Rsyslog.conf provides support for local system logging $ModLoad imuxsock provides kernel logging support $ModLoad imklog To enable high precision timestamps, comment out the following line. $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Set the default permissions for all log files. $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 Where to place spool and state files $WorkDirectory /var/spool/rsyslog Include all config files in /etc/rsyslog.d/ $IncludeConfig /etc/rsyslog.d/*.conf Log by facility. auth,authpriv.* /var/log/auth.log *.*;cron,auth,authpriv.none /var/log/syslog daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log Emergencies are sent to everybody logged in. *.emerg :omusrmsg:*