Rsyslog quick config

rsyslog.conf

# /etc/rsyslog.d/00-libcrack.conf

# Local rsyslog data {{{
if ($msg contains "xauth:  file list does not exist") or \
   ($msg contains "COMMAND=/usr/sbin/hddtemp")        or \
   ($msg contains "Sensor alarm:")                    or \
   ($msg contains "telegram") then stop
# }}}

# Local iptables {{{
if  ($fromhost-ip =='127.0.0.1') and \
    ($syslogfacility-text == 'kern') and \
    ($msg contains 'IN=' and $msg contains 'OUT=') then \
    -/var/log/firewall;RSYSLOG_TraditionalFileFormat
#if  ($fromhost-ip =='127.0.0.1') and \
#    ($syslogfacility-text == 'kern') and \
#    ($msg contains 'IN=' and $msg contains 'OUT=') then \
#    & stop
# }}}

# Local SIGFAULT & SIGSEGV {{{
if  ($syslogfacility-text == 'kern') and \
    ($msg contains 'segfault' or $msg containst 'sigsegv') then \
    -/var/log/segfault.log;RSYSLOG_TraditionalFileFormat \
    & stop
# }}}

# Rsyslog receiving data {{{
#
# $template LogServerFormat,"%HOSTNAME% %syslogtag%%msg%\n"
# *.* @logserver:514;LogServerFormat
# *.* @logserver:514
#
# $template TmplAuth, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
# *.*   ?TmplAuth
#
# $template DynaFile,"/var/log/mydirectory/%HOSTNAME%.log"
# *.* -?DynaFile
# & ~
#
# $template FILENAME,"/var/log/%fromhost-ip%/syslog.log"
# *.* ?FILENAME
# & ~
# }}}

# Rsyslog sending data {{{
#   For UDP use @server:port
#   For TCP use @@server:port
#
# $template MyFormat,"%HOSTNAME% %syslogtag%%msg%\n"
# *.* @logserver:514;MyFormat
#
# $template RemoteHostUser,"/var/log/%HOSTNAME%/%programname%.log"
# $template RemoteHostUser,"/var/log/%fromhost-ip%/%programname%.log"
# $template RemoteHostUser,"/var/log/%fromhost-ip%.log"
# $template RemoteHostUser,"/var/log/%HOSTNAME%.log"
# $template RemoteHostUser,"/var/log/%hostname%.log"
# :fromhost-ip, !isequal, "127.0.0.1"  ?RemoteHostUser
# & ~
# }}}