Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- rsyslog.conf
- # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
- # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
- #### MODULES ####
- $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
- $ModLoad imklog # provides kernel logging support (previously done by rklogd)
- #$ModLoad immark # provides --MARK-- message capability
- # Provides UDP syslog reception
- $ModLoad imudp
- $UDPServerRun 514
- # Provides TCP syslog reception
- $ModLoad imtcp
- $InputTCPServerRun 514
- #### GLOBAL DIRECTIVES ####
- # Use default timestamp format
- $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
- # File syncing capability is disabled by default. This feature is usually not required,
- # not useful and an extreme performance hit
- #$ActionFileEnableSync on
- # Include all config files in /etc/rsyslog.d/
- $IncludeConfig /etc/rsyslog.d/*.conf
- #### RULES ####
- # Log all kernel messages to the console.
- # Logging much else clutters up the screen.
- #kern.* /dev/console
- # Log anything (except mail) of level info or higher.
- # Don't log private authentication messages!
- *.info;mail.none;authpriv.none;cron.none /var/log/messages
- # The authpriv file has restricted access.
- authpriv.* /var/log/secure
- # Log all the mail messages in one place.
- mail.* -/var/log/maillog
- # Log cron stuff
- cron.* /var/log/cron
- # Everybody gets emergency messages
- *.emerg *
- # Save news errors of level crit and higher in a special file.
- uucp,news.crit /var/log/spooler
- # Save boot messages also to boot.log
- local7.* /var/log/boot.log
- # ### begin forwarding rule ###
- # The statement between the begin ... end define a SINGLE forwarding
- # rule. They belong together, do NOT split them. If you create multiple
- # forwarding rules, duplicate the whole block!
- # Remote Logging (we use TCP for reliable delivery)
- #
- # An on-disk queue is created for this action. If the remote host is
- # down, messages are spooled to disk and sent when it is up again.
- #$WorkDirectory /var/lib/rsyslog # where to place spool files
- #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
- #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
- #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
- #$ActionQueueType LinkedList # run asynchronously
- #$ActionResumeRetryCount -1 # infinite retries if host is down
- # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
- #*.* @@remote-host:514
- # ### end of the forwarding rule ###
- $AllowedSender TCP, 10.0.0.1
- $AllowedSender TCP, 10.0.0.2
- $AllowedSender TCP, 10.0.0.3
- :fromhost-ip,isequal,"10.0.0.1" /home/fw/pfsense.log
- :fromhost-ip,isequal,"10.0.0.2" /home/fw/ubiquiti.log
- :fromhost-ip,isequal,"10.0.0.3" /home/fw/ubiquiti.log
- :msg, contains, "filterlog:" /home/fw/pf.log
- An example message I want to log to pf.log instead of pfsense.log,
- Feb 24 17:22:32 2wire.router.gtaxl.net filterlog: 9,,,1000103483,cpsw1,match,block,in,4,0x0,,64,35247,0,DF,6,tcp,83,10.0.0.28,216.58.218.234,42353,443,31,PA,3588557834:3588557865,2882214701,398,,nop;nop;TS
- My pfSense syslog settings,
- http://pik.gtaxl.net/24_02_17_17_23_32.png
- rsyslog version:
- rsyslog:
- Installed: 8.4.2-1+deb8u2
- Candidate: 8.4.2-1+deb8u2
- Version table:
- 8.16.0-1~bpo8+1 0
- 100 http://ftp.us.debian.org/debian/ jessie-backports/main armhf Packages
- *** 8.4.2-1+deb8u2 0
- 500 http://ftp.us.debian.org/debian/ jessie/main armhf Packages
- 100 /var/lib/dpkg/status
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement