1 # rsyslog v5 configuration file
2
3 # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
4 # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
5
6 #### MODULES ####
7
8 $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
9 $ModLoad imklog # provides kernel logging support (previously done by rklogd)
10 $ModLoad immark # provides --MARK-- message capability
11
12 # Provides UDP syslog reception
13 $ModLoad imudp #开启udp的514端口。也可以开启tcp的514端口,这里只接受udp的
14 $UDPServerRun 514
15
16 # Provides TCP syslog reception
17 #$ModLoad imtcp
18 #$InputTCPServerRun 514
19
20 $WorkDirectory /var/lib/rsyslog
21 $AllowedSender udp, 192.168.17.0/8 #仅仅接收来自192.168.17.0/8网段的主机的udp日志(这个是公司防火墙的ip地址)
22 #### GLOBAL DIRECTIVES ####
23
24 # Use default timestamp format
25 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
26 $template Remote,"/data/fw_logs/%fromhost-ip%/%fromhost-ip%_%$YEAR%-%$MONTH%-%$DAY%.log" #定义模板,接受日志文件路径,区分了不同主机的日志
27 :fromhost-ip, !isequal, "127.0.0.1" ?Remote # 过滤server 本机的日志
28 # File syncing capability is disabled by default. This feature is usually not required,
29 # not useful and an extreme performance hit
30 #$ActionFileEnableSync on
31
32 # Include all config files in /etc/rsyslog.d/
33 $IncludeConfig /etc/rsyslog.d/*.conf
34
35
36 #### RULES ####
37
38 # Log all kernel messages to the console.
39 # Logging much else clutters up the screen.
40 #kern.* /dev/console
41
42 # Log anything (except mail) of level info or higher.
43 # Don't log private authentication messages!
44 *.info;mail.none;authpriv.none;cron.none /var/log/messages
45
46 # The authpriv file has restricted access.
47 authpriv.* /var/log/secure
48
49 # Log all the mail messages in one place.
50 mail.* -/var/log/maillog
51 local4.* /data/fw.log
52
53 # Log cron stuff
54 cron.* /var/log/cron
55
56 # Everybody gets emergency messages
57 *.emerg *
58
59 # Save news errors of level crit and higher in a special file.
60 uucp,news.crit /var/log/spooler
61
62 # Save boot messages also to boot.log
63 local7.* /var/log/boot.log
64
65
66 # ### begin forwarding rule ###
67 # The statement between the begin ... end define a SINGLE forwarding
68 # rule. They belong together, do NOT split them. If you create multiple
69 # forwarding rules, duplicate the whole block!
70 # Remote Logging (we use TCP for reliable delivery)
71 #
72 # An on-disk queue is created for this action. If the remote host is
73 # down, messages are spooled to disk and sent when it is up again.
74 #$WorkDirectory /var/lib/rsyslog # where to place spool files
75 #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
76 #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
77 #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
78 #$ActionQueueType LinkedList # run asynchronously
79 #$ActionResumeRetryCount -1 # infinite retries if host is down
80 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
81 #*.* @@remote-host:514
82 # ### end of the forwarding rule ###
