rsyslog/rsyslog.early.conf.in

##
## WARNING: This config contains only statements that are
##          safe for early syslog start, that is before the
##          network and remote filesystems are available.
##
##          Don't include ETC_RSYSLOG_D_DIR/remote.conf
##          in this configuration file or enable any of the
##          additional (MYSQL, PGSQL, GSSAPI, GnuTLS, SNMP)
##          modules provided in separate module packages.
##
##
## if you experience problems, check
## http://www.rsyslog.com/troubleshoot for assistance
## and report them at http://bugzilla.novell.com/
##

# rsyslog v3: load input modules
# If you do not load inputs, nothing happens!

$ModLoad immark.so   # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so   # kernel logging (may be also provided by /sbin/klogd)

#
# Include config generated by /etc/init.d/syslog script
# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the
# /etc/sysconfig/syslog file.
#
$IncludeConfig ADDITIONAL_SOCKETS

###
#
# print most on tty10 and on the xconsole pipe
#
kern.warning;*.err;authpriv.none	 /dev/tty10;RSYSLOG_TraditionalFileFormat
kern.warning;*.err;authpriv.none	|/dev/xconsole;RSYSLOG_TraditionalFileFormat
*.emerg					 :omusrmsg:*

# enable this, if you want that root is informed
# immediately, e.g. of logins
#*.alert				root

#
# firewall messages into separate file and stop their further processing
#
if	($syslogfacility-text == 'kern') and \
	($msg contains 'IN=' and $msg contains 'OUT=') then \
	-/var/log/firewall;RSYSLOG_TraditionalFileFormat
if	($syslogfacility-text == 'kern') and \
	($msg contains 'IN=' and $msg contains 'OUT=') then \
	~

#
# acpid messages into separate file and stop their further processing
#
# => all acpid messages for debuging (uncomment if needed):
#if	($programname == 'acpid' or $syslogtag == '[acpid]:') then \
#	-/var/log/acpid;RSYSLOG_TraditionalFileFormat
#
# => up to notice (skip info and debug)
if	($programname == 'acpid' or $syslogtag == '[acpid]:') and \
	($syslogseverity <= 5) then \
	-/var/log/acpid;RSYSLOG_TraditionalFileFormat
if	($programname == 'acpid' or $syslogtag == '[acpid]:') then \
	~

#
# NetworkManager into separate file and stop their further processing
#
if      ($programname == 'NetworkManager') or \
	($programname startswith 'nm-') then \
	-/var/log/NetworkManager;RSYSLOG_TraditionalFileFormat
if      ($programname == 'NetworkManager') or \
	($programname startswith 'nm-') then \
	~

#
# email-messages
#
mail.*					-/var/log/mail;RSYSLOG_TraditionalFileFormat
mail.info				-/var/log/mail.info;RSYSLOG_TraditionalFileFormat
mail.warning				-/var/log/mail.warn;RSYSLOG_TraditionalFileFormat
mail.err				 /var/log/mail.err;RSYSLOG_TraditionalFileFormat

#
# news-messages
#
news.crit				-/var/log/news/news.crit;RSYSLOG_TraditionalFileFormat
news.err				-/var/log/news/news.err;RSYSLOG_TraditionalFileFormat
news.notice				-/var/log/news/news.notice;RSYSLOG_TraditionalFileFormat
# enable this, if you want to keep all news messages
# in one file
#news.*					-/var/log/news.all;RSYSLOG_TraditionalFileFormat

#
# Warnings in one file
#
*.=warning;*.=err			-/var/log/warn;RSYSLOG_TraditionalFileFormat
*.crit					 /var/log/warn;RSYSLOG_TraditionalFileFormat

#
# the rest in one file
#
*.*;mail.none;news.none			-/var/log/messages;RSYSLOG_TraditionalFileFormat

#
# enable this, if you want to keep all messages
# in one file
#*.*					-/var/log/allmessages;RSYSLOG_TraditionalFileFormat

#
# Some foreign boot scripts require local7
#
local0,local1.*				-/var/log/localmessages;RSYSLOG_TraditionalFileFormat
local2,local3.*				-/var/log/localmessages;RSYSLOG_TraditionalFileFormat
local4,local5.*				-/var/log/localmessages;RSYSLOG_TraditionalFileFormat
local6,local7.*				-/var/log/localmessages;RSYSLOG_TraditionalFileFormat

###