-
Notifications
You must be signed in to change notification settings - Fork 26
/
rsyslog.conf
105 lines (88 loc) · 5.26 KB
/
rsyslog.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#
# Docker RSyslog (https://github.com/gynter/docker-rsyslog)
#
# This configuration is designed to run securely on non-systemd (i.e Alpine) containers as UID/GID 1000.
# It's a generic configuration file which can be extended via including extra configuration files from /etc/rsyslog.d/
# directory.
#
# See https://github.com/gynter/rsyslog-docker-compose-example for deployment example using Docker Compose.
#
# This configuration file uses advanced (RainerScript) and basic format.
# See https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html#which-format-should-i-use for more
# information. Using obsolete legacy syntax is strongly discouraged!
# See https://www.rsyslog.com/doc/master/rainerscript/ for more information.
#
# If you experience problems, see https://www.rsyslog.com/doc/troubleshoot.html
####################################
#### Global directives ####
####################################
# https://www.rsyslog.com/doc/v8-stable/rainerscript/global.html
global(
# Sets the directory that rsyslog uses for work files, e.g. imfile state or queue spool files.
workDirectory="/srv/rsyslog"
# Sets the rsyslogd process’ umask. If not specified, the system-provided default is used. The value given must always
# be a 4-digit octal number, with the initial digit being zero.
umask="0027"
# If set to off (legacy default to remain compatible to sysklogd), the domain part from a name that is within the same
# domain as the receiving system is stripped. If set to on, full names are always used.
preserveFQDN="on"
# Configures the maximum message size allowed for all inputs. Default is 8K. Anything above the maximum size will be
# truncated.
# Note: some modules provide separate parameters that allow overriding this setting (e.g., imrelp’s MaxDataSize
# parameter).
maxMessageSize="8K"
# If set to “on”, rsyslogd can be terminated by pressing ctl-c. This is most useful for containers. If set to “off”
# (the default), this is not possible.
shutdown.enable.ctlc="on"
# This controls whether slashes in the “programname” property (the static part of the tag) are permitted or not. By
# default this is not permitted, but some Linux tools (including most importantly the journal) store slashes as part
# of the program name inside the syslogtag. In those cases, the programname is truncated at the first slash.
#
# In other words, if the setting is off, a value of app/foo[1234] in the tag will result in a programname of app, and
# if an application stores an absolute path name like /app/foo[1234], the programname property will be empty (“”).
# If set to on, a syslogtag of /app/foo[1234] will result in a programname value of /app/foo and a syslogtag of
# app/foo[1234] will result in a programname value of app/foo.
parser.permitSlashInProgramName="on"
# This parameter instructs rsyslogd to replace control characters during reception of the message. The intent is to
# provide a way to stop non-printable messages from entering the syslog system as whole. If this option is turned on,
# all control-characters are converted to a 3-digit octal number and be prefixed with the
# parser.controlCharacterEscapePrefix character (being ‘#’ by default). For example, if the BEL character (ctrl-g) is
# included in the message, it would be converted to ‘#007’. To be compatible to sysklogd, this option must be turned
# on.
#
# Warning:
# - turning on this option most probably destroys non-western character sets (like Japanese, Chinese and Korean);
# - turning on this option destroys digital signatures if such exists inside the message;
# - if turned on, the drop-cc, space-cc and escape-cc property replacer options do not work as expected because
# control characters are already removed upon message reception. If you intend to use these property replacer
# options, you must turn off parser.escapeControlCharactersOnReceive.
parser.escapeControlCharactersOnReceive="off"
# This parameter permits to prevent rsyslog from running when the configuration file is not clean. “Not Clean” means
# there are errors or some other annoyances that rsyslogd reports on startup. Note that with the current code base it
# is not always possible to differentiate between an real error and a warning-like condition. As such, the startup
# will also prevented if warnings are present. I consider this a good thing in being “strict”, but I admit there also
# currently is no other way of doing it.
abortOnUncleanConfig="on"
)
####################################
#### Modules ####
####################################
# Provides module for writing messages to stdout.
# https://www.rsyslog.com/doc/master/configuration/modules/omstdout.html
module(load="omstdout")
####################################
#### Rules ####
####################################
# Basic syntax is used here.
# Send own messages to Docker console.
syslog.* :omstdout:
# /END Basic syntax is used here.
####################################
#### Other ####
####################################
# Include all *.conf files in /etc/rsyslog.d/.
# https://www.rsyslog.com/doc/v8-stable/rainerscript/include.html
include(
file="/etc/rsyslog.d/*.conf"
mode="optional"
)