#rsyslog v3 config file # if you experience problems, check # httpwww.rsyslog.comtroubleshoot for assistance #### MODULES #### $ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) $ModLoad imklog.so # provides kernel logging support (previously done by rklogd) #$ModLoad immark.so # provides --MARK-- message capability # Provides UDP syslog reception $ModLoad imudp.so $UDPServerRun 514 # Provides TCP syslog reception $ModLoad imtcp.so $InputTCPServerRun 514 #### GLOBAL DIRECTIVES #### # Use default timestamp format $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # File syncing capability is disabled by default. This feature is usually not required, # not useful and an extreme performance hit #$ActionFileEnableSync on #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern. devconsole # Log anything (except mail) of level info or higher. # Don't log private authentication messages! .info;mail.none;authpriv.none;cron.none varlogmessages # The authpriv file has restricted access. authpriv. varlogsecure # Log all the mail messages in one place. mail. -varlogmaillog # Log cron stuff cron. varlogcron # Everybody gets emergency messages .emerg # Save news errors of level crit and higher in a special file. uucp,news.crit varlogspooler # Save boot messages also to boot.log local7. varlogboot.log # log messages from Cisco PIX. local5. homesyslogpix.log # log messages from Cisco VPN Concentrator local4. homesyslogvpn.log # log messages from Cisco Hardware. local6. homesyslogrouter.log # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$WorkDirectory varsppplrsyslog # where to place spool files #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # remote host is nameipport, e.g. 192.168.0.1514, port optional #. @@remote-host514 # ### end of the forwarding rule ### # A template to for higher precision timestamps + severity logging $template SpiceTmpl,%TIMESTAMP%.%TIMESTAMPdate-subseconds% %syslogtag% %syslogseverity-text%%msgsp-if-no-1st-sp%%msgdrop-last-lf%n programname, startswith, spice-vdagent varlogspice-vdagent.log;SpiceTmpl