summaryrefslogtreecommitdiffstats
path: root/source/configuration/rsyslog-example.conf
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 16:27:18 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-15 16:27:18 +0000
commitf7f20c3f5e0be02585741f5f54d198689ccd7866 (patch)
tree190d5e080f6cbcc40560b0ceaccfd883cb3faa01 /source/configuration/rsyslog-example.conf
parentInitial commit. (diff)
downloadrsyslog-doc-f7f20c3f5e0be02585741f5f54d198689ccd7866.tar.xz
rsyslog-doc-f7f20c3f5e0be02585741f5f54d198689ccd7866.zip
Adding upstream version 8.2402.0+dfsg.upstream/8.2402.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'source/configuration/rsyslog-example.conf')
-rw-r--r--source/configuration/rsyslog-example.conf163
1 files changed, 163 insertions, 0 deletions
diff --git a/source/configuration/rsyslog-example.conf b/source/configuration/rsyslog-example.conf
new file mode 100644
index 0000000..a3ec2f1
--- /dev/null
+++ b/source/configuration/rsyslog-example.conf
@@ -0,0 +1,163 @@
+# A commented quick reference and sample configuration
+# WARNING: This is not a manual, the full manual of rsyslog configuration is in
+# rsyslog.conf (5) manpage
+#
+# "$" starts lines that contain new directives. The full list of directives
+# can be found in /usr/share/doc/rsyslog-1.19.6/doc/rsyslog_conf.html or online
+# at http://www.rsyslog.com/doc if you do not have (or find) a local copy.
+#
+# Set syslogd options
+
+# Some global directives
+# ----------------------
+
+# $AllowedSender - specifies which remote systems are allowed to send syslog messages to rsyslogd
+# --------------
+$AllowedSender UDP, 127.0.0.1, 192.0.2.0/24, [::1]/128, *.example.net, somehost.example.com
+
+# $UMASK - specifies the rsyslogd processes' umask
+# ------
+$umask 0000
+
+# $FileGroup - Set the group for dynaFiles newly created
+# ----------
+$FileGroup loggroup
+
+# $FileOwner - Set the file owner for dynaFiles newly created.
+# ----------
+$FileOwner loguser
+
+# $IncludeConfig - include other files into the main configuration file
+# --------------
+$IncludeConfig /etc/some-included-file.conf # one file
+$IncludeConfig /etc/rsyslog.d/ # whole directory (must contain the final slash)
+
+# $ModLoad - Dynamically loads a plug-in and activates it
+# --------
+$ModLoad ommysql # load MySQL functionality
+$ModLoad /rsyslog/modules/somemodule.so # load a module via absolute path
+
+
+
+# Templates
+# ---------
+
+# Templates allow to specify any format a user might want.
+# They MUST be defined BEFORE they are used.
+
+# A template consists of a template directive, a name, the actual template text
+# and optional options. A sample is:
+#
+$template MyTemplateName,"\7Text %property% some more text\n",
+
+# where:
+# * $template - tells rsyslog that this line contains a template.
+# * MyTemplateName - template name. All other config lines refer to this name.
+# * "\7Text %property% some more text\n" - templage text
+
+# The backslash is an escape character, i.e. \7 rings the bell, \n is a new line.
+# To escape:
+# % = \%
+# \ = \\
+
+# Template options are case-insensitive. Currently defined are:
+# sql format the string suitable for a SQL statement. This will replace single
+# quotes ("'") by two single quotes ("''") to prevent the SQL injection
+# (NO_BACKSLASH_ESCAPES turned off)
+# stdsql - format the string suitable for a SQL statement that is to
+# be sent to a standards-compliant sql server.
+# (NO_BACKSLASH_ESCAPES turned on)
+
+
+
+# Properties inside templates
+# ---------------------------
+
+# Properties can be modified by the property replacer. They are accessed
+# inside the template by putting them between percent signs. The full syntax is as follows:
+
+# %propname:fromChar:toChar:options%
+
+# FromChar and toChar are used to build substrings.
+# If you need to obtain the first 2 characters of the
+# message text, you can use this syntax:
+"%msg:1:2%".
+# If you do not whish to specify from and to, but you want to
+# specify options, you still need to include the colons.
+
+# For example, to convert the full message text to lower case only, use
+# "%msg:::lowercase%".
+
+# The full list of property options can be found in rsyslog.conf(5) manpage
+
+
+
+# Samples of template definitions
+# -------------------------------
+
+# A template that resambles traditional syslogd file output:
+$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
+
+# A more verbose template:
+$template precise,"%syslogpriority%,%syslogfacility%,%timegenerated::fulltime%,%HOSTNAME%,%syslogtag%,%msg%\n"
+
+# A template that resembles RFC 3164 on-the-wire format:
+# (yes, there is NO space betwen syslogtag and msg! that's important!)
+$template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%"
+
+# a template resembling traditional wallmessage format:
+$template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r"
+
+# The template below emulates winsyslog format, but we need to check the time
+# stamps used. It is also a good sampleof the property replacer in action.
+$template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,%syslogtag%%msg%\n"
+
+# A template used for database writing (notice it *is* an actual
+# sql-statement):
+$template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql
+
+
+
+# Samples of rules
+# ----------------
+# Regular file
+# ------------
+*.* /var/log/traditionalfile.log;TraditionalFormat # log to a file in the traditional format
+
+# Forwarding to remote machine
+# ----------------------------
+*.* @172.19.2.16 # udp (standard for syslog)
+*.* @@172.19.2.17 # tcp
+
+# Database action
+# ---------------
+# (you must have rsyslog-mysql package installed)
+# !!! Don't forget to set permission of rsyslog.conf to 600 !!!
+*.* >hostname,dbname,userid,password # (default Monitorware schema, can be created by /usr/share/doc/rsyslog-mysql-1.19.6/createDB.sql)
+
+# And this one uses the template defined above:
+*.* >hostname,dbname,userid,password;dbFormat
+
+# Program to execute
+# ------------------
+*.* ^alsaunmute # set default volume to soundcard
+
+# Filter using regex
+# ------------------
+# if the user logges word rulez or rulezz or rulezzz or..., then we will shut down his pc
+# (note, that + have to be double backslashed...)
+:msg, regex, "rulez\\+" ^poweroff
+
+# A more complex example
+# ----------------------
+$template bla_logged,"%timegenerated% the BLA was logged"
+:msg, contains, "bla" ^logger;bla_logged
+
+# Pipes
+# -----
+# first we need to create pipe by # mkfifo /a_big_pipe
+*.* |/a_big_pipe
+
+# Discarding
+# ----------
+*.* ~ # discards everything