Logging (Buster)

From Hexwiki
Revision as of 03:53, 24 January 2021 by Vekseid (talk | contribs)
Jump to navigation Jump to search

/etc/rsyslog.conf

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
module(load="imklog")   # provides kernel logging support
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0007

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none;\
        mail,local2.none        -/var/log/syslog
cron.*                          -/var/log/cron.log
daemon.*                        -/var/log/daemon.log
kern.*;kern.!=debug             -/var/log/kern.log
:msg, contains, "IPTables: "    -/var/log/iptables.log
:msg, contains, "Hackers: "     -/var/log/hackers.log
:msg, contains, "IP6Tables: "   -/var/log/ip6tables.log
:msg, contains, "Hackers6: "    -/var/log/hackers6.log
lpr.*                           -/var/log/lpr.log
#mail.*                         -/var/log/mail.log
user.*                          -/var/log/user.log
local1.*                        -/var/log/opendkim.log
local2.*                        -/var/log/dovecot.log
local6.*                        -/var/log/clamav.log

# Log by severity

*.err                           /var/log/error.log
*.=warn;mail.none;local2.none   -/var/log/warning.log

# Split up mail logs appropriately.

mail.=notice;mail.=debug        -/var/log/mail.notice
mail.=info                      -/var/log/mail.info
mail.warn                       -/var/log/mail.warn
local2.warn                     -/var/log/dovecot.warn
mail.err                        /var/log/mail.err

#
# Some "catch-all" log files.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;kern.none;\
        local2.none             -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none;\
        local2.none             -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                         :omusrmsg:*

Logrotate

You'll want to edit or add specific entries in /etc/logrotate.d/ as needed.

/etc/logrotate.d/rsyslog

/var/log/syslog
{
        rotate 14
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}

/var/log/mail.notice
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/dovecot.log
/var/log/dovecot.warn
/var/log/clamav.log
/var/log/daemon.log
/var/log/iptables.log
/var/log/hackers.log
/var/log/dovecot.log
/var/log/clamav.log
/var/log/ip6tables.log
/var/log/hackers6.log
/var/log/opendkim.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/error.log
/var/log/warning.log
/var/log/debug
/var/log/messages
{
        rotate 13
        weekly
        missingok
        notifempty
        compress
        delaycompress
        sharedscripts
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}

/etc/logrote.conf

# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 26
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
#dateext
# uncomment this if you want your log files compressed
compress
delaycompress
# packages drop log rotation information into this directory
include /etc/logrotate.d