1 # rsyslog v5 configuration file
2
3 # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
4 # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
5
6 #### MODULES #### #加载模块
7
8 $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
9 $ModLoad imklog # provides kernel logging support (previously done by rklogd)
10 #$ModLoad immark # provides --MARK-- message capability
11
12 # Provides UDP syslog reception #允许514端口接收使用UDP协议转发过来的日志
13 $ModLoad imudp
14 $UDPServerRun 514
15
16 # Provides TCP syslog reception #允许514端口接收使用TCP协议转发过来的日志
17 #$ModLoad imtcp
18 #$InputTCPServerRun 514
19
20
21 #### GLOBAL DIRECTIVES ####
22
23 # Use default timestamp format #定义日志格式默认模板
24 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
25
26 # File syncing capability is disabled by default. This feature is usually not required,
27 # not useful and an extreme performance hit
28 #$ActionFileEnableSync on
29
30 # Include all config files in /etc/rsyslog.d/
31 $IncludeConfig /etc/rsyslog.d/*.conf
32
33
34 #### RULES ####
35
36 # Log all kernel messages to the console.
37 # Logging much else clutters up the screen.
38 #kern.* /dev/console #关于内核的所有日志都放到/dev/console(控制台)
39
40 # Log anything (except mail) of level info or higher.
41 # Don't log private authentication messages!
42 *.info;mail.none;authpriv.none;cron.none /var/log/messages #记录所有日志类型的info级别以及大于info级别的信息到/var/log/messages,但是mail邮件信息,authpriv验证方面的信息和cron时间任务相关的信息除外
43
44 # The authpriv file has restricted access.
45 authpriv.* /var/log/secure #authpriv验证相关的所有信息存放在/var/log/secure
46
47 # Log all the mail messages in one place.
48 mail.* -/var/log/maillog #邮件的所有信息存放在/var/log/maillog; 这里有一个-符号, 表示是使用异步的方式记录, 因为日志一般会比较大
49
50
51 # Log cron stuff
52 cron.* /var/log/cron #计划任务有关的信息存放在/var/log/cron
53
54 # Everybody gets emergency messages
55 *.emerg * #记录所有的大于等于emerg级别信息,以wall方式发送给每个登录到系统的人(*代表所有在线用户)
56
57 # Save news errors of level crit and higher in a special file.
58 uucp,news.crit /var/log/spooler #记录uucp,news.crit等存放在/var/log/spooler
59
60 # Save boot messages also to boot.log #启动的相关信息
61 local7.* /var/log/boot.log
62 local0.* /var/log/haproxy.log
63
64 # ### begin forwarding rule ### #转发规则
65 # The statement between the begin ... end define a SINGLE forwarding
66 # rule. They belong together, do NOT split them. If you create multiple
67 # forwarding rules, duplicate the whole block!
68 # Remote Logging (we use TCP for reliable delivery)
69 #
70 # An on-disk queue is created for this action. If the remote host is
71 # down, messages are spooled to disk and sent when it is up again.
72 #$WorkDirectory /var/lib/rsyslog # where to place spool files
73 #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
74 #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
75 #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
76 #$ActionQueueType LinkedList # run asynchronously
77 #$ActionResumeRetryCount -1 # infinite retries if host is down
78 # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
79 #*.* @@remote-host:514 # @@表示通过tcp协议发送 @表示通过udp进行转发
80 # ### end of the forwarding rule ###