#Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$ModLoad imuxsock.so
$ModLoad imklog
$ModLoad imtcp
$InputTCPServerRun 514
$ModLoad imudp.so
$WorkDirectory /var/spool/rsyslog
#load the network stuff
$UDPServerAddress 10.134.0.58
$UDPServerRun 514
#reduce any duplicates
$RepeatedMsgReduction on
# The template that wil format the message as it is writen to the file
# you can edit this line if you want to customize te message format
$template TraditionalFormat,"/var/opt/syslog/%timegenerated% %HOSTNAME% %syslogtag%%msg%%$YEAR%-%$MONTH%-%$DAY%.log"
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/secure
if \
$source == '10.134.0.58' \
and \
$syslogseverity <= '6' \
and ( \
$syslogfacility-text != 'mail' \
and \
$syslogfacility-text != 'authpriv' \
and \
$syslogfacility-text != 'cron' \
) \
then /var/log/messages;TraditionalFormat
authpriv.* /var/log/secure;TraditionalFormat
# The authpriv file has restricted access.
# authpriv.* /var/log/secure
if \
$source == '10.134.0.58' \
and \
$syslogfacility-text == 'authpriv' \
then /var/log/secure;TraditionalFormat
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
# mail.* /var/log/maillog;TraditionalFormat
if \
$source == '10.134.0.58' \
and \
$syslogfacility-text == 'mail' \
then /var/log/maillog;TraditionalFormat
# Log cron stuff
# cron.* /var/log/cron;TraditionalFormat
if \
$source == '10.134.0.58' \
and \
$syslogfacility-text == 'cron' \
then /var/log/cron;TraditionalFormat
# Everybody gets emergency messages
#*.emerg *
if \
$source == '10.134.0.58' \
and \
$syslogseverity-text == 'emerg' \
then *
# this line creates a template that will store the messages for each host in a seperate file.
Walang komento:
Mag-post ng isang Komento