- Cleaned up the config files a bit, updated comments in config
file, marked the /etc/rsyslog.early.conf obsolete. Note: rsyslog will be started early/before network using its normal /etc/rsyslog.conf config file (adopted scripts in syslog-service package). When any kind of remote logging is in use, then on-disk queues should be enabled. To start it after the network, please set the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog (bnc#728565). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=74
This commit is contained in:
parent
a93bdfd569
commit
8f067b1d22
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 20 12:11:18 UTC 2012 - mt@suse.com
|
||||
|
||||
- Cleaned up the config files a bit, updated comments in config
|
||||
file, marked the /etc/rsyslog.early.conf obsolete.
|
||||
Note: rsyslog will be started early/before network using its normal
|
||||
/etc/rsyslog.conf config file (adopted scripts in syslog-service
|
||||
package). When any kind of remote logging is in use, then on-disk
|
||||
queues should be enabled. To start it after the network, please set
|
||||
the SYSLOG_REQUIRES_NETWORK=yes variable in /etc/sysconfig/syslog
|
||||
(bnc#728565).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 7 12:58:48 UTC 2011 - mrueckert@suse.de
|
||||
|
||||
|
@ -1,13 +1,15 @@
|
||||
##
|
||||
## === When you're using remote logging, enable on-disk queues ===
|
||||
## === in rsyslog.d/remote.conf. When neccesary also set the ===
|
||||
## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, ===
|
||||
## === e.g. when rsyslog has to receive on a specific IP only. ===
|
||||
##
|
||||
## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules
|
||||
## (provided in separate rsyslog-module-* packages) are enabled, the
|
||||
## configuration can't be used on a system with /usr on a remote
|
||||
## filesystem.
|
||||
## [The modules are linked against libraries installed bellow of /usr
|
||||
## thus also installed in /usr/lib*/rsyslog because of this.]
|
||||
##
|
||||
## You can change it by adding network-remotefs to the Required-Start
|
||||
## and Required-Stop LSB init tags in the /etc/init.d/syslog script.
|
||||
## filesystem, except on newer systems where initrd mounts /usr.
|
||||
## [The modules are linked against libraries installed bellow of
|
||||
## /usr thus also installed in /usr/lib*/rsyslog because of this.]
|
||||
##
|
||||
|
||||
#
|
||||
@ -16,28 +18,34 @@
|
||||
# and report them at http://bugzilla.novell.com/
|
||||
#
|
||||
|
||||
# rsyslog v3: load input modules
|
||||
# since rsyslog v3: load input modules
|
||||
# If you do not load inputs, nothing happens!
|
||||
|
||||
$ModLoad immark.so # provides --MARK-- message capability (every 1 hour)
|
||||
$MarkMessagePeriod 3600
|
||||
# provides --MARK-- message capability (every 1 hour)
|
||||
$ModLoad immark.so
|
||||
$MarkMessagePeriod 3600
|
||||
|
||||
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
|
||||
# reduce dupplicate log messages (last message repeated n times)
|
||||
$RepeatedMsgReduction on
|
||||
# provides support for local system logging (e.g. via logger command)
|
||||
$ModLoad imuxsock.so
|
||||
|
||||
$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd),
|
||||
# see also http://www.rsyslog.com/doc-imklog.html.
|
||||
$klogConsoleLogLevel 1 # set log level 1 (same as in /etc/sysconfig/syslog).
