loe · August 31, 2011 18:36
diff --git a/20-ufw.conf b/20-ufw.conf
 # Log kernel generated UFW log messages to file
 :msg,contains,"[UFW " /var/log/ufw.log

 # Uncomment the following to stop logging anything that matches the last rule.
 # Doing this will stop logging kernel generated UFW log messages to the file
 # normally containing kern.* messages (eg, /var/log/kern.log)
 #& ~
diff --git a/50-default.conf b/50-default.conf
 #  Default rules for rsyslog.
 #
 #			For more information see rsyslog.conf(5) and /etc/rsyslog.conf

 #
 # First some standard log files.  Log by facility.
 #
 auth,authpriv.*			/var/log/auth.log
 *.*;auth,authpriv.none		-/var/log/syslog
 #cron.*				/var/log/cron.log
 #daemon.*			-/var/log/daemon.log
 kern.*				-/var/log/kern.log
 #lpr.*				-/var/log/lpr.log
 mail.*				-/var/log/mail.log
 #user.*				-/var/log/user.log

 #
 # Logging for the mail system.  Split it up so that
 # it is easy to write scripts to parse these files.
 #
 #mail.info			-/var/log/mail.info
 #mail.warn			-/var/log/mail.warn
 mail.err			/var/log/mail.err

 #
 # Logging for INN news system.
 #
 news.crit			/var/log/news/news.crit
 news.err			/var/log/news/news.err
 news.notice			-/var/log/news/news.notice

 #
 # Some "catch-all" log files.
 #
 #*.=debug;\
 #	auth,authpriv.none;\
 #	news.none;mail.none	-/var/log/debug
 #*.=info;*.=notice;*.=warn;\
 #	auth,authpriv.none;\
 #	cron,daemon.none;\
 #	mail,news.none		-/var/log/messages

 #
 # Emergencies are sent to everybody logged in.
 #
 *.emerg				*

 #
 # I like to have messages displayed on the console, but only on a virtual
 # console I usually leave idle.
 #
 #daemon,mail.*;\
 #	news.=crit;news.=err;news.=notice;\
 #	*.=debug;*.=info;\
 #	*.=notice;*.=warn	/dev/tty8

 # The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
 # you must invoke `xconsole' with the `-file' option:
 # 
 #    $ xconsole -file /dev/xconsole [...]
 #
 # NOTE: adjust the list below, or you'll go crazy if you have a reasonably
 #      busy site..
 #
 #daemon.*;mail.*;\
 #	news.err;\
 #	*.=debug;*.=info;\
 #	*.=notice;*.=warn	|/dev/xconsole
diff --git a/papertrail.conf b/papertrail.conf
 $DefaultNetstreamDriverCAFile /etc/rsyslog.d/syslog.papertrail.crt # trust these CAs
 $DefaultNetstreamDriver gtls # use gtls netstream driver

 $ActionSendStreamDriverMode 1 # require TLS
 $ActionSendStreamDriverAuthMode x509/name # authenticate by hostname

 $ActionResumeInterval 10
 $ActionQueueSize 100000
 $ActionQueueDiscardMark 97500
 $ActionQueueHighWaterMark 80000
 $ActionQueueType LinkedList
 $ActionQueueFileName papertrailqueue
 $ActionQueueCheckpointInterval 100
 $ActionQueueMaxDiskSpace 2g
 $ActionResumeRetryCount -1
 $ActionQueueSaveOnShutdown on
 $ActionQueueTimeoutEnqueue 1
 $ActionQueueDiscardSeverity 0

 *.* @@logs.papertrailapp.com:1234
diff --git a/postfix.conf b/postfix.conf
 # Create an additional socket in postfix's chroot in order not to break
 # mail logging when rsyslog is restarted.  If the directory is missing,
 # rsyslog will silently skip creating the socket.
 $AddUnixListenSocket /var/spool/postfix/dev/log
diff --git a/rsyslog.conf b/rsyslog.conf
 #  /etc/rsyslog.conf	Configuration file for rsyslog.
 #
 #			For more information see
 #			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
 #
 #  Default logging rules can be found in /etc/rsyslog.d/50-default.conf

 # Support big messages (from Rails).
 $MaxMessageSize 5m

 #################
 #### MODULES ####
 #################

 $ModLoad imuxsock # provides support for local system logging
 $ModLoad imklog   # provides kernel logging support (previously done by rklogd)
 #$ModLoad immark  # provides --MARK-- message capability
 #$ModLoad imfile   # provides support for reading text log files

 $KLogPath /proc/kmsg

 # provides UDP syslog reception
 #$ModLoad imudp
 #$UDPServerRun 514

 # provides TCP syslog reception
 #$ModLoad imtcp
 #$InputTCPServerRun 514

 $MainMsgQueueSize 100000
 $MainMsgQueueDiscardMark 97500
 $MainMsgQueueHighWaterMark 80000
 $MainMsgQueueType LinkedList
 $MainMsgQueueFileName mainqueue
 $MainMsgQueueCheckpointInterval 100
 $MainMsgQueueMaxDiskSpace 2g
 $MainMsgQueueTimeoutEnqueue 1
 $MainMsgQueueDiscardSeverity 0

 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################

 $WorkDirectory /var/spool/rsyslog

 #
 # Use traditional timestamp format.
 # To enable high precision timestamps, comment out the following line.
 #
 $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

 # Filter duplicated messages
 $RepeatedMsgReduction on

 #
 # Set the default permissions for all log files.
 #
 $FileOwner syslog
 $FileGroup adm
 $FileCreateMode 0640
 $DirCreateMode 0755
 $Umask 0022
 $PrivDropToUser syslog
 $PrivDropToGroup adm

