# /etc/rsyslog.conf Configuration file for rsyslog.## For more informatio

1. # /etc/rsyslog.conf Configuration file for rsyslog.
2. #
3. # For more information see
4. # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
5. #
6. # Default logging rules can be found in /etc/rsyslog.d/50-default.conf
7.  
8.  
9. #################
10. #### MODULES ####
11. #################
12.  
13. $ModLoad imuxsock # provides support for local system logging
14. $ModLoad imklog # provides kernel logging support (previously done by rklogd)
15. #$ModLoad immark # provides --MARK-- message capability
16.  
17. # provides UDP syslog reception
18. $ModLoad imudp
19. #$UDPServerRun 514
20. input(type="imudp" port="514" ruleset="Events-on-UDP")
21.  
22. # provides TCP syslog reception
23. $ModLoad imtcp
24. #$InputTCPServerRun 514
25. input(type="imtcp" port="514" ruleset="Events-on-TCP")
26.  
27.  
28. ###########################
29. #### GLOBAL DIRECTIVES ####
30. ###########################
31.  
32. #
33. # Use traditional timestamp format.
34. # To enable high precision timestamps, comment out the following line.
35. #
36. $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
37.  
38. # Filter duplicated messages
39. $RepeatedMsgReduction on
40.  
41. #
42. # Set the default permissions for all log files.
43. #
44. $FileOwner syslog
45. $FileGroup adm
46. $FileCreateMode 0640
47. $DirCreateMode 0755
48. $Umask 0022
49. $PrivDropToUser syslog
50. $PrivDropToGroup syslog
51.  
52. #
53. # Where to place spool files
54. #
55. $WorkDirectory /var/spool/rsyslog
56. $template msg,"%msg%"
57. $template msgonly,"%rawmsg%\n"
58.  
59. #local7.error /var/log/dcc.log
60. if $msg contains 'session opened' then /dev/null
61. &~
62. if $msg contains 'session closed' then /dev/null
63. &~
64.  
65. module(load="impstats" interval="10" severity="7" resetCounters="on" log.syslog="off" log.file="/var/log/stats.log")
66.  
67.  
68. module(load="imfile" PollingInterval="10" )
69. input(type="imfile" ruleset="Network-Flows" File="/opt/parser/flows/aggregated_flows.csv"
70. Tag=""
71. )
72.  
73. ruleset(name="Network-Flows" queue.size="1000000"
74. # queue.filename="forwarding" queue.maxdiskspace="5g" queue.highwatermark="900000" queue.lowwatermark= "500000"
75. queue.dequeuebatchsize="2000" queue.dequeueslowdown="100000" queue.type="LinkedList"){
76. action(type="omfwd" name="Network-Flows" target="127.0.0.1" port="5172" protocol="tcp" template="msgonly" )
77.  
78. }
79.  
80. ruleset(name="Events-on-TCP" queue.size="1000000"
81. # queue.filename="forwarding" queue.maxdiskspace="5g" queue.highwatermark="900000" queue.lowwatermark= "500000"
82. queue.dequeuebatchsize="2000" queue.dequeueslowdown="100000" queue.type="LinkedList"){
83.  
84. action(type="omfwd" name="Events-on-TCP" target="127.0.0.1" port="5170" protocol="tcp" template="msgonly" )
85.  
86. }
87.  
88. ruleset(name="Events-on-UDP" queue.size="1000000"
89. # queue.filename="forwarding" queue.maxdiskspace="5g" queue.highwatermark="900000" queue.lowwatermark= "500000"
90. queue.dequeuebatchsize="2000" queue.dequeueslowdown="1000000" queue.type="LinkedList"){
91.  
92. action(type="omfwd" name="Events-on-UDP" target="127.0.0.1" port="5170" protocol="tcp" template="msgonly" )
93.  
94.  
95. }
96.  
97.  
98. # Include all config files in /etc/rsyslog.d/
99. #
100. $IncludeConfig /etc/rsyslog.d/*.conf