|
||||
# reduce dupplicate log messages (last message repeated n times)
|
||||
$RepeatedMsgReduction on
|
||||
|
||||
# kernel logging (may be also provided by /sbin/klogd)
|
||||
# see also http://www.rsyslog.com/doc-imklog.html.
|
||||
$ModLoad imklog.so
|
||||
# set log level 1 (same as in /etc/sysconfig/syslog).
|
||||
$klogConsoleLogLevel 1
|
||||
|
||||
#
|
||||
# Use traditional log format by default. To change it for a single
|
||||
# file, append ";RSYSLOG_TraditionalFileFormat" to the filename.
|
||||
# Use traditional log format by default. To change a single
|
||||
# file to use rsyslog format (high-precision timestamps),
|
||||
# append ";RSYSLOG_FileFormat" to the filename. See
|
||||
# http://www.rsyslog.com/doc/rsyslog_conf_templates.html
|
||||
# for more informations.
|
||||
#
|
||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||
|
||||
|
||||
#
|
||||
# Include config generated by /etc/init.d/syslog script
|
||||
# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the
|
||||
|
@ -1,40 +1,53 @@
|
||||
##
|
||||
## === When you're using remote logging, enable on-disk queues ===
|
||||
## === in rsyslog.d/remote.conf. When neccesary also set the ===
|
||||
## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, ===
|
||||
## === e.g. when rsyslog has to receive on a specific IP only. ===
|
||||
##
|
||||
## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules
|
||||
## (provided in separate rsyslog-module-* packages) are enabled, the
|
||||
## configuration can't be used on a system with /usr on a remote
|
||||
## filesystem.
|
||||
## [The modules are linked against libraries installed bellow of /usr
|
||||
## thus also installed in /usr/lib*/rsyslog because of this.]
|
||||
##
|
||||
## You can change it by adding network-remotefs to the Required-Start
|
||||
## and Required-Stop LSB init tags in the /etc/init.d/syslog script.
|
||||
## filesystem, except on newer systems where initrd mounts /usr.
|
||||
## [The modules are linked against libraries installed bellow of
|
||||
## /usr thus also installed in /usr/lib*/rsyslog because of this.]
|
||||
##
|
||||
|
||||
|
||||
# Remote Logging (we use TCP for reliable delivery)
|
||||
# ######### Enable On-Disk queues for remote logging ##########
|
||||
#
|
||||
# An on-disk queue is created for this action. If the remote host is
|
||||
# down, messages are spooled to disk and sent when it is up again.
|
||||
#
|
||||
#$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files
|
||||
#$ActionQueueFileName uniqName # unique name prefix for spool files
|
||||
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
||||
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
||||
#$ActionQueueType LinkedList # run asynchronously
|
||||
#$ActionResumeRetryCount -1 # infinite retries if host is down
|
||||
|
||||
# ######### Sending Messages to Remote Hosts ##########
|
||||
|
||||
# Remote Logging using TCP for reliable delivery
|
||||
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
||||
#*.* @@remote-host
|
||||
|
||||
# Remote Logging using UDP
|
||||
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
||||
#*.* @remote-host
|
||||
|
||||
|
||||
# ######### Receiving Messages from Remote Hosts ##########
|
||||
# TCP Syslog Server:
|
||||
# provides TCP syslog reception and GSS-API (if compiled to support it)
|
||||
#$ModLoad imtcp.so # load module
|
||||
# Note: as of now, you need to use the -t command line option to
|
||||
# enable TCP reception (e.g. -t514 to run a server at port 514/tcp)
|
||||
# This will change in later v3 releases.
|
||||
#$ModLoad imtcp.so # load module
|
||||
##$UDPServerAddress 10.10.0.1 # force to listen on this IP only,
|
||||
