diff options
author | Christian Breunig <christian@breunig.cc> | 2023-05-09 19:24:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-09 19:24:55 +0200 |
commit | 73ec6fd55d1881e9ca0439a993e9bda8e06d1448 (patch) | |
tree | 257f198d0ece25c420e0841cc5a4cd3135b0d85d /src/etc | |
parent | 3543aecf8463d5d6328ac669c12c482ed4e1ccba (diff) | |
parent | 46d2bcdb0b500b4d1b9d973ab5b9ca3c6cf44e51 (diff) | |
download | vyos-1x-73ec6fd55d1881e9ca0439a993e9bda8e06d1448.tar.gz vyos-1x-73ec6fd55d1881e9ca0439a993e9bda8e06d1448.zip |
Merge pull request #1985 from c-po/t2778-syslog
syslog: T2778: T2769: refactoring and VRF support
Diffstat (limited to 'src/etc')
-rw-r--r-- | src/etc/rsyslog.conf | 67 | ||||
-rw-r--r-- | src/etc/rsyslog.d/01-auth.conf | 14 |
2 files changed, 67 insertions, 14 deletions
diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf new file mode 100644 index 000000000..c28e9b537 --- /dev/null +++ b/src/etc/rsyslog.conf @@ -0,0 +1,67 @@ +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging +$ModLoad imklog # provides kernel logging support (previously done by rklogd) +#$ModLoad immark # provides --MARK-- message capability + +$OmitLocalLogging off +$SystemLogSocketName /run/systemd/journal/syslog + +$KLogPath /proc/kmsg + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# The lines below cause all listed daemons/processes to be logged into +# /var/log/auth.log, then drops the message so it does not also go to the +# regular syslog so that messages are not duplicated + +$outchannel auth_log,/var/log/auth.log +if $programname == 'CRON' or + $programname == 'sudo' or + $programname == 'su' + then :omfile:$auth_log + +if $programname == 'CRON' or + $programname == 'sudo' or + $programname == 'su' + then stop + +# Use traditional timestamp format. +# To enable high precision timestamps, comment out the following line. +# A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information +#$ActionFileDefaultTemplate RSYSLOG_FileFormat +# The "old style" default log file format with low-precision timestamps +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# Filter duplicated messages +$RepeatedMsgReduction on + +# +# Set the default permissions for all log files. +# +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# +# Stop excessive logging of sudo +# +:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" ~ +:msg, contains, "pam_unix(sudo:session): session closed for user root" ~ + +# +# Include all config files in /etc/rsyslog.d/ +# +$IncludeConfig /etc/rsyslog.d/*.conf + +############### +#### RULES #### +############### +# Emergencies are sent to everybody logged in. +*.emerg :omusrmsg:*
\ No newline at end of file diff --git a/src/etc/rsyslog.d/01-auth.conf b/src/etc/rsyslog.d/01-auth.conf deleted file mode 100644 index cc64099d6..000000000 --- a/src/etc/rsyslog.d/01-auth.conf +++ /dev/null @@ -1,14 +0,0 @@ -# The lines below cause all listed daemons/processes to be logged into -# /var/log/auth.log, then drops the message so it does not also go to the -# regular syslog so that messages are not duplicated - -$outchannel auth_log,/var/log/auth.log -if $programname == 'CRON' or - $programname == 'sudo' or - $programname == 'su' - then :omfile:$auth_log - -if $programname == 'CRON' or - $programname == 'sudo' or - $programname == 'su' - then stop |