main/rsyslog: rewrite default config to new syntax and unify file names

1 files changed, 70 insertions, 68 deletions

diff --git a/main/rsyslog/rsyslog.conf b/main/rsyslog/rsyslog.conf
index 6e81fc4171..d2706daa27 100644
--- a/main/rsyslog/rsyslog.conf
+++ b/main/rsyslog/rsyslog.conf
@@ -1,94 +1,96 @@
-# rsyslog v5: load input modules
-# If you do not load inputs, nothing happens!
-# You may need to set the module load path if modules are not found.
+# rsyslog configuration file
+#
+# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
+# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
+# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+
+
+#### Global directives ####
 
-$ModLoad immark.so # provides --MARK-- message capability
-$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
-$ModLoad imklog.so # kernel logging (formerly provided by rklogd)
+# Sets the directory that rsyslog uses for work files.
+$WorkDirectory /var/lib/rsyslog
 
-# default permissions for all log files.
+# Sets default permissions for all log files.
 $FileOwner root
 $FileGroup adm
 $FileCreateMode 0640
 $DirCreateMode 0755
 $Umask 0022
 
-# Include configuration files from directory
-$IncludeConfig /etc/rsyslog.d/*
-
-# Check config syntax on startup and abort if unclean (default off)
+# Check config syntax on startup and abort if unclean (default off).
 #$AbortOnUncleanConfig on
 
-# Reduce repeating messages (default off)
+# Reduce repeating messages (default off).
 #$RepeatedMsgReduction on
 
-# Log all kernel messages to the console.
-# Logging much else clutters up the screen.
-#kern.*                                                 /dev/console
+# Include all config files in /etc/rsyslog.d/.
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+
+#### Modules ####
+
+# Provides --MARK-- message capability.
+module(load="immark")
+
+# Provides support for local system logging (e.g. via logger command).
+module(load="imuxsock")
+
+# Reads kernel messages.
+module(load="imklog")
+
+
+#### Rules ####
+
+# Log all kernel messages to kern.log.
+kern.*							/var/log/kern.log
 
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;mail.none;authpriv.none;cron.none                -/var/log/messages
+# NOTE: The minus sign in front of filename disables buffer flush.
+*.info;authpriv.none;cron.none;kern.none;mail.none	-/var/log/messages
 
 # The authpriv file has restricted access.
-authpriv.*                                              /var/log/secure
+authpriv.*						/var/log/auth.log
 
 # Log all the mail messages in one place.
-mail.*                                                  -/var/log/maillog
+mail.*							-/var/log/mail.log
+
+# Log cron stuff.
+cron.*							-/var/log/cron.log
 
-# Log cron stuff
-cron.*                                                  -/var/log/cron
+# Everybody gets emergency messages.
+*.emerg							:omusrmsg:*
 
-# Everybody gets emergency messages
-*.emerg                                                 :omusrmsg:*
+# Save boot messages also to boot.log.
+local7.*						/var/log/boot.log
 
-# Save news errors of level crit and higher in a special file.
-uucp,news.crit                                          -/var/log/spooler
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*							/dev/console
 
-# Save boot messages also to boot.log
-local7.*                                                /var/log/boot.log
 
-# More configuration examples:
-#
-# Remote Logging (we use TCP for reliable delivery)
+### Examples ####
+
+# Send all logs to remote syslog via UDP.
 # An on-disk queue is created for this action. If the remote host is
 # down, messages are spooled to disk and sent when it is up again.
-#$WorkDirectory /var/spool/rsyslog # where to place spool files
-#$ActionQueueFileName uniqName # unique name prefix for spool files
-#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
-#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
-#$ActionQueueType LinkedList   # run asynchronously
-#$ActionResumeRetryCount -1    # infinety retries if host is down
-#$ActionResumeInterval 30      # retry interval
-# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
-#*.* @@remote-host
-
-# Remote Logging with TCP + SSL/TLS
-#$DefaultNetstreamDriver gtls
-#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem
-#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem
-#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem
-#$ActionSendStreamDriverAuthMode x509/name # enable peer authentication
-#$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo
-#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
-
-# ######### Receiving Messages from Remote Hosts ##########
-# TCP Syslog Server:
-#$ModLoad imtcp  # provides TCP syslog reception
-#$TCPServerRun 10514 # start a TCP syslog server at port 10514
-
-# TCP + SSL/TLS Syslog Server:
-#$ModLoad imtcp  # provides TCP syslog reception
-#$DefaultNetstreamDriver gtls # use gnuTLS for data encryption
-#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem
-#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem
-#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem
-#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
-#$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication
-#$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client)
-#$TCPServerRun 10514 # start a TCP syslog server at port 10514
-
-# UDP Syslog Server:
-#$ModLoad imudp.so  # provides UDP syslog reception
-#$UDPServerRun 514 # start a UDP syslog server at standard port 514
-
+#*.* action(
+#	type="omfwd"
+#	target="192.168.0.1"
+#	port="514"
+#	protocol="udp"
+#	queue.filename="fwdRule1"  # unique name prefix for spool files
+#	queue.type="LinkedList"
+#	queue.maxDiskSpace="256m"
+#	queue.saveOnShutdown="on"
+#	action.resumeRetryCount="-1"
+#	action.resumeInterval="30"
+#)
+
+# Receive messages from remote host via UDP
+# for parameters see http://www.rsyslog.com/doc/imudp.html
+#module(load="imudp")  # needs to be done just once
+#input(
+#	type="imudp"
+#	port="514"
+#)