## # needs SYSLOG_REQUIRES_NETWORK=yes.
|
||||
#$InputTCPServerRun <port> # Starts a TCP server on selected port
|
||||
|
||||
# UDP Syslog Server:
|
||||
#$ModLoad imudp.so # provides UDP syslog reception
|
||||
#$UDPServerRun 514 # start a UDP syslog server at standard port 514
|
||||
#$ModLoad imudp.so # provides UDP syslog reception
|
||||
##$UDPServerAddress 10.10.0.1 # force to listen on this IP only,
|
||||
## # needs SYSLOG_REQUIRES_NETWORK=yes.
|
||||
#$UDPServerRun 514 # start a UDP syslog server at standard port 514
|
||||
|
||||
|
||||
########### Encrypting Syslog Traffic with TLS ##########
|
||||
|
@ -1,25 +1,42 @@
|
||||
##
|
||||
## WARNING: This config contains only statements that are
|
||||
## safe for early syslog start, that is before the
|
||||
## network and remote filesystems are available.
|
||||
##
|
||||
## Don't include ETC_RSYSLOG_D_DIR/remote.conf
|
||||
## in this configuration file or enable any of the
|
||||
## additional (MYSQL, PGSQL, GSSAPI, GnuTLS, SNMP)
|
||||
## modules provided in separate module packages.
|
||||
##
|
||||
##
|
||||
## if you experience problems, check
|
||||
## http://www.rsyslog.com/troubleshoot for assistance
|
||||
## and report them at http://bugzilla.novell.com/
|
||||
## NOTE: This config file is obsolete and will be dropped in
|
||||
## further package versions. Even while early syslog
|
||||
## start, the /etc/rsyslog.conf file is used now.
|
||||
##
|
||||
|
||||
# rsyslog v3: load input modules
|
||||
#
|
||||
# if you experience problems, check
|
||||
# http://www.rsyslog.com/troubleshoot for assistance
|
||||
# and report them at http://bugzilla.novell.com/
|
||||
#
|
||||
|
||||
# since rsyslog v3: load input modules
|
||||
# If you do not load inputs, nothing happens!
|
||||
|
||||
$ModLoad immark.so # provides --MARK-- message capability
|
||||
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
|
||||
$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd)
|
||||
# provides --MARK-- message capability (every 1 hour)
|
||||
$ModLoad immark.so
|
||||
$MarkMessagePeriod 3600
|
||||
|
||||
# provides support for local system logging (e.g. via logger command)
|
||||
$ModLoad imuxsock.so
|
||||
|
||||
# reduce dupplicate log messages (last message repeated n times)
|
||||
$RepeatedMsgReduction on
|
||||
|
||||
# kernel logging (may be also provided by /sbin/klogd)
|
||||
# see also http://www.rsyslog.com/doc-imklog.html.
|
||||
$ModLoad imklog.so
|
||||
# set log level 1 (same as in /etc/sysconfig/syslog).
|
||||
$klogConsoleLogLevel 1
|
||||
|
||||
#
|
||||
# Use traditional log format by default. To change a single
|
||||
# file to use rsyslog format (high-precision timestamps),
|
||||
# append ";RSYSLOG_FileFormat" to the filename. See
|
||||
# http://www.rsyslog.com/doc/rsyslog_conf_templates.html
|
||||
# for more informations.
|
||||
#
|
||||
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||
|
||||
#
|
||||
# Include config generated by /etc/init.d/syslog script
|
||||
@ -28,92 +45,109 @@ $ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd)
|
||||
#
|
||||
$IncludeConfig ADDITIONAL_SOCKETS
|
||||
|
||||
|
||||
###
|
||||
# print most important on tty10 and on the xconsole pipe
|
||||
#
|
||||
# print most on tty10 and on the xconsole pipe
|
||||
#
|
||||
kern.warning;*.err;authpriv.none /dev/tty10;RSYSLOG_TraditionalFileFormat
|
||||
kern.warning;*.err;authpriv.none |/dev/xconsole;RSYSLOG_TraditionalFileFormat
|
||||
if ( \
|
||||
/* kernel up to warning except of firewall */ \
|
||||
($syslogfacility-text == 'kern') and \
|
||||
($syslogseverity <= 4 /* warning */ ) and not \
|
||||
($msg contains 'IN=' and $msg contains 'OUT=') \
|
||||
) or ( \
|
||||
