# Managed by Salt

##

## === When you're using remote logging, enable on-disk queues ===  

## === in rsyslog.d/remote.conf. When neccesary also set the   ===

## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog,   ===

## === e.g. when rsyslog has to receive on a specific IP only. ===

##

## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules

## (provided in separate rsyslog-module-* packages) are enabled, the

## configuration can't be used on a system with /usr on a remote

## filesystem, except on newer systems where initrd mounts /usr.

## [The modules are linked against libraries installed bellow of

##  /usr thus also installed in /usr/lib*/rsyslog because of this.]

##

#

# if you experience problems, check

# http://www.rsyslog.com/troubleshoot for assistance

# and report them at http://bugzilla.novell.com/

#

# since rsyslog v3: load input modules

# If you do not load inputs, nothing happens!

# provides --MARK-- message capability (every 1 hour)

$ModLoad immark.so

$MarkMessagePeriod      3600

# provides support for local system logging (e.g. via logger command)

$ModLoad imuxsock.so

# reduce dupplicate log messages (last message repeated n times)

$RepeatedMsgReduction   on

# kernel logging (may be also provided by /sbin/klogd)

# see also http://www.rsyslog.com/doc-imklog.html.

$ModLoad imklog.so

# set log level 1 (same as in /etc/sysconfig/syslog).

$klogConsoleLogLevel    1

# Use rsyslog native, rfc5424 conform log format as default

# ($ActionFileDefaultTemplate RSYSLOG_FileFormat).

#

# To change a single file to use obsolete BSD syslog format

# (rfc 3164, no high-precision timestamps), set the variable

# bellow or append ";RSYSLOG_FileFormat" to the filename.

# See

#   http://www.rsyslog.com/doc/rsyslog_conf_templates.html

# for more informations.

#

#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#

# Include config generated by /etc/init.d/syslog script

# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the

# /etc/sysconfig/syslog file.

#

$IncludeConfig /run/rsyslog/additional-log-sockets.conf

#

# Include config files, that the admin provided? :

#

$IncludeConfig /etc/rsyslog.d/*.conf

###

# print most important on tty10 and on the xconsole pipe

#

if	( \

	    /* kernel up to warning except of firewall  */ \

	    ($syslogfacility-text == 'kern')      and      \

	    ($syslogseverity <= 4 /* warning */ ) and not  \

	    ($msg contains 'IN=' and $msg contains 'OUT=') \

	) or ( \

	    /* up to errors except of facility authpriv */ \

	    ($syslogseverity <= 3 /* errors  */ ) and not  \

	    ($syslogfacility-text == 'authpriv')           \

	) \

then {

	/dev/tty10

	|/dev/xconsole

}

# Emergency messages to everyone logged on (wall)

*.emerg					 :omusrmsg:*

# enable this, if you want that root is informed

# immediately, e.g. of logins

#*.alert				root

#

# firewall messages into separate file and stop their further processing

#

if	($syslogfacility-text == 'kern') and \

	($msg contains 'IN=' and $msg contains 'OUT=') \

then {

	-/var/log/firewall

	stop

}

#

# acpid messages into separate file and stop their further processing

#

# => all acpid messages for debuging (uncomment if needed):

#if	($programname == 'acpid' or $syslogtag == '[acpid]:') then \

#	-/var/log/acpid

#

# => up to notice (skip info and debug)

if	($programname == 'acpid' or $syslogtag == '[acpid]:') and \

	($syslogseverity <= 5 /* notice */) \

then {

	-/var/log/acpid

	stop

}

#

# NetworkManager into separate file and stop their further processing

#

if      ($programname == 'NetworkManager') or \

	($programname startswith 'nm-') \

then {

	-/var/log/NetworkManager

	stop

}

#

# email-messages

#

mail.*					-/var/log/mail

mail.info				-/var/log/mail.info

mail.warning				-/var/log/mail.warn

mail.err				 /var/log/mail.err

#

# news-messages

#

news.crit				-/var/log/news/news.crit

news.err				-/var/log/news/news.err

news.notice				-/var/log/news/news.notice

# enable this, if you want to keep all news messages

# in one file

#news.*					-/var/log/news.all

#

# Warnings in one file

#

*.=warning;*.=err			-/var/log/warn

*.crit					 /var/log/warn

#

# the rest in one file

#

*.*;mail.none;news.none			-/var/log/messages

#

# enable this, if you want to keep all messages

# in one file

#*.*					-/var/log/allmessages

#

# Some foreign boot scripts require local7

#

local0.*;local1.*			-/var/log/localmessages

local2.*;local3.*			-/var/log/localmessages

local4.*;local5.*			-/var/log/localmessages

local6.*;local7.*			-/var/log/localmessages

###