/log/net.log |
| if (($programname == 'charon') or \ |
| ($programname == 'dhcpcd') or \ |
| ($programname == 'dnsproxyd') or \ |
| ($programname == 'hermes') or \ |
| ($programname == 'l2tpipsec_vpn') or \ |
| ($programname == 'mist') or \ |
| ($programname == 'ModemManager') or \ |
| ($programname == 'nss-get-cert') or \ |
| ($programname == 'openvpn') or \ |
| ($programname == 'openvpn-script') or \ |
| ($programname == 'patchpaneld') or \ |
| ($programname == 'pppd') or \ |
| ($programname == 'pseudomodem') or \ |
| ($programname == 'shill') or \ |
| ($programname == 'wpa_supplicant')) then -/var/log/net.log |
| |
| # Log important (EMERG..ERR) network stuff in /var/log/messages too, |
| # but discard anything less severe |
| if (($programname == 'charon') or \ |
| ($programname == 'dhcpcd') or \ |
| ($programname == 'dnsproxyd') or \ |
| ($programname == 'hermes') or \ |
| ($programname == 'l2tpipsec_vpn') or \ |
| ($programname == 'mist') or \ |
| ($programname == 'ModemManager') or \ |
| ($programname == 'nss-get-cert') or \ |
| ($programname == 'openvpn') or \ |
| ($programname == 'openvpn-script') or \ |
| ($programname == 'patchpaneld') or \ |
| ($programname == 'pppd') or \ |
| ($programname == 'pseudomodem') or \ |
| ($programname == 'shill') or \ |
| ($programname == 'wpa_supplicant')) and $syslogseverity >= '4' then ~ |
| |
| # Keep all bluetooth logs in /var/log/bluetooth.log |
| if $programname == 'bluetoothd' then -/var/log/bluetooth.log |
| if $programname == 'btmanagerd' then -/var/log/bluetooth.log |
| if $programname == 'btadapterd' then -/var/log/bluetooth.log |
| # Log non-debug level Bluetooth logs to /var/log/messages too |
| if $programname == 'bluetoothd' and $syslogseverity >= '7' then ~ |
| if $programname == 'btmanagerd' and $syslogseverity >= '7' then ~ |
| if $programname == 'btadapterd' and $syslogseverity >= '7' then ~ |
| |
| # Keep Upstart logs in /var/log/upstart.log |
| # Since these go through the kernel ring buffer, the $programname is 'kernel'. |
| # We can match against messages from init with: |
| # re_match($msg, "\\[ *[0-9]+\\.[0-9]+\\] init: .*") |
| # but we'll use a simpler string comparison to avoid the performance penalty of |
| # running a regex on every kernel message. |
| if $programname == 'kernel' and ($msg contains "] init: ") \ |
| then -/var/log/upstart.log |
| |
| # Log important (EMERG..ERR) Upstart stuff in /var/log/messages too. |
| if $programname == 'kernel' and ($msg contains "] init: ") and \ |
| $syslogseverity >= '4' then ~ |
| |
| # Keep tlsdate stuff in /var/log/tlsdate.log |
| if ($programname startswith 'tlsdate') then -/var/log/tlsdate.log |
| & ~ # Don't log tlsdate messages anywhere else. |
| |
| # For authpolicyd and authpolicy_parser: |
| # - Log all messages to /var/log/authpolicy.log. |
| # - Log important stuff (EMERG..ERR) to /var/log/messages. |
| if ($programname startswith 'authpolicy') then -/var/log/authpolicy.log |
| if ($programname startswith 'authpolicy') and $syslogseverity >= '4' then ~ |
| |
| # Log all kernel messages to the console. |
| # Logging much else clutters up the screen. |
| #kern.* /dev/console |
| |
| # Log anything (except mail) of level info or higher. |
| # Don't log private authentication messages! |
| *.*;mail.none;authpriv.none;local5.none -/var/log/messages |
| |
| # The authpriv file has restricted access. |
| authpriv.* /var/log/secure |
| |
| # Save boot messages also to boot.log |
| local7.* /var/log/boot.log |