/* up to errors except of facility authpriv */ \
|
||||
($syslogseverity <= 3 /* errors */ ) and not \
|
||||
($syslogfacility-text == 'authpriv') \
|
||||
) \
|
||||
then /dev/tty10
|
||||
& |/dev/xconsole
|
||||
|
||||
|
||||
# Emergency messages to everyone logged on (wall)
|
||||
*.emerg :omusrmsg:*
|
||||
|
||||
# enable this, if you want that root is informed
|
||||
# immediately, e.g. of logins
|
||||
#*.alert root
|
||||
|
||||
|
||||
#
|
||||
# firewall messages into separate file and stop their further processing
|
||||
#
|
||||
if ($syslogfacility-text == 'kern') and \
|
||||
($msg contains 'IN=' and $msg contains 'OUT=') then \
|
||||
-/var/log/firewall;RSYSLOG_TraditionalFileFormat
|
||||
if ($syslogfacility-text == 'kern') and \
|
||||
($msg contains 'IN=' and $msg contains 'OUT=') then \
|
||||
~
|
||||
($msg contains 'IN=' and $msg contains 'OUT=') \
|
||||
then -/var/log/firewall
|
||||
& ~
|
||||
|
||||
|
||||
#
|
||||
# acpid messages into separate file and stop their further processing
|
||||
#
|
||||
# => all acpid messages for debuging (uncomment if needed):
|
||||
#if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \
|
||||
# -/var/log/acpid;RSYSLOG_TraditionalFileFormat
|
||||
# -/var/log/acpid
|
||||
#
|
||||
# => up to notice (skip info and debug)
|
||||
if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \
|
||||
($syslogseverity <= 5) then \
|
||||
-/var/log/acpid;RSYSLOG_TraditionalFileFormat
|
||||
if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \
|
||||
~
|
||||
($syslogseverity <= 5 /* notice */) \
|
||||
then -/var/log/acpid
|
||||
& ~
|
||||
|
||||
|
||||
#
|
||||
# NetworkManager into separate file and stop their further processing
|
||||
#
|
||||
if ($programname == 'NetworkManager') or \
|
||||
($programname startswith 'nm-') then \
|
||||
-/var/log/NetworkManager;RSYSLOG_TraditionalFileFormat
|
||||
if ($programname == 'NetworkManager') or \
|
||||
($programname startswith 'nm-') then \
|
||||
~
|
||||
($programname startswith 'nm-') \
|
||||
then -/var/log/NetworkManager
|
||||
& ~
|
||||
|
||||
|
||||
#
|
||||
# email-messages
|
||||
#
|
||||
mail.* -/var/log/mail;RSYSLOG_TraditionalFileFormat
|
||||
mail.info -/var/log/mail.info;RSYSLOG_TraditionalFileFormat
|
||||
mail.warning -/var/log/mail.warn;RSYSLOG_TraditionalFileFormat
|
||||
mail.err /var/log/mail.err;RSYSLOG_TraditionalFileFormat
|
||||
mail.* -/var/log/mail
|
||||
mail.info -/var/log/mail.info
|
||||
mail.warning -/var/log/mail.warn
|
||||
mail.err /var/log/mail.err
|
||||
|
||||
|
||||
#
|
||||
# news-messages
|
||||
#
|
||||
news.crit -/var/log/news/news.crit;RSYSLOG_TraditionalFileFormat
|
||||
news.err -/var/log/news/news.err;RSYSLOG_TraditionalFileFormat
|
||||
news.notice -/var/log/news/news.notice;RSYSLOG_TraditionalFileFormat
|
||||
news.crit -/var/log/news/news.crit
|
||||
news.err -/var/log/news/news.err
|
||||
news.notice -/var/log/news/news.notice
|
||||
# enable this, if you want to keep all news messages
|
||||
# in one file
|
||||
#news.* -/var/log/news.all;RSYSLOG_TraditionalFileFormat
|
||||
#news.* -/var/log/news.all
|
||||
|
||||
|
||||
#
|
||||
# Warnings in one file
|
||||
#
|
||||
*.=warning;*.=err -/var/log/warn;RSYSLOG_TraditionalFileFormat
|
||||
*.crit /var/log/warn;RSYSLOG_TraditionalFileFormat
|
||||
*.=warning;*.=err -/var/log/warn
|
||||
*.crit /var/log/warn
|
||||
|
||||
|
||||
#
|
||||
# the rest in one file
|
||||
#
|
||||
*.*;mail.none;news.none -/var/log/messages;RSYSLOG_TraditionalFileFormat
|
||||
*.*;mail.none;news.none -/var/log/messages
|
||||
|
||||
|
||||
#
|
||||
# enable this, if you want to keep all messages
|
||||
# in one file
|
||||
#*.* -/var/log/allmessages;RSYSLOG_TraditionalFileFormat
|
