#rsyslog v3 config file


#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required, 
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# An "In-Memory Queue" is created for remote logging.
# $WorkDirectory /var/spool/rsyslog       # where to place spool files
# $ActionQueueFileName queue              # unique name prefix for spool files
# $ActionQueueMaxDiskSpace 1g     # 1gb space limit (use as much as possible)
# $ActionQueueSaveOnShutdown on   # save messages to disk on shutdown
# $ActionQueueType LinkedList     # run asynchronously
# $ActionResumeRetryCount -1      # infinety retries if host is down


#### MODULES ####

$ModLoad imuxsock.so	# provides support for local system logging (e.g. via logger command)
$ModLoad imklog.so	# provides kernel logging support (previously done by rklogd)
#$ModLoad immark.so	# provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp.so  
#$InputTCPServerRun 514

$FileGroup sysadmin
$FileCreateMode 0640
$DirGroup sysadmin
$DirCreateMode 0750

#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;local1.none;mail.none;authpriv.none;cron.none    /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

$template RawMessage,"%msg%\n"

$template HttpAccessTemplate,"/var/log/hosts/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/http/%APP-NAME%"
if $app-name contains 'access.log' then -?HttpAccessTemplate;RawMessage

$template HttpErrorTemplate,"/var/log/hosts/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/http/%APP-NAME%"
if $app-name contains 'error.log' then -?HttpErrorTemplate;RawMessage

$template DynaFile,"/var/log/hosts/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages.log"
*.*;local1.none -?DynaFile