# /etc/rsyslog.conf configuration file for rsyslog## For more information install rsyslog-doc and see# /usr/share/doc/rsyslog-doc/html/configuration/index.html##################### MODULES #####################
module(load="imuxsock")# provides support for local system logging
module(load="imklog")# provides kernel logging support#module(load="immark") # provides --MARK-- message capability# provides UDP syslog reception#module(load="imudp")#input(type="imudp" port="514")# provides TCP syslog reception#module(load="imtcp")#input(type="imtcp" port="514")############################### GLOBAL DIRECTIVES ################################# Use traditional timestamp format.# To enable high precision timestamps, comment out the following line.#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
## Set the default permissions for all log files.#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022## Where to place spool and state files#
$WorkDirectory /var/spool/rsyslog
## Include all config files in /etc/rsyslog.d/#
$IncludeConfig /etc/rsyslog.d/*.conf
################### RULES ##################### First some standard log files. Log by facility.#
auth,authpriv.*/var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.*-/var/log/daemon.log
kern.*-/var/log/kern.log
lpr.*-/var/log/lpr.log
mail.*-/var/log/mail.log
user.*-/var/log/user.log
## Logging for the mail system. Split it up so that# it is easy to write scripts to parse these files.#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
## Some "catch-all" log files.#*.=debug;\
auth,authpriv.none;\
mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail.none -/var/log/messages
## Emergencies are sent to everybody logged in.#*.emerg :omusrmsg:*
1.3 日志事件级别划分
CentOS系统中,可以查询命令 man rsyslog.conf 获得日志事件级别划分内容,在Kali中暂未找到相关内容。