For rsyslog mailing list 10 Jul 2016

#  /etc/rsyslog.conf	Configuration file for rsyslog.
#
#			For more information see
#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html

# 10 Jul 2016 Charles for Task #2170
#   * Exploratory config to generate per-day clients' logs with the accustomed
#     Debian log names (auth.log, daemon.log, debug.log, kern.log, mail.error,
#     mail.info, mail.log, mail.warn, messages, syslog and user.log) and
#     content

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# Change omfile's default parameters (so they do not have to be set in every action)
# @@@@@ Setting tempate MyMsgFormat here was not effective
module(
    load="builtin:omfile"
    dirCreateMode="0750"
    dirGroup="adm"
    dirOwner="root"
    fileCreateMode="0640"
    fileGroup="adm"
    fileOwner="root"
    #template="MyMsgFormat"
)

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all local log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

# Exploratory config @@@@@ move to /etc/rsyslog.d/ when working
template (name="PerHostPerDayAuthLog"   type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.auth.log")
template (name="PerHostPerDayDaemonLog" type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.daemon.log")
template (name="PerHostPerDayDebugLog"  type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.debug.log")
template (name="PerHostPerDayKernLog"   type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.kern.log")
template (name="PerHostPerDayMailError" type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.mail.error")
template (name="PerHostPerDayMailInfo"  type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.mail.info")
template (name="PerHostPerDayMailLog"   type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.mail.log")
template (name="PerHostPerDayMailWarn"  type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.mail.warn")
template (name="PerHostPerDayMessages"  type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.messages")
template (name="PerHostPerDaySyslog"    type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.syslog")
template (name="PerHostPerDayUserLog"   type="string" string="/var/log/%HOSTNAME%/%$YEAR%-%$MONTH%-%$DAY%.user.log")

template (name="MyMsgFormat" type="string"
    string="%TIMESTAMP:::date-rfc3339% %HOSTNAME:R:^[^.]*\\.[^.]*--end:% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
)

ruleset(name="imudp"){
    auth,authpriv.*             action(type="omfile" dynaFile="PerHostPerDayAuthLog"   template="MyMsgFormat")
    *.*;auth,authpriv.none      action(type="omfile" dynaFile="PerHostPerDaySyslog"    template="MyMsgFormat")
    daemon.*                    action(type="omfile" dynaFile="PerHostPerDayDaemonLog" template="MyMsgFormat")
    kern.*                      action(type="omfile" dynaFile="PerHostPerDayKernLog"   template="MyMsgFormat")
    mail.*                      action(type="omfile" dynaFile="PerHostPerDayMailLog"   template="MyMsgFormat")
    user.*                      action(type="omfile" dynaFile="PerHostPerDayUserLog"   template="MyMsgFormat")
    mail.info                   action(type="omfile" dynaFile="PerHostPerDayMailInfo"  template="MyMsgFormat")
    mail.warn                   action(type="omfile" dynaFile="PerHostPerDayMailWarn"  template="MyMsgFormat")
    mail.err                    action(type="omfile" dynaFile="PerHostPerDayMailError" template="MyMsgFormat")
    *.=debug;\
        auth,authpriv.none;\
        news.none;mail.none     action(type="omfile" dynaFile="PerHostPerDayDebugLog"  template="MyMsgFormat")
    *.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          action(type="omfile" dynaFile="PerHostPerDayMessages"  template="MyMsgFormat")
}
input(type="imudp" port="514" ruleset="imudp")

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*			/var/log/auth.log
*.*;auth,authpriv.none		-/var/log/syslog
#cron.*				/var/log/cron.log
daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info			-/var/log/mail.info
mail.warn			-/var/log/mail.warn
mail.err			/var/log/mail.err

#
# Logging for INN news system.
#
news.crit			/var/log/news/news.crit
news.err			/var/log/news/news.err
news.notice			-/var/log/news/news.notice

#
# Some "catch-all" log files.
#
*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none	-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none		-/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg				:omusrmsg:*