||||
#*.* -/var/log/allmessages
|
||||
|
||||
|
||||
#
|
||||
# Some foreign boot scripts require local7
|
||||
#
|
||||
local0,local1.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat
|
||||
local2,local3.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat
|
||||
local4,local5.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat
|
||||
local6,local7.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat
|
||||
local0,local1.* -/var/log/localmessages
|
||||
local2,local3.* -/var/log/localmessages
|
||||
local4,local5.* -/var/log/localmessages
|
||||
local6,local7.* -/var/log/localmessages
|
||||
|
||||
###
|
||||
|
26
rsyslog.spec
26
rsyslog.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package rsyslog
|
||||
#
|
||||
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -21,7 +21,7 @@
|
||||
Name: rsyslog
|
||||
Summary: The enhanced syslogd for Linux and Unix
|
||||
Version: 5.8.5
|
||||
Release: 4
|
||||
Release: 1
|
||||
# for setting those bcond_with* configs see
|
||||
# http://lizards.opensuse.org/2008/09/12/conditional-features-aka-use-flags/
|
||||
%if 0%{?suse_version} >= 1140
|
||||
@ -56,7 +56,7 @@ Release: 4
|
||||
%define _libdir /%_lib
|
||||
%define rsyslog_module_dir_nodeps %{_libdir}/rsyslog/
|
||||
%define rsyslog_module_dir_withdeps %{_prefix}/%{_lib}/rsyslog/
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Url: http://www.rsyslog.com/
|
||||
AutoReqProv: on
|
||||
@ -131,7 +131,7 @@ protected syslog relay chains while at the same time being very easy to
|
||||
setup for the novice user.
|
||||
|
||||
%package doc
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: Additional documentation for rsyslog
|
||||
@ -143,7 +143,7 @@ package.
|
||||
This package provides additional documentation for rsyslog.
|
||||
|
||||
%package diag-tools
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: Diagnostic tools
|
||||
@ -158,7 +158,7 @@ usually not needed).
|
||||
%if %{with gssapi}
|
||||
|
||||
%package module-gssapi
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: GSS-API support module for rsyslog
|
||||
@ -174,7 +174,7 @@ network protected via Kerberos 5 encryption and authentication.
|
||||
%if %{with mysql}
|
||||
|
||||
%package module-mysql
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: MySQL support module for rsyslog
|
||||
@ -190,7 +190,7 @@ databases.
|
||||
%if %{with pgsql}
|
||||
|
||||
%package module-pgsql
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: PostgreSQL support module for rsyslog
|
||||
@ -205,7 +205,7 @@ This module provides the support for logging into PostgreSQL databases.
|
||||
%if %{with dbi}
|
||||
|
||||
%package module-dbi
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: Database support via DBI
|
||||
@ -221,7 +221,7 @@ supported databases.
|
||||
%if %{with snmp}
|
||||
|
||||
%package module-snmp
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: SNMP support module for rsyslog
|
||||
@ -237,7 +237,7 @@ v2c traps.
|
||||
%if %{with gnutls}
|
||||
|
||||
%package module-gtls
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: TLS encryption support module for rsyslog
|
||||
@ -253,7 +253,7 @@ on current syslog-transport-tls internet drafts).
|
||||
%if %{with relp}
|
||||
|
||||
%package module-relp
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: RELP protocol support module for syslog
|
||||
@ -267,7 +267,7 @@ This module provides Reliable Event Logging Protocol support.
|
||||
%endif
|
||||
|
||||
%package module-udpspoof
|
||||
License: GPLv3+
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %{name} = %{version}
|
||||
Summary: UDP spoof support module for syslog
|
||||
|
Loading…
Reference in New Issue
Block a user