adm01 i can haz rsyslog and an ssd!
This commit is contained in:
do
82
base/rsyslog/files/server.conf
Normal file
82
base/rsyslog/files/server.conf
Normal file
@@ -0,0 +1,82 @@
|
||||
#
|
||||
# SALT managed.
|
||||
#
|
||||
|
||||
# Load UDP module
|
||||
$ModLoad imudp
|
||||
|
||||
# Load TCP module
|
||||
$ModLoad imtcp
|
||||
|
||||
# Load RELP module
|
||||
$ModLoad imrelp
|
||||
|
||||
|
||||
#
|
||||
# Use traditional timestamp format.
|
||||
#
|
||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||
|
||||
|
||||
# Switch to remote ruleset
|
||||
$RuleSet remote
|
||||
|
||||
|
||||
# Log files are stored in directories matching the short hostname, excluding numbers
|
||||
# i.e. web01 web02 and web03 will all log to a the web directory
|
||||
|
||||
# Templates
|
||||
$Template dynAuditLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/audit.log"
|
||||
$Template dynAuthLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/auth.log"
|
||||
$Template dynSyslog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/syslog"
|
||||
$Template dynCronLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/cron.log"
|
||||
$Template dynDaemonLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.log"
|
||||
$Template dynKernLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/kern.log"
|
||||
$Template dynUserLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/user.log"
|
||||
$Template dynMailLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/mail.log"
|
||||
$Template dynDebug,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/debug"
|
||||
$Template dynMessages,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/messages"
|
||||
$Template dynLocal0daemon,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.local0.log"
|
||||
|
||||
# Rules
|
||||
auth,authpriv.* ?dynAuthLog
|
||||
*.*;auth.none,authpriv.none,mail.none,cron.none,kern.none,user.none,daemon.none -?dynSyslog
|
||||
cron.* ?dynCronLog
|
||||
kern.* -?dynKernLog
|
||||
mail.* -?dynMailLog
|
||||
user.* -?dynUserLog
|
||||
#*.=info;*.=notice;*.=warn;\
|
||||
#
|
||||
# auth.none,authpriv.none;\
|
||||
# cron.none,daemon.none;\
|
||||
# mail.none,news.none -?dynMessages
|
||||
#hier gibts drachen / here are dragons
|
||||
#if $syslogfacility-text == 'local0' then /var/log/somelog
|
||||
|
||||
daemon.* -?dynDaemonLog
|
||||
|
||||
# drachen sind put / dragons borked
|
||||
#
|
||||
# Special format to keep audit logs as sent.
|
||||
$Template auditFormat,"%msg%\n"
|
||||
|
||||
# Catch messages from audispd and send to audit log.
|
||||
:programname, isequal, "audispd" -?dynAuditLog;auditFormat
|
||||
:programname, isequal, "audispd" stop
|
||||
|
||||
|
||||
|
||||
# Switch back to default ruleset
|
||||
$RuleSet RSYSLOG_DefaultRuleset
|
||||
|
||||
$InputUDPServerBindRuleset remote
|
||||
$UDPServerRun 514
|
||||
$UDPServerAddress *
|
||||
|
||||
$InputTCPServerBindRuleset remote
|
||||
$InputTCPServerRun 514
|
||||
|
||||
$InputRELPServerBindRuleset remote
|
||||
$InputRELPServerRun 20514
|
||||
|
||||
|
||||
Reference in New Issue
Block a user