112 lines
2.8 KiB
Plaintext
112 lines
2.8 KiB
Plaintext
|
# /etc/rsyslog.conf Configuration file for rsyslog.
|
||
|
|
#
|
||
|
|
# For more information see
|
||
|
|
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
|
||
|
|
|
||
|
|
|
||
|
|
#################
|
||
|
|
#### MODULES ####
|
||
|
|
#################
|
||
|
|
|
||
|
|
module(load="imuxsock") # provides support for local system logging
|
||
|
|
module(load="imklog") # provides kernel logging support
|
||
|
|
#module(load="immark") # provides --MARK-- message capability
|
||
|
|
|
||
|
|
# provides UDP syslog reception
|
||
|
|
module(load="imudp")
|
||
|
|
input(type="imudp" port="514" address="10.20.0.1" name="management")
|
||
|
|
input(type="imudp" port="514" address="10.23.0.1" name="video")
|
||
|
|
input(type="imudp" port="514" address="10.24.0.1" name="overflow")
|
||
|
|
|
||
|
|
# provides TCP syslog reception
|
||
|
|
#module(load="imtcp")
|
||
|
|
#input(type="imtcp" port="514")
|
||
|
|
|
||
|
|
|
||
|
|
###########################
|
||
|
|
#### GLOBAL DIRECTIVES ####
|
||
|
|
###########################
|
||
|
|
|
||
|
|
#
|
||
|
|
# Use traditional timestamp format.
|
||
|
|
# To enable high precision timestamps, comment out the following line.
|
||
|
|
#
|
||
|
|
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||
|
|
|
||
|
|
#
|
||
|
|
# Set the default permissions for all log files.
|
||
|
|
#
|
||
|
|
$FileOwner root
|
||
|
|
$FileGroup adm
|
||
|
|
$FileCreateMode 0640
|
||
|
|
$DirCreateMode 0755
|
||
|
|
$Umask 0022
|
||
|
|
|
||
|
|
#
|
||
|
|
# Where to place spool and state files
|
||
|
|
#
|
||
|
|
$WorkDirectory /var/spool/rsyslog
|
||
|
|
|
||
|
|
#
|
||
|
|
# Include all config files in /etc/rsyslog.d/
|
||
|
|
#
|
||
|
|
#$IncludeConfig /etc/rsyslog.d/*.conf
|
||
|
|
|
||
|
|
# now dump received logs
|
||
|
|
# will be finicky to look but good for later analisys
|
||
|
|
$template RemoteLoggers,"/opt/syslog/%hostname%/%programname%.log"
|
||
|
|
|
||
|
|
# template for hostapd (associations)
|
||
|
|
$template RemoteHostapd,"/opt/syslog/hostapd/all-ap-hostapd.log"
|
||
|
|
|
||
|
|
# current vlans
|
||
|
|
if $fromhost-ip startswith '10.20.' then ?RemoteLoggers
|
||
|
|
if $fromhost-ip startswith '10.23.' then ?RemoteLoggers
|
||
|
|
if $fromhost-ip startswith '10.24.' then ?RemoteLoggers
|
||
|
|
|
||
|
|
# current vlans (hostapd)
|
||
|
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.20.' then ?RemoteHostapd
|
||
|
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.23.' then ?RemoteHostapd
|
||
|
|
if $programname == 'hostapd' and $fromhost-ip startswith '10.24.' then ?RemoteHostapd
|
||
|
|
|
||
|
|
|
||
|
|
###############
|
||
|
|
#### RULES ####
|
||
|
|
###############
|
||
|
|
|
||
|
|
#
|
||
|
|
# First some standard log files. Log by facility.
|
||
|
|
#
|
||
|
|
auth,authpriv.* /var/log/auth.log
|
||
|
|
*.*;auth,authpriv.none -/var/log/syslog
|
||
|
|
#cron.* /var/log/cron.log
|
||
|
|
daemon.* -/var/log/daemon.log
|
||
|
|
kern.* -/var/log/kern.log
|
||
|
|
lpr.* -/var/log/lpr.log
|
||
|
|
mail.* -/var/log/mail.log
|
||
|
|
user.* -/var/log/user.log
|
||
|
|
|
||
|
|
#
|
||
|
|
# Logging for the mail system. Split it up so that
|
||
|
|
# it is easy to write scripts to parse these files.
|
||
|
|
#
|
||
|
|
mail.info -/var/log/mail.info
|
||
|
|
mail.warn -/var/log/mail.warn
|
||
|
|
mail.err /var/log/mail.err
|
||
|
|
|
||
|
|
#
|
||
|
|
# Some "catch-all" log files.
|
||
|
|
#
|
||
|
|
*.=debug;\
|
||
|
|
auth,authpriv.none;\
|
||
|
|
news.none;mail.none -/var/log/debug
|
||
|
|
*.=info;*.=notice;*.=warn;\
|
||
|
|
auth,authpriv.none;\
|
||
|
|
cron,daemon.none;\
|
||
|
|
mail,news.none -/var/log/messages
|
||
|
|
|
||
|
|
#
|
||
|
|
# Emergencies are sent to everybody logged in.
|
||
|
|
#
|
||
|
|
*.emerg :omusrmsg:*
|