chaos/salt-master
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2025-11-20. You can view files and clone it, but cannot push or open issues or pull requests.
Files
4bc4e384d97e44752831aabf6d366f9c5734042a
salt-master/base/rsyslog/files/server.conf
do a10b2ccd91 adm01 i can haz rsyslog and an ssd!
2021-02-17 21:30:34 +01:00

83 lines
2.4 KiB
Plaintext
Raw Blame History

#
# SALT managed.
#
# Load UDP module
$ModLoad imudp
# Load TCP module
$ModLoad imtcp
# Load RELP module
$ModLoad imrelp
#
# Use traditional timestamp format.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Switch to remote ruleset
$RuleSet remote
# Log files are stored in directories matching the short hostname, excluding numbers
# i.e. web01 web02 and web03 will all log to a the web directory
# Templates
$Template dynAuditLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/audit.log"
$Template dynAuthLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/auth.log"
$Template dynSyslog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/syslog"
$Template dynCronLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/cron.log"
$Template dynDaemonLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.log"
$Template dynKernLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/kern.log"
$Template dynUserLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/user.log"
$Template dynMailLog,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/mail.log"
$Template dynDebug,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/debug"
$Template dynMessages,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/messages"
$Template dynLocal0daemon,"/data/logs/%source:R,ERE,1,DFLT:([A-Za-z-]*)--end%/daemon.local0.log"
# Rules
auth,authpriv.* ?dynAuthLog
*.*;auth.none,authpriv.none,mail.none,cron.none,kern.none,user.none,daemon.none -?dynSyslog
cron.* ?dynCronLog
kern.* -?dynKernLog
mail.* -?dynMailLog
user.* -?dynUserLog
#*.=info;*.=notice;*.=warn;\
#
# auth.none,authpriv.none;\
# cron.none,daemon.none;\
# mail.none,news.none -?dynMessages
#hier gibts drachen / here are dragons
#if $syslogfacility-text == 'local0' then /var/log/somelog
daemon.* -?dynDaemonLog
# drachen sind put / dragons borked
#
# Special format to keep audit logs as sent.
$Template auditFormat,"%msg%\n"
# Catch messages from audispd and send to audit log.
:programname, isequal, "audispd" -?dynAuditLog;auditFormat
:programname, isequal, "audispd" stop
# Switch back to default ruleset
$RuleSet RSYSLOG_DefaultRuleset
$InputUDPServerBindRuleset remote
$UDPServerRun 514
$UDPServerAddress *
$InputTCPServerBindRuleset remote
$InputTCPServerRun 514
$InputRELPServerBindRuleset remote
$InputRELPServerRun 20514
Reference in New Issue View Git Blame Copy Permalink