From 5a467f72583f6b916ca9f1ec477c40aa68b99f80 Mon Sep 17 00:00:00 2001 From: Vladimir Vitkov Date: Sun, 6 Oct 2019 10:49:39 +0300 Subject: [PATCH] rsyslog --- misc/rsyslog.conf | 111 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 misc/rsyslog.conf diff --git a/misc/rsyslog.conf b/misc/rsyslog.conf new file mode 100644 index 0000000..98ab399 --- /dev/null +++ b/misc/rsyslog.conf @@ -0,0 +1,111 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html + + +################# +#### MODULES #### +################# + +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support +#module(load="immark") # provides --MARK-- message capability + +# provides UDP syslog reception +module(load="imudp") +input(type="imudp" port="514" address="10.20.0.1" name="management") +input(type="imudp" port="514" address="10.23.0.1" name="video") +input(type="imudp" port="514" address="10.24.0.1" name="overflow") + +# provides TCP syslog reception +#module(load="imtcp") +#input(type="imtcp" port="514") + + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# +# Include all config files in /etc/rsyslog.d/ +# +#$IncludeConfig /etc/rsyslog.d/*.conf + +# now dump received logs +# will be finicky to look but good for later analisys +$template RemoteLoggers,"/opt/syslog/%hostname%/%programname%.log" + +# template for hostapd (associations) +$template RemoteHostapd,"/opt/syslog/hostapd/all-ap-hostapd.log" + +# current vlans +if $fromhost-ip startswith '10.20.' then ?RemoteLoggers +if $fromhost-ip startswith '10.23.' then ?RemoteLoggers +if $fromhost-ip startswith '10.24.' then ?RemoteLoggers + +# current vlans (hostapd) +if $programname == 'hostapd' and $fromhost-ip startswith '10.20.' then ?RemoteHostapd +if $programname == 'hostapd' and $fromhost-ip startswith '10.23.' then ?RemoteHostapd +if $programname == 'hostapd' and $fromhost-ip startswith '10.24.' then ?RemoteHostapd + + +############### +#### RULES #### +############### + +# +# First some standard log files. Log by facility. +# +auth,authpriv.* /var/log/auth.log +*.*;auth,authpriv.none -/var/log/syslog +#cron.* /var/log/cron.log +daemon.* -/var/log/daemon.log +kern.* -/var/log/kern.log +lpr.* -/var/log/lpr.log +mail.* -/var/log/mail.log +user.* -/var/log/user.log + +# +# Logging for the mail system. Split it up so that +# it is easy to write scripts to parse these files. +# +mail.info -/var/log/mail.info +mail.warn -/var/log/mail.warn +mail.err /var/log/mail.err + +# +# Some "catch-all" log files. +# +*.=debug;\ + auth,authpriv.none;\ + news.none;mail.none -/var/log/debug +*.=info;*.=notice;*.=warn;\ + auth,authpriv.none;\ + cron,daemon.none;\ + mail,news.none -/var/log/messages + +# +# Emergencies are sent to everybody logged in. +# +*.emerg :omusrmsg:*