Created
January 31, 2021 23:38
-
-
Save OnkelDom/634908138d4888d9842c11f1222b8163 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo vim /etc/rsyslog.conf | |
# /etc/rsyslog.conf configuration file for rsyslog | |
# | |
# For more information install rsyslog-doc and see | |
# /usr/share/doc/rsyslog-doc/html/configuration/index.html | |
################# | |
#### MODULES #### | |
################# | |
module(load="imuxsock") # provides support for local system logging | |
module(load="imklog") # provides kernel logging support | |
# provides UDP syslog reception | |
$ModLoad imudp | |
$UDPServerRun 514 | |
# provides TCP syslog reception | |
$ModLoad imtcp | |
$InputTCPServerRun 514 | |
########################### | |
#### GLOBAL DIRECTIVES #### | |
########################### | |
# | |
# Use traditional timestamp format. | |
# To enable high precision timestamps, comment out the following line. | |
# | |
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat | |
# | |
# Set the default permissions for all log files. | |
# | |
$FileOwner root | |
$FileGroup adm | |
$FileCreateMode 0644 | |
$DirCreateMode 0755 | |
$Umask 0022 | |
# | |
# Where to place spool and state files | |
# | |
$WorkDirectory /var/spool/rsyslog | |
# | |
# Include all config files in /etc/rsyslog.d/ | |
# | |
$IncludeConfig /etc/rsyslog.d/*.conf | |
############### | |
#### RULES #### | |
############### | |
# | |
# First some standard log files. Log by facility. | |
# | |
auth,authpriv.* /var/log/auth.log | |
*.*;auth,authpriv.none -/var/log/syslog | |
#cron.* /var/log/cron.log | |
daemon.* -/var/log/daemon.log | |
kern.* -/var/log/kern.log | |
lpr.* -/var/log/lpr.log | |
mail.* -/var/log/mail.log | |
user.* -/var/log/user.log | |
# | |
# Logging for the mail system. Split it up so that | |
# it is easy to write scripts to parse these files. | |
# | |
mail.info -/var/log/mail.info | |
mail.warn -/var/log/mail.warn | |
mail.err /var/log/mail.err | |
# | |
# Some "catch-all" log files. | |
# | |
*.=debug;\ | |
auth,authpriv.none;\ | |
news.none;mail.none -/var/log/debug | |
*.=info;*.=notice;*.=warn;\ | |
auth,authpriv.none;\ | |
cron,daemon.none;\ | |
mail,news.none -/var/log/messages | |
# | |
# Emergencies are sent to everybody logged in. | |
# | |
*.emerg :omusrmsg:* | |
################################ | |
#### One Log per Remotehost #### | |
################################ | |
template(name="DynFile" type="string" string="/var/log/remote/%HOSTNAME%.log") | |
ruleset(name="RemoteDevice"){ | |
action(type="omfile" dynaFile="DynFile") | |
} | |
module(load="imudp") | |
input(type="imudp" port="514" ruleset="RemoteDevice") | |
$ sudo vim /etc/logrotate.d/remotelogs | |
/var/log/remote/*.log { | |
daily # täglich Rotieren | |
missingok # Falls das Log nicht existiert ignoriere es | |
rotate 5 # Behalte 5 Logiles | |
compress # Komprimiere die alten Logs | |
delaycompress # Verschiebt die Kompression des letzten Logfiles auf den nächsten Rotationszyklus. | |
# Das hat nur im Zusammenhang mit compress Bedeutung. Es kann verwendet werden, wenn | |
# Programme nicht dazu veranlasst werden können, ihre Logdateien zu schließen und | |
# daher noch in die alte Datei weiterschreiben wollen. | |
notifempty # Leere Logdateien werden nicht rotiert | |
} | |
# Client config: | |
$ sudo vim /etc/rsyslog.conf | |
# Client config on top | |
$PreserveFQDN on | |
# Client config first under global directives: | |
if $syslogseverity <= '5' then @syslog.infra.onkeldom.lan | |
$ sudo mkdir /var/log/remote | |
$ sudo chown -R root:adm /var/log/remote | |
$ sudo systemctl restart rsyslog |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment