#
# SALT managed.
#

# Load UDP module
$ModLoad imudp

# Load TCP module
$ModLoad imtcp

# Load RELP module
$ModLoad imrelp


#
# Use traditional timestamp format.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat


# Switch to remote ruleset
$RuleSet remote


# Log files are stored in directories matching the short hostname, excluding numbers
# i.e. web01 web02 and web03 will all log to a the web directory

# Templates
$Template dynAuditLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/audit.log"
$Template dynAuthLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/auth.log"
$Template dynSyslog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/syslog"
$Template dynCronLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/cron.log"
$Template dynDaemonLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.log"
$Template dynKernLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/kern.log"
$Template dynUserLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/user.log"
$Template dynMailLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/mail.log"
$Template dynDebug,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/debug"
$Template dynMessages,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/messages"
$Template dynLocal0daemon,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.local0.log"

# Rules
auth,authpriv.*         ?dynAuthLog
*.*;auth.none,authpriv.none,mail.none,cron.none,kern.none,user.none,daemon.none     -?dynSyslog
cron.*              ?dynCronLog
kern.*              -?dynKernLog
mail.*              -?dynMailLog
user.*              -?dynUserLog
#*.=info;*.=notice;*.=warn;\
#
#    auth.none,authpriv.none;\
#    cron.none,daemon.none;\
#    mail.none,news.none     -?dynMessages
#hier gibts drachen / here are dragons
#if $syslogfacility-text == 'local0' then /var/log/somelog

daemon.*            -?dynDaemonLog

# drachen sind put / dragons borked
#
# Special format to keep audit logs as sent.
$Template auditFormat,"%msg%\n"

# Catch messages from audispd and send to audit log.
:programname,   isequal,        "audispd"       -?dynAuditLog;auditFormat
:programname,   isequal,        "audispd"       stop



# Switch back to default ruleset
$RuleSet RSYSLOG_DefaultRuleset

$InputUDPServerBindRuleset remote
$UDPServerRun 514
$UDPServerAddress *

$InputTCPServerBindRuleset remote
$InputTCPServerRun 514

$InputRELPServerBindRuleset remote
$InputRELPServerRun 20514