Marius Tomaschewski
bbb8e3484a
* compile failed on systems without epoll_create1() Thanks to David Hill for providing a fix. * atomic increment for msg object may not work correct on all platforms. Thanks to Chris Metcalf for the patch * replacements for atomic operations for non-int sized types had problems. At least one instance of that problem could potentially lead to abort (inside omfile). - Increased mark frequency in rsyslog.conf to 1 hour - Enabled duplicate message reduction in rsyslog.conf to catch at least buggy programs running amok and writting same message zillion times until the disk gets out of space (bnc#656197). OBS-URL: https://build.opensuse.org/package/show/Base:System/rsyslog?expand=0&rev=30
159 lines
4.0 KiB
Plaintext
159 lines
4.0 KiB
Plaintext
##
|
|
## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules
|
|
## (provided in separate rsyslog-module-* packages) are enabled, the
|
|
## configuration can't be used on a system with /usr on a remote
|
|
## filesystem.
|
|
## [The modules are linked against libraries installed bellow of /usr
|
|
## thus also installed in /usr/lib*/rsyslog because of this.]
|
|
##
|
|
## You can change it by adding network-remotefs to the Required-Start
|
|
## and Required-Stop LSB init tags in the /etc/init.d/syslog script.
|
|
##
|
|
|
|
#
|
|
# if you experience problems, check
|
|
# http://www.rsyslog.com/troubleshoot for assistance
|
|
# and report them at http://bugzilla.novell.com/
|
|
#
|
|
|
|
# rsyslog v3: load input modules
|
|
# If you do not load inputs, nothing happens!
|
|
|
|
$ModLoad immark.so # provides --MARK-- message capability (every 1 hour)
|
|
$MarkMessagePeriod 3600
|
|
|
|
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
|
|
# reduce dupplicate log messages (last message repeated n times)
|
|
$RepeatedMsgReduction on
|
|
|
|
$ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd),
|
|
# see also http://www.rsyslog.com/doc-imklog.html.
|
|
$klogConsoleLogLevel 1 # set log level 1 (same as in /etc/sysconfig/syslog).
|
|
|
|
|
|
#
|
|
# Use traditional log format by default. To change it for a single
|
|
# file, append ";RSYSLOG_TraditionalFileFormat" to the filename.
|
|
#
|
|
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
|
|
|
|
|
#
|
|
# Include config generated by /etc/init.d/syslog script
|
|
# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the
|
|
# /etc/sysconfig/syslog file.
|
|
#
|
|
$IncludeConfig /var/run/rsyslog/additional-log-sockets.conf
|
|
|
|
#
|
|
# Include config files, that the admin provided? :
|
|
#
|
|
$IncludeConfig /etc/rsyslog.d/*.conf
|
|
|
|
|
|
###
|
|
# print most important on tty10 and on the xconsole pipe
|
|
#
|
|
if ( \
|
|
/* kernel up to warning except of firewall */ \
|
|
($syslogfacility-text == 'kern') and \
|
|
($syslogseverity <= 4 /* warning */ ) and not \
|
|
($msg contains 'IN=' and $msg contains 'OUT=') \
|
|
) or ( \
|
|
/* up to errors except of facility authpriv */ \
|
|
($syslogseverity <= 3 /* errors */ ) and not \
|
|
($syslogfacility-text == 'authpriv') \
|
|
) \
|
|
then /dev/tty10
|
|
& |/dev/xconsole
|
|
|
|
|
|
# Emergency messages to everyone logged on (wall)
|
|
*.emerg *
|
|
|
|
# enable this, if you want that root is informed
|
|
# immediately, e.g. of logins
|
|
#*.alert root
|
|
|
|
|
|
#
|
|
# firewall messages into separate file and stop their further processing
|
|
#
|
|
if ($syslogfacility-text == 'kern') and \
|
|
($msg contains 'IN=' and $msg contains 'OUT=') \
|
|
then -/var/log/firewall
|
|
& ~
|
|
|
|
|
|
#
|
|
# acpid messages into separate file and stop their further processing
|
|
#
|
|
# => all acpid messages for debuging (uncomment if needed):
|
|
#if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \
|
|
# -/var/log/acpid
|
|
#
|
|
# => up to notice (skip info and debug)
|
|
if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \
|
|
($syslogseverity <= 5 /* notice */) \
|
|
then -/var/log/acpid
|
|
& ~
|
|
|
|
|
|
#
|
|
# NetworkManager into separate file and stop their further processing
|
|
#
|
|
if ($programname == 'NetworkManager') or \
|
|
($programname startswith 'nm-') \
|
|
then -/var/log/NetworkManager
|
|
& ~
|
|
|
|
|
|
#
|
|
# email-messages
|
|
#
|
|
mail.* -/var/log/mail
|
|
mail.info -/var/log/mail.info
|
|
mail.warning -/var/log/mail.warn
|
|
mail.err /var/log/mail.err
|
|
|
|
|
|
#
|
|
# news-messages
|
|
#
|
|
news.crit -/var/log/news/news.crit
|
|
news.err -/var/log/news/news.err
|
|
news.notice -/var/log/news/news.notice
|
|
# enable this, if you want to keep all news messages
|
|
# in one file
|
|
#news.* -/var/log/news.all
|
|
|
|
|
|
#
|
|
# Warnings in one file
|
|
#
|
|
*.=warning;*.=err -/var/log/warn
|
|
*.crit /var/log/warn
|
|
|
|
|
|
#
|
|
# the rest in one file
|
|
#
|
|
*.*;mail.none;news.none -/var/log/messages
|
|
|
|
|
|
#
|
|
# enable this, if you want to keep all messages
|
|
# in one file
|
|
#*.* -/var/log/allmessages
|
|
|
|
|
|
#
|
|
# Some foreign boot scripts require local7
|
|
#
|
|
local0,local1.* -/var/log/localmessages
|
|
local2,local3.* -/var/log/localmessages
|
|
local4,local5.* -/var/log/localmessages
|
|
local6,local7.* -/var/log/localmessages
|
|
|
|
###
|