diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 16:27:18 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 16:27:18 +0000 |
commit | f7f20c3f5e0be02585741f5f54d198689ccd7866 (patch) | |
tree | 190d5e080f6cbcc40560b0ceaccfd883cb3faa01 /source/configuration/rsyslog-example.conf | |
parent | Initial commit. (diff) | |
download | rsyslog-doc-f7f20c3f5e0be02585741f5f54d198689ccd7866.tar.xz rsyslog-doc-f7f20c3f5e0be02585741f5f54d198689ccd7866.zip |
Adding upstream version 8.2402.0+dfsg.upstream/8.2402.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source/configuration/rsyslog-example.conf')
-rw-r--r-- | source/configuration/rsyslog-example.conf | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/source/configuration/rsyslog-example.conf b/source/configuration/rsyslog-example.conf new file mode 100644 index 0000000..a3ec2f1 --- /dev/null +++ b/source/configuration/rsyslog-example.conf @@ -0,0 +1,163 @@ +# A commented quick reference and sample configuration +# WARNING: This is not a manual, the full manual of rsyslog configuration is in +# rsyslog.conf (5) manpage +# +# "$" starts lines that contain new directives. The full list of directives +# can be found in /usr/share/doc/rsyslog-1.19.6/doc/rsyslog_conf.html or online +# at http://www.rsyslog.com/doc if you do not have (or find) a local copy. +# +# Set syslogd options + +# Some global directives +# ---------------------- + +# $AllowedSender - specifies which remote systems are allowed to send syslog messages to rsyslogd +# -------------- +$AllowedSender UDP, 127.0.0.1, 192.0.2.0/24, [::1]/128, *.example.net, somehost.example.com + +# $UMASK - specifies the rsyslogd processes' umask +# ------ +$umask 0000 + +# $FileGroup - Set the group for dynaFiles newly created +# ---------- +$FileGroup loggroup + +# $FileOwner - Set the file owner for dynaFiles newly created. +# ---------- +$FileOwner loguser + +# $IncludeConfig - include other files into the main configuration file +# -------------- +$IncludeConfig /etc/some-included-file.conf # one file +$IncludeConfig /etc/rsyslog.d/ # whole directory (must contain the final slash) + +# $ModLoad - Dynamically loads a plug-in and activates it +# -------- +$ModLoad ommysql # load MySQL functionality +$ModLoad /rsyslog/modules/somemodule.so # load a module via absolute path + + + +# Templates +# --------- + +# Templates allow to specify any format a user might want. +# They MUST be defined BEFORE they are used. + +# A template consists of a template directive, a name, the actual template text +# and optional options. A sample is: +# +$template MyTemplateName,"\7Text %property% some more text\n", + +# where: +# * $template - tells rsyslog that this line contains a template. +# * MyTemplateName - template name. All other config lines refer to this name. +# * "\7Text %property% some more text\n" - templage text + +# The backslash is an escape character, i.e. \7 rings the bell, \n is a new line. +# To escape: +# % = \% +# \ = \\ + +# Template options are case-insensitive. Currently defined are: +# sql format the string suitable for a SQL statement. This will replace single +# quotes ("'") by two single quotes ("''") to prevent the SQL injection +# (NO_BACKSLASH_ESCAPES turned off) +# stdsql - format the string suitable for a SQL statement that is to +# be sent to a standards-compliant sql server. +# (NO_BACKSLASH_ESCAPES turned on) + + + +# Properties inside templates +# --------------------------- + +# Properties can be modified by the property replacer. They are accessed +# inside the template by putting them between percent signs. The full syntax is as follows: + +# %propname:fromChar:toChar:options% + +# FromChar and toChar are used to build substrings. +# If you need to obtain the first 2 characters of the +# message text, you can use this syntax: +"%msg:1:2%". +# If you do not whish to specify from and to, but you want to +# specify options, you still need to include the colons. + +# For example, to convert the full message text to lower case only, use +# "%msg:::lowercase%". + +# The full list of property options can be found in rsyslog.conf(5) manpage + + + +# Samples of template definitions +# ------------------------------- + +# A template that resambles traditional syslogd file output: +$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n" + +# A more verbose template: +$template precise,"%syslogpriority%,%syslogfacility%,%timegenerated::fulltime%,%HOSTNAME%,%syslogtag%,%msg%\n" + +# A template that resembles RFC 3164 on-the-wire format: +# (yes, there is NO space betwen syslogtag and msg! that's important!) +$template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%" + +# a template resembling traditional wallmessage format: +$template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r" + +# The template below emulates winsyslog format, but we need to check the time +# stamps used. It is also a good sampleof the property replacer in action. +$template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,%syslogtag%%msg%\n" + +# A template used for database writing (notice it *is* an actual +# sql-statement): +$template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql + + + +# Samples of rules +# ---------------- +# Regular file +# ------------ +*.* /var/log/traditionalfile.log;TraditionalFormat # log to a file in the traditional format + +# Forwarding to remote machine +# ---------------------------- +*.* @172.19.2.16 # udp (standard for syslog) +*.* @@172.19.2.17 # tcp + +# Database action +# --------------- +# (you must have rsyslog-mysql package installed) +# !!! Don't forget to set permission of rsyslog.conf to 600 !!! +*.* >hostname,dbname,userid,password # (default Monitorware schema, can be created by /usr/share/doc/rsyslog-mysql-1.19.6/createDB.sql) + +# And this one uses the template defined above: +*.* >hostname,dbname,userid,password;dbFormat + +# Program to execute +# ------------------ +*.* ^alsaunmute # set default volume to soundcard + +# Filter using regex +# ------------------ +# if the user logges word rulez or rulezz or rulezzz or..., then we will shut down his pc +# (note, that + have to be double backslashed...) +:msg, regex, "rulez\\+" ^poweroff + +# A more complex example +# ---------------------- +$template bla_logged,"%timegenerated% the BLA was logged" +:msg, contains, "bla" ^logger;bla_logged + +# Pipes +# ----- +# first we need to create pipe by # mkfifo /a_big_pipe +*.* |/a_big_pipe + +# Discarding +# ---------- +*.* ~ # discards everything |