From 08b99d095b06f88895a78cb26de34b67ceb7ed62 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 17 Mar 2021 11:02:36 +0100 Subject: [PATCH] Adding rsyslog config templates --- files/50_rsyslog.conf.el7 | 53 ++++++++++++++++++++++++++++++++++ files/50_rsyslog.conf.el8 | 60 +++++++++++++++++++++++++++++++++++++++ files/rsyslog.conf | 3 ++ 3 files changed, 116 insertions(+) create mode 100644 files/50_rsyslog.conf.el7 create mode 100644 files/50_rsyslog.conf.el8 create mode 100644 files/rsyslog.conf diff --git a/files/50_rsyslog.conf.el7 b/files/50_rsyslog.conf.el7 new file mode 100644 index 0000000..74aecb6 --- /dev/null +++ b/files/50_rsyslog.conf.el7 @@ -0,0 +1,53 @@ +# Initial /etc/rsyslog.d/50_rsyslog.conf for Enterprise Linux 7 + +$umask 0000 +$DirCreateMode 0750 +$DirGroup root +$DirOwner root +$FileCreateMode 0600 +$FileGroup root +$FileOwner root +$PrivDropToGroup root +$PrivDropToUser root +$RepeatedMsgReduction on +$maxMessageSize 64k +$workDirectory /var/lib/rsyslog +module(load="imjournal" + StateFile="imjournal.state" + IgnorePreviousMessages="off" + +) +module(load="imuxsock" + SysSock.Use="off" + +) +module(load="builtin:omfile" + fileOwner="root" + fileGroup="root" + dirGroup="root" + fileCreateMode="0640" + dirCreateMode="0755" + +) +module(load="builtin:omusrmsg" ) +# Everybody gets emergency messages +*.emerg :omusrmsg:* + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + +# Log anything (except mail) of level info or higher. +*.info;mail.none;authpriv.none;cron.none /var/log/messages + +# Log cron stuff +cron.* /var/log/cron + +# Save boot messages also to boot.log +local7.* -/var/log/boot.log + +# Save news errors of level crit and higher in a special file. +uucp,news.crit -/var/log/spooler + +# The authpriv file has restricted access. +auth,authpriv.* /var/log/secure + diff --git a/files/50_rsyslog.conf.el8 b/files/50_rsyslog.conf.el8 new file mode 100644 index 0000000..fe160be --- /dev/null +++ b/files/50_rsyslog.conf.el8 @@ -0,0 +1,60 @@ +# Initial /etc/rsyslog.d/50_rsyslog.conf for Enterprise Linux 8 + +$umask 0000 +$ActionQueueFileName queue +$ActionQueueMaxDiskSpace 1g +$ActionQueueSaveOnShutdown on +$ActionQueueType LinkedList +$ActionResumeRetryCount -1 +$PrivDropToGroup root +$PrivDropToUser root +$RepeatedMsgReduction on +global ( + parser.escapeControlCharactersOnReceive="on" + workDirectory="/var/lib/rsyslog" + maxMessageSize="64k" + +) +module(load="imjournal" + StateFile="imjournal.state" + IgnorePreviousMessages="off" + +) +module(load="immark") +module(load="imuxsock" + SysSock.Use="off" + SysSock.FlowControl="on" + SysSock.RateLimit.Interval="600" + SysSock.RateLimit.Burst="20000" + +) +module(load="builtin:omfile" + fileOwner="root" + fileGroup="root" + dirGroup="root" + fileCreateMode="0640" + dirCreateMode="0755" + +) +module(load="builtin:omusrmsg" ) +# Everybody gets emergency messages +*.emerg :omusrmsg:* + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + +# Log anything (except mail) of level info or higher. +*.info;mail.none;authpriv.none;cron.none /var/log/messages + +# Log cron stuff +cron.* /var/log/cron + +# Save boot messages also to boot.log +local7.* -/var/log/boot.log + +# Save news errors of level crit and higher in a special file. +uucp,news.crit -/var/log/spooler + +# The authpriv file has restricted access. +auth,authpriv.* /var/log/secure + diff --git a/files/rsyslog.conf b/files/rsyslog.conf new file mode 100644 index 0000000..b8973f8 --- /dev/null +++ b/files/rsyslog.conf @@ -0,0 +1,3 @@ +# Initial /etc/rsyslog.conf + +$IncludeConfig /etc/rsyslog.d/*.conf -- 2.39.5