## ## WARNING: This config contains only statements that are ## safe for early syslog start, that is before ## the network and remote filesystems available. ## ## ## if you experience problems, check ## http://www.rsyslog.com/troubleshoot for assistance ## and report them at http://bugzilla.novell.com/ ## # rsyslog v3: load input modules # If you do not load inputs, nothing happens! $ModLoad immark.so # provides --MARK-- message capability $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # kernel logging (may be also provided by /sbin/klogd) # # Include config generated by /etc/init.d/syslog script # using the SYSLOGD_ADDITIONAL_SOCKET* variables in the # /etc/sysconfig/syslog file. # $IncludeConfig ADDITIONAL_SOCKETS ### # # print most on tty10 and on the xconsole pipe # kern.warning;*.err;authpriv.none /dev/tty10;RSYSLOG_TraditionalFileFormat kern.warning;*.err;authpriv.none |/dev/xconsole;RSYSLOG_TraditionalFileFormat *.emerg * # enable this, if you want that root is informed # immediately, e.g. of logins #*.alert root # # firewall messages into separate file and stop their further processing # if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') then \ -/var/log/firewall;RSYSLOG_TraditionalFileFormat if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') then \ ~ # # acpid messages into separate file and stop their further processing # # => all acpid messages for debuging (uncomment if needed): #if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ # -/var/log/acpid;RSYSLOG_TraditionalFileFormat # # => up to notice (skip info and debug) if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ ($syslogseverity <= 5) then \ -/var/log/acpid;RSYSLOG_TraditionalFileFormat if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ ~ # # NetworkManager into separate file and stop their further processing # if ($programname == 'NetworkManager') or \ ($programname startswith 'nm-') then \ -/var/log/NetworkManager;RSYSLOG_TraditionalFileFormat if ($programname == 'NetworkManager') or \ ($programname startswith 'nm-') then \ ~ # # email-messages # mail.* -/var/log/mail;RSYSLOG_TraditionalFileFormat mail.info -/var/log/mail.info;RSYSLOG_TraditionalFileFormat mail.warning -/var/log/mail.warn;RSYSLOG_TraditionalFileFormat mail.err /var/log/mail.err;RSYSLOG_TraditionalFileFormat # # news-messages # news.crit -/var/log/news/news.crit;RSYSLOG_TraditionalFileFormat news.err -/var/log/news/news.err;RSYSLOG_TraditionalFileFormat news.notice -/var/log/news/news.notice;RSYSLOG_TraditionalFileFormat # enable this, if you want to keep all news messages # in one file #news.* -/var/log/news.all;RSYSLOG_TraditionalFileFormat # # Warnings in one file # *.=warning;*.=err -/var/log/warn;RSYSLOG_TraditionalFileFormat *.crit /var/log/warn;RSYSLOG_TraditionalFileFormat # # the rest in one file # *.*;mail.none;news.none -/var/log/messages;RSYSLOG_TraditionalFileFormat # # enable this, if you want to keep all messages # in one file #*.* -/var/log/allmessages;RSYSLOG_TraditionalFileFormat # # Some foreign boot scripts require local7 # local0,local1.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat local2,local3.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat local4,local5.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat local6,local7.* -/var/log/localmessages;RSYSLOG_TraditionalFileFormat ###