<file> <file_path>/etc/rsyslog.conf</file_path> <file_contents> <![CDATA[ \#\#\#\# MODULES \#\#\#\## \$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) \$ModLoad imfile \$WorkDirectory /var/spool/rsyslog \$ActionQueueType LinkedList \$ActionQueueFileName srvrfwd \$ActionResumeRetryCount -1 \$ActionQueueSaveOnShutDown on #if $getVar("compass_server", "") != "" \# *.* @@$compass_server:514 #else \# *.* @@$server:514 #end if \# Provides UDP syslog reception \#\$ModLoad imudp \#\$UDPServerRun 514 \# Provides TCP syslog reception \$ModLoad imtcp \$InputTCPServerRun 514 #set system_name = $getVar('system_name','') \$LocalHostName $system_name \#\#\#\# GLOBAL DIRECTIVES \#\#\#\## \# Use default timestamp format \$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat \# File syncing capability is disabled by default. This feature is usually not required, \# not useful and an extreme performance hit \#\$ActionFileEnableSync on \# Include all config files in /etc/rsyslog.d/ \$IncludeConfig /etc/rsyslog.d/*.conf \#\#\#\# RULES \#\#\#\## \# Log anything (except mail) of level info or higher. \# Don't log private authentication messages! syslog.*,daemon.* /var/log/messages \# The authpriv file has restricted access. authpriv.* /var/log/secure \# Log all the mail messages in one place. mail.* -/var/log/maillog \# Log cron stuff cron.* /var/log/cron \# Everybody gets emergency messages *.emerg * \# Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler \# Save boot messages also to boot.log local7.* /var/log/boot.log ]]> </file_contents> <file_owner>root.root</file_owner> <file_permissions>600</file_permissions> </file>