diff options
Diffstat (limited to 'main/rsyslog/rsyslog.conf')
| -rw-r--r-- | main/rsyslog/rsyslog.conf | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/main/rsyslog/rsyslog.conf b/main/rsyslog/rsyslog.conf new file mode 100644 index 000000000..19187467b --- /dev/null +++ b/main/rsyslog/rsyslog.conf @@ -0,0 +1,87 @@ +# rsyslog v5: load input modules +# If you do not load inputs, nothing happens! +# You may need to set the module load path if modules are not found. + +$ModLoad immark.so # provides --MARK-- message capability +$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) +$ModLoad imklog.so # kernel logging (formerly provided by rklogd) + +# Include configuration files from directory +$IncludeConfig /etc/rsyslog.d/* + +# Check config syntax on startup and abort if unclean (default off) +#$AbortOnUncleanConfig on + +# Reduce repeating messages (default off) +#$RepeatedMsgReduction on + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;mail.none;authpriv.none;cron.none -/var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + +# Log cron stuff +cron.* -/var/log/cron + +# Everybody gets emergency messages +*.emerg * + +# Save news errors of level crit and higher in a special file. +uucp,news.crit -/var/log/spooler + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + +# More configuration examples: +# +# Remote Logging (we use TCP for reliable delivery) +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#$WorkDirectory /var/spool/rsyslog # where to place spool files +#$ActionQueueFileName uniqName # unique name prefix for spool files +#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) +#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +#$ActionQueueType LinkedList # run asynchronously +#$ActionResumeRetryCount -1 # infinety retries if host is down +#$ActionResumeInterval 30 # retry interval +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host + +# Remote Logging with TCP + SSL/TLS +#$DefaultNetstreamDriver gtls +#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem +#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem +#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem +#$ActionSendStreamDriverAuthMode x509/name # enable peer authentication +#$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo +#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode + +# ######### Receiving Messages from Remote Hosts ########## +# TCP Syslog Server: +#$ModLoad imtcp # provides TCP syslog reception +#$TCPServerRun 10514 # start a TCP syslog server at port 10514 + +# TCP + SSL/TLS Syslog Server: +#$ModLoad imtcp # provides TCP syslog reception +#$DefaultNetstreamDriver gtls # use gnuTLS for data encryption +#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem +#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem +#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem +#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode +#$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication +#$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client) +#$TCPServerRun 10514 # start a TCP syslog server at port 10514 + +# UDP Syslog Server: +#$ModLoad imudp.so # provides UDP syslog reception +#$UDPServerRun 514 # start a UDP syslog server at standard port 514 + |