# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514" address="10.20.0.1" name="management") input(type="imudp" port="514" address="10.23.0.1" name="video") input(type="imudp" port="514" address="10.24.0.1" name="overflow") # provides TCP syslog reception #module(load="imtcp") #input(type="imtcp" port="514") ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Set the default permissions for all log files. # $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # #$IncludeConfig /etc/rsyslog.d/*.conf # now dump received logs # will be finicky to look but good for later analisys $template RemoteLoggers,"/opt/syslog/%hostname%/%programname%.log" # template for hostapd (associations) $template RemoteHostapd,"/opt/syslog/hostapd/all-ap-hostapd.log" # current vlans if $fromhost-ip startswith '10.20.' then ?RemoteLoggers if $fromhost-ip startswith '10.23.' then ?RemoteLoggers if $fromhost-ip startswith '10.24.' then ?RemoteLoggers # current vlans (hostapd) if $programname == 'hostapd' and $fromhost-ip startswith '10.20.' then ?RemoteHostapd if $programname == 'hostapd' and $fromhost-ip startswith '10.23.' then ?RemoteHostapd if $programname == 'hostapd' and $fromhost-ip startswith '10.24.' then ?RemoteHostapd ############### #### RULES #### ############### # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # # Some "catch-all" log files. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg :omusrmsg:*