#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
#$ModLoad immark  # provides --MARK-- message capability

$OmitLocalLogging off
$SystemLogSocketName /run/systemd/journal/syslog

$KLogPath /proc/kmsg

###########################
#### GLOBAL DIRECTIVES ####
###########################

# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
# A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
#$ActionFileDefaultTemplate RSYSLOG_FileFormat
# The "old style" default log file format with low-precision timestamps
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Stop excessive logging of sudo
#
:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" stop
:msg, contains, "pam_unix(sudo:session): session closed for user root" stop

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

# The lines below cause all listed daemons/processes to be logged into
# /var/log/auth.log, then drops the message so it does not also go to the
# regular syslog so that messages are not duplicated

$outchannel auth_log,/var/log/auth.log
if  $programname == 'CRON' or
    $programname == 'sudo' or
    $programname == 'su'
    then :omfile:$auth_log

if $programname == 'CRON' or
    $programname == 'sudo' or
    $programname == 'su'
    then stop

###############
#### RULES ####
###############
# Emergencies are sent to everybody logged in.
*.emerg                         :omusrmsg:*