Download rsyslog.conf-ORIG.bak
1: #rsyslog v3 config file 2: 3: # if you experience problems, check 4: # http://www.rsyslog.com/troubleshoot for assistance 5: 6: #### MODULES #### 7: 8: $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) 9: $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) 10: #$ModLoad immark.so # provides --MARK-- message capability 11: 12: # Provides UDP syslog reception 13: #$ModLoad imudp.so 14: #$UDPServerRun 514 15: 16: # Provides TCP syslog reception 17: #$ModLoad imtcp.so 18: #$InputTCPServerRun 514 19: 20: 21: #### GLOBAL DIRECTIVES #### 22: 23: # Use default timestamp format 24: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat 25: 26: # File syncing capability is disabled by default. This feature is usually not required, 27: # not useful and an extreme performance hit 28: #$ActionFileEnableSync on 29: 30: 31: #### RULES #### 32: 33: # Log all kernel messages to the console. 34: # Logging much else clutters up the screen. 35: #kern.* /dev/console 36: 37: # Log anything (except mail) of level info or higher. 38: # Don't log private authentication messages! 39: *.info;mail.none;authpriv.none;cron.none /var/log/messages 40: 41: # The authpriv file has restricted access. 42: authpriv.* /var/log/secure 43: 44: # Log all the mail messages in one place. 45: mail.* -/var/log/maillog 46: 47: 48: # Log cron stuff 49: cron.* /var/log/cron 50: 51: # Everybody gets emergency messages 52: *.emerg * 53: 54: # Save news errors of level crit and higher in a special file. 55: uucp,news.crit /var/log/spooler 56: 57: # Save boot messages also to boot.log 58: local7.* /var/log/boot.log 59: 60: 61: 62: # ### begin forwarding rule ### 63: # The statement between the begin ... end define a SINGLE forwarding 64: # rule. They belong together, do NOT split them. If you create multiple 65: # forwarding rules, duplicate the whole block! 66: # Remote Logging (we use TCP for reliable delivery) 67: # 68: # An on-disk queue is created for this action. If the remote host is 69: # down, messages are spooled to disk and sent when it is up again. 70: #$WorkDirectory /var/spppl/rsyslog # where to place spool files 71: #$ActionQueueFileName fwdRule1 # unique name prefix for spool files 72: #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) 73: #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown 74: #$ActionQueueType LinkedList # run asynchronously 75: #$ActionResumeRetryCount -1 # infinite retries if host is down 76: # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional 77: #*.* @@remote-host:514 78: # ### end of the forwarding rule ###