# /etc/rsyslog.conf Configuration file for rsyslog.## For more i

1. # /etc/rsyslog.conf Configuration file for rsyslog.
2. #
3. # For more information see
4. # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
5.  
6.  
7. #################
8. #### MODULES ####
9. #################
10. $MaxMessageSize 64k
11. module(load="imuxsock") # provides support for local system logging
12. #module(load="imklog") # provides kernel logging support
13. #module(load="immark") # provides --MARK-- message capability
14. module(load="imfile" PollingInterval="10")
15. # provides UDP syslog reception
16. module(load="imudp")
17. input(type="imudp" port="514")
18.  
19. # provides TCP syslog reception
20. module(load="imtcp")
21. input(type="imtcp" port="514")
22.  
23.  
24. ###########################
25. #### GLOBAL DIRECTIVES ####
26. ###########################
27.  
28. #
29. # Use traditional timestamp format.
30. # To enable high precision timestamps, comment out the following line.
31. #
32. #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
33.  
34. #
35. # Set the default permissions for all log files.
36. #
37. $FileOwner root
38. $FileGroup adm
39. $FileCreateMode 0640
40. $DirCreateMode 0755
41. $Umask 0022
42.  
43. #
44. # Where to place spool and state files
45. #
46. $WorkDirectory /var/spool/rsyslog
47.  
48. #
49. # Include all config files in /etc/rsyslog.d/
50. #
51. $IncludeConfig /etc/rsyslog.d/*.conf
52.  
53.  
54. ###############
55. #### RULES ####
56. ###############
57.  
58. #
59. # First some standard log files. Log by facility.
60. #
61. auth,authpriv.* /var/log/auth.log
62. *.*;auth,authpriv.none -/var/log/syslog
63. #cron.* /var/log/cron.log
64. daemon.* -/var/log/daemon.log
65. kern.* -/var/log/kern.log
66. lpr.* -/var/log/lpr.log
67. mail.* -/var/log/mail.log
68. user.* -/var/log/user.log
69.  
70. #
71. # Logging for the mail system. Split it up so that
72. # it is easy to write scripts to parse these files.
73. #
74. mail.info -/var/log/mail.info
75. mail.warn -/var/log/mail.warn
76. mail.err /var/log/mail.err
77.  
78. #
79. # Some "catch-all" log files.
80. #
81. *.=debug;
82. auth,authpriv.none;
83. news.none;mail.none -/var/log/debug
84. *.=info;*.=notice;*.=warn;
85. auth,authpriv.none;
86. cron,daemon.none;
87. mail,news.none -/var/log/messages
88.  
89. #
90. # Emergencies are sent to everybody logged in.
91. #
92. *.emerg :omusrmsg:*
93.  
94. $template DatadogFormat,"xxxxxxxxxxxxxxxxxxxx <%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% - - - %msg%n"
95.  
96. ruleset(name="infiles") {
97. action(type="omfwd" target="intake.logs.datadoghq.com" protocol="tcp" port="514" template="DatadogFormat")
98. }
99.  
100. input(type="imfile" ruleset="infiles" Tag="mkmd" File="/var/log/apache2/access.log")