 #
 # Include all config files in /etc/rsyslog.d/
 #
 $IncludeConfig /etc/rsyslog.d/*.conf
	# Log kernel generated UFW log messages to file
	:msg,contains,"[UFW " /var/log/ufw.log

	# Uncomment the following to stop logging anything that matches the last rule.
	# Doing this will stop logging kernel generated UFW log messages to the file
	# normally containing kern.* messages (eg, /var/log/kern.log)
	#& ~
	# Default rules for rsyslog.
	#
	# For more information see rsyslog.conf(5) and /etc/rsyslog.conf

	#
	# First some standard log files. Log by facility.
	#
	auth,authpriv.* /var/log/auth.log
	.;auth,authpriv.none -/var/log/syslog
	#cron.* /var/log/cron.log
	#daemon.* -/var/log/daemon.log
	kern.* -/var/log/kern.log
	#lpr.* -/var/log/lpr.log
	mail.* -/var/log/mail.log
	#user.* -/var/log/user.log

	#
	# Logging for the mail system. Split it up so that
	# it is easy to write scripts to parse these files.
	#
	#mail.info -/var/log/mail.info
	#mail.warn -/var/log/mail.warn
	mail.err /var/log/mail.err

	#
	# Logging for INN news system.
	#
	news.crit /var/log/news/news.crit
	news.err /var/log/news/news.err
	news.notice -/var/log/news/news.notice

	#
	# Some "catch-all" log files.
	#
	#*.=debug;\
	# auth,authpriv.none;\
	# news.none;mail.none -/var/log/debug
	#.=info;.=notice;*.=warn;\
	# auth,authpriv.none;\
	# cron,daemon.none;\
	# mail,news.none -/var/log/messages

	#
	# Emergencies are sent to everybody logged in.
	#
	.emerg

	#
	# I like to have messages displayed on the console, but only on a virtual
	# console I usually leave idle.
	#
	#daemon,mail.*;\
	# news.=crit;news.=err;news.=notice;\
	# .=debug;.=info;\
	# .=notice;.=warn /dev/tty8

	# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
	# you must invoke `xconsole' with the `-file' option:
	#
	# $ xconsole -file /dev/xconsole [...]
	#
	# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
	# busy site..
	#
	#daemon.;mail.;\
	# news.err;\
	# .=debug;.=info;\
	# .=notice;.=warn \|/dev/xconsole
	$DefaultNetstreamDriverCAFile /etc/rsyslog.d/syslog.papertrail.crt # trust these CAs
	$DefaultNetstreamDriver gtls # use gtls netstream driver

	$ActionSendStreamDriverMode 1 # require TLS
	$ActionSendStreamDriverAuthMode x509/name # authenticate by hostname

	$ActionResumeInterval 10
	$ActionQueueSize 100000
	$ActionQueueDiscardMark 97500
	$ActionQueueHighWaterMark 80000
	$ActionQueueType LinkedList
	$ActionQueueFileName papertrailqueue
	$ActionQueueCheckpointInterval 100
	$ActionQueueMaxDiskSpace 2g
	$ActionResumeRetryCount -1
	$ActionQueueSaveOnShutdown on
	$ActionQueueTimeoutEnqueue 1
	$ActionQueueDiscardSeverity 0

	. @@logs.papertrailapp.com:1234
	# Create an additional socket in postfix's chroot in order not to break
	# mail logging when rsyslog is restarted. If the directory is missing,
	# rsyslog will silently skip creating the socket.
	$AddUnixListenSocket /var/spool/postfix/dev/log
	# /etc/rsyslog.conf Configuration file for rsyslog.
	#
	# For more information see
	# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
	#
	# Default logging rules can be found in /etc/rsyslog.d/50-default.conf

	# Support big messages (from Rails).
	$MaxMessageSize 5m

	#################
	#### MODULES ####
	#################

	$ModLoad imuxsock # provides support for local system logging
	$ModLoad imklog # provides kernel logging support (previously done by rklogd)
	#$ModLoad immark # provides --MARK-- message capability
	#$ModLoad imfile # provides support for reading text log files

	$KLogPath /proc/kmsg

	# provides UDP syslog reception
	#$ModLoad imudp
	#$UDPServerRun 514

	# provides TCP syslog reception
	#$ModLoad imtcp
	#$InputTCPServerRun 514

	$MainMsgQueueSize 100000
	$MainMsgQueueDiscardMark 97500
	$MainMsgQueueHighWaterMark 80000
	$MainMsgQueueType LinkedList
	$MainMsgQueueFileName mainqueue
	$MainMsgQueueCheckpointInterval 100
	$MainMsgQueueMaxDiskSpace 2g
	$MainMsgQueueTimeoutEnqueue 1
	$MainMsgQueueDiscardSeverity 0

	###########################
	#### GLOBAL DIRECTIVES ####
	###########################

	$WorkDirectory /var/spool/rsyslog

	#
	# Use traditional timestamp format.
	# To enable high precision timestamps, comment out the following line.
	#
	$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

	# Filter duplicated messages
	$RepeatedMsgReduction on

	#
	# Set the default permissions for all log files.
	#
	$FileOwner syslog
	$FileGroup adm
	$FileCreateMode 0640
	$DirCreateMode 0755
	$Umask 0022
	$PrivDropToUser syslog
	$PrivDropToGroup adm

	#
	# Include all config files in /etc/rsyslog.d/
	#
	$IncludeConfig /etc/rsyslog.d/*.conf