rsyslog.conf - local rsyslogd
## /etc/rsyslog.conf Configuration file for rsyslog.
## /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
## REMOTE LOGGING CFG >>
$ModLoad imudp
$ModLoad imtcp
## [REMOTEHOST]
$UDPServerRun 514
$InputTCPServerRun 514
## << END OF REMOTE LOGGING CFG
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$WorkDirectory /var/spool/rsyslog
$IncludeConfig /etc/rsyslog.d/*.conf
## REMOTE LOGGING CFG >>
## [LOCALHOST] submit to remote host via tcp, ...
*.* @@172.16.11.155:514
## [LOCALHOST] ... or via udp
# *.* @other-server.example.net:10514
## [REMOTEHOST] LOGGING TEMPLATES: HOSTNAME .log
# $template PerHostLog,"/var/log/%HOSTNAME%.log"
## [REMOTEHOST] LOGGING TEMPLATES: IP ADDRESS .log
$template PerHostLog,"/var/log/%fromhost-ip%.log"
## [LOCALHOST] log all local5.* to /var/log/messages, ...
# local5.* -/var/log/messages
## [REMOTEHOST] ... and all remote to ?PerHostLog
if $fromhost-ip startswith '172.16.11.' then -?PerHostLog
& ~
## << END OF REMOTE LOGGING CFG
*.*;auth;cron.*;daemon.*; kern.* -/var/log/messages
mail.* /var/log/mail.log
*.=debug; auth,authpriv.none -/var/log/messages
*.=info;*.=notice;*.=warn -/var/log/messages
*.emerg :omusrmsg:*
## /etc/rsyslog.conf Configuration file for rsyslog.
## /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$WorkDirectory /var/spool/rsyslog
$IncludeConfig /etc/rsyslog.d/*.conf
*.*;auth;cron.*;daemon.*; kern.* -/var/log/messages
mail.* /var/log/mail.log
*.=debug; auth,authpriv.none -/var/log/messages
*.=info;*.=notice;*.=warn -/var/log/messages
*.emerg :omusrmsg:*