#### rsyslog v8 configuration file ####
# Note that this config file uses old-style format.
# For more advanced things, RainerScript configuration is suggested.
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html


#### MODULES ####
# for parameters see http://www.rsyslog.com/doc
$ModLoad imuxsock                  # provides support for local system logging (e.g. via logger command)
module(load="imklog")              # provides kernel logging support (previously done by rklogd)
#module(load"immark")              # provides --MARK-- message capability
module(load="imtcp")               # Provides TCP syslog reception needs to be done just once
module(load="imudp")               # Provides UDP syslog reception needs to be done just once


#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# default location for work (spool) files
$WorkDirectory /var/spool/rsyslog

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### Inputs ####
input(type="imtcp" port="514")     # accept connection on port tcp 514
input(type="imudp" port="514")     # accept connection on port udp 514


#### Templates ####
template (name="RemoteAuth" type="string" string="/var/log/rsyslog/%HOSTNAME%.log")
template (name="RemoteCron" type="string" string="/var/log/rsyslog/%HOSTNAME%.log")
template (name="RemoteMsg" type="string" string="/var/log/rsyslog/%HOSTNAME%.log")
template (name="RemoteL7" type="string" string="/var/log/rsyslog/%HOSTNAME%.log")


#### RULES for where to send Log Files ####
# send everything to central log store
#action(type="omfwd" 
#		target="server.domain.tld"
#		port="514"
#		protocol="tcp"
#		queue.spoolDirectory="/var/spool/rsyslog"
#		queue.filename="wait_queue"
#		queue.size="1000000"
#		queue.type="LinkedList"
#   )

# sort the logs into standard files
if $fromhost-ip != "127.0.0.1" then {
    stop
}

# Log kernel messages to the console. Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  /var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages