Version 1 - History - Syslog server - Public pages - Redmine

1

Charles Atkinson

h1. syslog (rsyslog) server implementation

2

1

Charles Atkinson

3

1

Charles Atkinson

{{toc}}

4

1

Charles Atkinson

5

1

Charles Atkinson

h1. Introduction

6

1

Charles Atkinson

7

1

Charles Atkinson

This page documents a syslog (rsyslog) server implementation that results in:

8

1

Charles Atkinson

* Each client having its own /srv/syslog/<FQDN> directory

9

1

Charles Atkinson

* The files in that directory being named as they were on the client.  Requires the client's logrotate files to include dateext

10

1

Charles Atkinson

* Three year retention

11

1

Charles Atkinson

12

1

Charles Atkinson

h2. Related documents

13

1

Charles Atkinson

14

1

Charles Atkinson

None

15

1

Charles Atkinson

16

1

Charles Atkinson

h1. Server

17

1

Charles Atkinson

18

1

Charles Atkinson

h2. Directories and files

19

1

Charles Atkinson

20

1

Charles Atkinson

|_.Directory or file |_.Usage |

21

1

Charles Atkinson

|/etc/logrotate.d/rsyslog-imudp |Rotates /srv/syslog/<FQDN>/* log files |

22

1

Charles Atkinson

|/etc/rsyslog.conf |Primary configuration file; as installed by package |

23

1

Charles Atkinson

|/etc/rsyslog.d/00-modules.conf |Load and configure rsyslog modules imudp (input messages by UDP) and builtin:omfile (output files)|

24

1

Charles Atkinson

|/etc/rsyslog.d/10-FileFormat.template.conf |Similar to the version on all servers|

25

1

Charles Atkinson

|/etc/rsyslog.d/10-templates.conf |Sets /srv/syslog/<FQDN>/<log name> paths and sets same message format as 10-FileFormat.template.conf |

26

1

Charles Atkinson

|/etc/rsyslog.d/20-rulesets.conf |Equivalent to rsyslog.conf's rules; directs clients messages to individual /srv/syslog/<FQDN>/<log name> files.  Associates the rules with module imudp |

27

1

Charles Atkinson

|/etc/rsyslog.d/debug.conf.disabled |When .disabled removed, configures debug logging |

28

1

Charles Atkinson

|/etc/rsyslog.d/postfix.conf |Installed by the postfix package |

29

1

Charles Atkinson

|/srv/syslog/<FQDN>/ |Directory for all logs from a client |

30

1

Charles Atkinson

|/var/log/* |Local log files, same as on all servers |

31

1

Charles Atkinson

32

1

Charles Atkinson

/etc/logrotate.d/rsyslog-imudp

33

1

Charles Atkinson

<pre>

34

1

Charles Atkinson

# Rotation for logs created by the rsyslog configuration for imudp

35

1

Charles Atkinson

36

1

Charles Atkinson

/srv/syslog/*/syslog

37

1

Charles Atkinson

38

1

Charles Atkinson

    daily

39

1

Charles Atkinson

    rotate 731

40

1

Charles Atkinson

    dateext

41

1

Charles Atkinson

    dateyesterday

42

1

Charles Atkinson

    missingok

43

1

Charles Atkinson

    notifempty

44

1

Charles Atkinson

    delaycompress

45

1

Charles Atkinson

    compress

46

1

Charles Atkinson

    postrotate

47

1

Charles Atkinson

        invoke-rc.d rsyslog rotate > /dev/null

48

1

Charles Atkinson

    endscript

49

1

Charles Atkinson

50

1

Charles Atkinson

51

1

Charles Atkinson

/srv/syslog/*/mail.info

52

1

Charles Atkinson

/srv/syslog/*/mail.warn

53

1

Charles Atkinson

/srv/syslog/*/mail.err

54

1

Charles Atkinson

/srv/syslog/*/mail.log

55

1

Charles Atkinson

/srv/syslog/*/daemon.log

56

1

Charles Atkinson

/srv/syslog/*/kern.log

57

1

Charles Atkinson

/srv/syslog/*/auth.log

58

1

Charles Atkinson

/srv/syslog/*/user.log

59

1

Charles Atkinson

/srv/syslog/*/lpr.log

60

1

Charles Atkinson

/srv/syslog/*/cron.log

61

1

Charles Atkinson

/srv/syslog/*/debug

62

1

Charles Atkinson

/srv/syslog/*/messages

63

1

Charles Atkinson

64

1

Charles Atkinson

    weekly

65

1

Charles Atkinson

    rotate 109

66

1

Charles Atkinson

    dateext

67

1

Charles Atkinson

    dateyesterday

68

1

Charles Atkinson

    missingok

69

1

Charles Atkinson

    notifempty

70

1

Charles Atkinson

    compress

71

1

Charles Atkinson

    delaycompress

72

1

Charles Atkinson

    sharedscripts

73

1

Charles Atkinson

    postrotate

74

1

Charles Atkinson

        invoke-rc.d rsyslog rotate > /dev/null

75

1

Charles Atkinson

    endscript

76

1

Charles Atkinson

77

1

Charles Atkinson

</pre>

78

1

Charles Atkinson

/etc/rsyslog.d/00-modules.conf

79

1

Charles Atkinson

<pre>

80

1

Charles Atkinson

# rsyslog config fragment for module customisation

81

1

Charles Atkinson

82

1

Charles Atkinson

# provides UDP syslog reception

83

1

Charles Atkinson

module(load="imudp")

84

1

Charles Atkinson

input(type="imudp" port="514")

85

1

Charles Atkinson

86

1

Charles Atkinson

# Change omfile's default parameters (so they do not have to be set in every action)

87

1

Charles Atkinson

# Note: setting template MyMsgFormat here was not effective

88

1

Charles Atkinson

module(

89

1

Charles Atkinson

    load="builtin:omfile"

90

1

Charles Atkinson

    dirCreateMode="0750"

91

1

Charles Atkinson

    dirGroup="adm"

92

1

Charles Atkinson

    dirOwner="root"

93

1

Charles Atkinson

    fileCreateMode="0640"

94

1

Charles Atkinson

    fileGroup="adm"

95

1

Charles Atkinson

    fileOwner="root"

96

1

Charles Atkinson

97

1

Charles Atkinson

</pre>/etc/rsyslog.d/10-templates.conf

98

1

Charles Atkinson

<pre>

99

1

Charles Atkinson

# rsyslog config fragment for custom templates

100

1

Charles Atkinson

101

1

Charles Atkinson

# Log file paths

102

1

Charles Atkinson

template (name="AuthLog"   type="string" string="/srv/syslog/%HOSTNAME%/auth.log")

103

1

Charles Atkinson

template (name="DaemonLog" type="string" string="/srv/syslog/%HOSTNAME%/daemon.log")

104

1

Charles Atkinson

template (name="DebugLog"  type="string" string="/srv/syslog/%HOSTNAME%/debug.log")

105

1

Charles Atkinson

template (name="KernLog"   type="string" string="/srv/syslog/%HOSTNAME%/kern.log")

106

1

Charles Atkinson

template (name="MailError" type="string" string="/srv/syslog/%HOSTNAME%/mail.error")

107

1

Charles Atkinson

template (name="MailInfo"  type="string" string="/srv/syslog/%HOSTNAME%/mail.info")

108

1

Charles Atkinson

template (name="MailLog"   type="string" string="/srv/syslog/%HOSTNAME%/mail.log")

109

1

Charles Atkinson

template (name="MailWarn"  type="string" string="/srv/syslog/%HOSTNAME%/mail.warn")

110

1

Charles Atkinson

template (name="Messages"  type="string" string="/srv/syslog/%HOSTNAME%/messages")

111

1

Charles Atkinson

template (name="Syslog"    type="string" string="/srv/syslog/%HOSTNAME%/syslog")

112

1

Charles Atkinson

template (name="UserLog"   type="string" string="/srv/syslog/%HOSTNAME%/user.log")

113

1

Charles Atkinson

114

1

Charles Atkinson

# Message format

115

1

Charles Atkinson

template (name="MyMsgFormat" type="string"

116

1

Charles Atkinson

    string="%TIMESTAMP% %HOSTNAME:R,BRE,0,FIELD:^[^.]*\\.[^.]*--end:% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"

117

1

Charles Atkinson

118

1

Charles Atkinson

</pre>/etc/rsyslog.d/20-rulesets.conf

119

1

Charles Atkinson

<pre>

120

1

Charles Atkinson

# rsyslog config fragment for custom rulesets

121

1

Charles Atkinson

122

1

Charles Atkinson

# Ruleset based on package's rsyslog.conf's rules for local messages

123

1

Charles Atkinson

ruleset(name="imudp"){

124

1

Charles Atkinson

    auth,authpriv.*             action(type="omfile" dynaFile="AuthLog"   template="MyMsgFormat")

125

1

Charles Atkinson

    *.*;auth,authpriv.none      action(type="omfile" dynaFile="Syslog"    template="MyMsgFormat")

126

1

Charles Atkinson

    daemon.*                    action(type="omfile" dynaFile="DaemonLog" template="MyMsgFormat")

127

1

Charles Atkinson

    kern.*                      action(type="omfile" dynaFile="KernLog"   template="MyMsgFormat")

128

1

Charles Atkinson

    mail.*                      action(type="omfile" dynaFile="MailLog"   template="MyMsgFormat")

129

1

Charles Atkinson

    user.*                      action(type="omfile" dynaFile="UserLog"   template="MyMsgFormat")

130

1

Charles Atkinson

    mail.info                   action(type="omfile" dynaFile="MailInfo"  template="MyMsgFormat")

131

1

Charles Atkinson

    mail.warn                   action(type="omfile" dynaFile="MailWarn"  template="MyMsgFormat")

132

1

Charles Atkinson

    mail.err                    action(type="omfile" dynaFile="MailError" template="MyMsgFormat")

133

1

Charles Atkinson

    *.=debug;\

134

1

Charles Atkinson

        auth,authpriv.none;\

135

1

Charles Atkinson

        news.none;mail.none     action(type="omfile" dynaFile="DebugLog"  template="MyMsgFormat")

136

1

Charles Atkinson

    *.=info;*.=notice;*.=warn;\

137

1

Charles Atkinson

        auth,authpriv.none;\

138

1

Charles Atkinson

        cron,daemon.none;\

139

1

Charles Atkinson

        mail,news.none          action(type="omfile" dynaFile="Messages"  template="MyMsgFormat")

140

1

Charles Atkinson

141

1

Charles Atkinson

142

1

Charles Atkinson

# Use the ruleset to input module for UPD

143

1

Charles Atkinson

input(type="imudp" port="514" ruleset="imudp")

144

1

Charles Atkinson

</pre>/etc/rsyslog.d/debug.conf.disabled

145

1

Charles Atkinson

<pre>

146

1

Charles Atkinson

$DebugFile /var/log/rsyslog-debug.log

147

1

Charles Atkinson

$DebugLevel 2

148

1

Charles Atkinson

</pre>

149

1

Charles Atkinson

150

1

Charles Atkinson

h1. Clients

151

1

Charles Atkinson

152

1

Charles Atkinson

h2. Debian computers

153

1

Charles Atkinson

154

1

Charles Atkinson

/etc/rsyslog.d/00-rsyslog-server.conf

155

1

Charles Atkinson

<pre>

156

1

Charles Atkinson

# Format all messages with hostname as FQDN and send to <syslog server FQDN>

157

1

Charles Atkinson

158

1

Charles Atkinson

$PreserveFQDN on

159

1

Charles Atkinson

*.* @<syslog server FQDN>

160

1

Charles Atkinson

</pre>/etc/logrotate.d/rsyslog (as installed by package except for dateext and dateyesterday

161

1

Charles Atkinson

<pre>

162

1

Charles Atkinson

/var/log/syslog

163

1

Charles Atkinson

164

1

Charles Atkinson

	rotate 7

165

1

Charles Atkinson

	daily

166

1

Charles Atkinson

	dateext

167

1

Charles Atkinson

	dateyesterday

168

1

Charles Atkinson

	missingok

169

1

Charles Atkinson

	notifempty

170

1

Charles Atkinson

	delaycompress

171

1

Charles Atkinson

	compress

172

1

Charles Atkinson

	postrotate

173

1

Charles Atkinson

		invoke-rc.d rsyslog rotate > /dev/null

174

1

Charles Atkinson

	endscript

175

1

Charles Atkinson

176

1

Charles Atkinson

177

1

Charles Atkinson

/var/log/mail.info

178

1

Charles Atkinson

/var/log/mail.warn

179

1

Charles Atkinson

/var/log/mail.err

180

1

Charles Atkinson

/var/log/mail.log

181

1

Charles Atkinson

/var/log/daemon.log

182

1

Charles Atkinson

/var/log/kern.log

183

1

Charles Atkinson

/var/log/auth.log

184

1

Charles Atkinson

/var/log/user.log

185

1

Charles Atkinson

/var/log/lpr.log

186

1

Charles Atkinson

/var/log/cron.log

187

1

Charles Atkinson

/var/log/debug

188

1

Charles Atkinson

/var/log/messages

189

1

Charles Atkinson

190

1

Charles Atkinson

	rotate 4

191

1

Charles Atkinson

	weekly

192

1

Charles Atkinson

	dateext

193

1

Charles Atkinson

	dateyesterday

194

1

Charles Atkinson

	missingok

195

1

Charles Atkinson

	notifempty

196

1

Charles Atkinson

	compress

197

1

Charles Atkinson

	delaycompress

198

1

Charles Atkinson

	sharedscripts

199

1

Charles Atkinson

	postrotate

200

1

Charles Atkinson

		invoke-rc.d rsyslog rotate > /dev/null

201

1

Charles Atkinson

	endscript

202

1

Charles Atkinson

203

1

Charles Atkinson

204

1

Charles Atkinson

</pre>

205

1

Charles Atkinson

206

1

Charles Atkinson

h2. MikroTik routers

207

1

Charles Atkinson

208

1

Charles Atkinson

<pre>

209

1

Charles Atkinson

/system logging action

210

1

Charles Atkinson

set 3 bsd-syslog=yes remote=<syslog server address> src-address=<router address to send messages from> \

211

1

Charles Atkinson

    syslog-facility=local0 syslog-severity=alert

212

1

Charles Atkinson

</pre>

Project

General

Profile

Public pages

Syslog server » History » Version 1

-Charles Atkinson
+h1. syslog (rsyslog) server implementation
 Charles Atkinson
-Charles Atkinson
+{{toc}}
 Charles Atkinson
-Charles Atkinson
+h1. Introduction
 Charles Atkinson
-Charles Atkinson
+This page documents a syslog (rsyslog) server implementation that results in:
-Charles Atkinson
+* Each client having its own /srv/syslog/<FQDN> directory
-Charles Atkinson
+* The files in that directory being named as they were on the client.  Requires the client's logrotate files to include dateext
-Charles Atkinson
+* Three year retention
 Charles Atkinson
-Charles Atkinson
+h2. Related documents
 Charles Atkinson
-Charles Atkinson
+None
 Charles Atkinson
-Charles Atkinson
+h1. Server
 Charles Atkinson
-Charles Atkinson
+h2. Directories and files
 Charles Atkinson
-Charles Atkinson
+|_.Directory or file |_.Usage |
-Charles Atkinson
+|/etc/logrotate.d/rsyslog-imudp |Rotates /srv/syslog/<FQDN>/* log files |
-Charles Atkinson
+|/etc/rsyslog.conf |Primary configuration file; as installed by package |
-Charles Atkinson
+|/etc/rsyslog.d/00-modules.conf |Load and configure rsyslog modules imudp (input messages by UDP) and builtin:omfile (output files)|
-Charles Atkinson
+|/etc/rsyslog.d/10-FileFormat.template.conf |Similar to the version on all servers|
-Charles Atkinson
+|/etc/rsyslog.d/10-templates.conf |Sets /srv/syslog/<FQDN>/<log name> paths and sets same message format as 10-FileFormat.template.conf |
-Charles Atkinson
+|/etc/rsyslog.d/20-rulesets.conf |Equivalent to rsyslog.conf's rules; directs clients messages to individual /srv/syslog/<FQDN>/<log name> files.  Associates the rules with module imudp |
-Charles Atkinson
+|/etc/rsyslog.d/debug.conf.disabled |When .disabled removed, configures debug logging |
-Charles Atkinson
+|/etc/rsyslog.d/postfix.conf |Installed by the postfix package |
-Charles Atkinson
+|/srv/syslog/<FQDN>/ |Directory for all logs from a client |
-Charles Atkinson
+|/var/log/* |Local log files, same as on all servers |
 Charles Atkinson
-Charles Atkinson
+/etc/logrotate.d/rsyslog-imudp
-Charles Atkinson
+<pre>
-Charles Atkinson
+# Rotation for logs created by the rsyslog configuration for imudp
 Charles Atkinson
-Charles Atkinson
+/srv/syslog/*/syslog
 Charles Atkinson
-Charles Atkinson
+    daily
-Charles Atkinson
+    rotate 731
-Charles Atkinson
+    dateext
-Charles Atkinson
+    dateyesterday
-Charles Atkinson
+    missingok
-Charles Atkinson
+    notifempty
-Charles Atkinson
+    delaycompress
-Charles Atkinson
+    compress
-Charles Atkinson
+    postrotate
-Charles Atkinson
+        invoke-rc.d rsyslog rotate > /dev/null
-Charles Atkinson
+    endscript
 Charles Atkinson
 Charles Atkinson
-Charles Atkinson
+/srv/syslog/*/mail.info
-Charles Atkinson
+/srv/syslog/*/mail.warn
-Charles Atkinson
+/srv/syslog/*/mail.err
-Charles Atkinson
+/srv/syslog/*/mail.log
-Charles Atkinson
+/srv/syslog/*/daemon.log
-Charles Atkinson
+/srv/syslog/*/kern.log
-Charles Atkinson
+/srv/syslog/*/auth.log
-Charles Atkinson
+/srv/syslog/*/user.log
-Charles Atkinson
+/srv/syslog/*/lpr.log
-Charles Atkinson
+/srv/syslog/*/cron.log
-Charles Atkinson
+/srv/syslog/*/debug
-Charles Atkinson
+/srv/syslog/*/messages
 Charles Atkinson
-Charles Atkinson
+    weekly
-Charles Atkinson
+    rotate 109
-Charles Atkinson
+    dateext
-Charles Atkinson
+    dateyesterday
-Charles Atkinson
+    missingok
-Charles Atkinson
+    notifempty
-Charles Atkinson
+    compress
-Charles Atkinson
+    delaycompress
-Charles Atkinson
+    sharedscripts
-Charles Atkinson
+    postrotate
-Charles Atkinson
+        invoke-rc.d rsyslog rotate > /dev/null
-Charles Atkinson
+    endscript
 Charles Atkinson
-Charles Atkinson
+</pre>
-Charles Atkinson
+/etc/rsyslog.d/00-modules.conf
-Charles Atkinson
+<pre>
-Charles Atkinson
+# rsyslog config fragment for module customisation
 Charles Atkinson
-Charles Atkinson
+# provides UDP syslog reception
-Charles Atkinson
+module(load="imudp")
-Charles Atkinson
+input(type="imudp" port="514")
 Charles Atkinson
-Charles Atkinson
+# Change omfile's default parameters (so they do not have to be set in every action)
-Charles Atkinson
+# Note: setting template MyMsgFormat here was not effective
-Charles Atkinson
+module(
-Charles Atkinson
+    load="builtin:omfile"
-Charles Atkinson
+    dirCreateMode="0750"
-Charles Atkinson
+    dirGroup="adm"
-Charles Atkinson
+    dirOwner="root"
-Charles Atkinson
+    fileCreateMode="0640"
-Charles Atkinson
+    fileGroup="adm"
-Charles Atkinson
+    fileOwner="root"
 Charles Atkinson
-Charles Atkinson
+</pre>/etc/rsyslog.d/10-templates.conf
-Charles Atkinson
+<pre>
-Charles Atkinson
+# rsyslog config fragment for custom templates
 Charles Atkinson
-Charles Atkinson
+# Log file paths
-Charles Atkinson
+template (name="AuthLog"   type="string" string="/srv/syslog/%HOSTNAME%/auth.log")
-Charles Atkinson
+template (name="DaemonLog" type="string" string="/srv/syslog/%HOSTNAME%/daemon.log")
-Charles Atkinson
+template (name="DebugLog"  type="string" string="/srv/syslog/%HOSTNAME%/debug.log")
-Charles Atkinson
+template (name="KernLog"   type="string" string="/srv/syslog/%HOSTNAME%/kern.log")
-Charles Atkinson
+template (name="MailError" type="string" string="/srv/syslog/%HOSTNAME%/mail.error")
-Charles Atkinson
+template (name="MailInfo"  type="string" string="/srv/syslog/%HOSTNAME%/mail.info")
-Charles Atkinson
+template (name="MailLog"   type="string" string="/srv/syslog/%HOSTNAME%/mail.log")
-Charles Atkinson
+template (name="MailWarn"  type="string" string="/srv/syslog/%HOSTNAME%/mail.warn")
-Charles Atkinson
+template (name="Messages"  type="string" string="/srv/syslog/%HOSTNAME%/messages")
-Charles Atkinson
+template (name="Syslog"    type="string" string="/srv/syslog/%HOSTNAME%/syslog")
-Charles Atkinson
+template (name="UserLog"   type="string" string="/srv/syslog/%HOSTNAME%/user.log")
 Charles Atkinson
-Charles Atkinson
+# Message format
-Charles Atkinson
+template (name="MyMsgFormat" type="string"
-Charles Atkinson
+    string="%TIMESTAMP% %HOSTNAME:R,BRE,0,FIELD:^[^.]*\\.[^.]*--end:% %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n"
 Charles Atkinson
-Charles Atkinson
+</pre>/etc/rsyslog.d/20-rulesets.conf
-Charles Atkinson
+<pre>
-Charles Atkinson
+# rsyslog config fragment for custom rulesets
 Charles Atkinson
-Charles Atkinson
+# Ruleset based on package's rsyslog.conf's rules for local messages
-Charles Atkinson
+ruleset(name="imudp"){
-Charles Atkinson
+    auth,authpriv.*             action(type="omfile" dynaFile="AuthLog"   template="MyMsgFormat")
-Charles Atkinson
+    *.*;auth,authpriv.none      action(type="omfile" dynaFile="Syslog"    template="MyMsgFormat")
-Charles Atkinson
+    daemon.*                    action(type="omfile" dynaFile="DaemonLog" template="MyMsgFormat")
-Charles Atkinson
+    kern.*                      action(type="omfile" dynaFile="KernLog"   template="MyMsgFormat")
-Charles Atkinson
+    mail.*                      action(type="omfile" dynaFile="MailLog"   template="MyMsgFormat")
-Charles Atkinson
+    user.*                      action(type="omfile" dynaFile="UserLog"   template="MyMsgFormat")
-Charles Atkinson
+    mail.info                   action(type="omfile" dynaFile="MailInfo"  template="MyMsgFormat")
-Charles Atkinson
+    mail.warn                   action(type="omfile" dynaFile="MailWarn"  template="MyMsgFormat")
-Charles Atkinson
+    mail.err                    action(type="omfile" dynaFile="MailError" template="MyMsgFormat")
-Charles Atkinson
+    *.=debug;\
-Charles Atkinson
+        auth,authpriv.none;\
-Charles Atkinson
+        news.none;mail.none     action(type="omfile" dynaFile="DebugLog"  template="MyMsgFormat")
-Charles Atkinson
+    *.=info;*.=notice;*.=warn;\
-Charles Atkinson
+        auth,authpriv.none;\
-Charles Atkinson
+        cron,daemon.none;\
-Charles Atkinson
+        mail,news.none          action(type="omfile" dynaFile="Messages"  template="MyMsgFormat")
 Charles Atkinson
 Charles Atkinson
-Charles Atkinson
+# Use the ruleset to input module for UPD
-Charles Atkinson
+input(type="imudp" port="514" ruleset="imudp")
-Charles Atkinson
+</pre>/etc/rsyslog.d/debug.conf.disabled
-Charles Atkinson
+<pre>
-Charles Atkinson
+$DebugFile /var/log/rsyslog-debug.log
-Charles Atkinson
+$DebugLevel 2
-Charles Atkinson
+</pre>
 Charles Atkinson
-Charles Atkinson
+h1. Clients
 Charles Atkinson
-Charles Atkinson
+h2. Debian computers
 Charles Atkinson
-Charles Atkinson
+/etc/rsyslog.d/00-rsyslog-server.conf
-Charles Atkinson
+<pre>
-Charles Atkinson
+# Format all messages with hostname as FQDN and send to <syslog server FQDN>
 Charles Atkinson
-Charles Atkinson
+$PreserveFQDN on
-Charles Atkinson
+*.* @<syslog server FQDN>
-Charles Atkinson
+</pre>/etc/logrotate.d/rsyslog (as installed by package except for dateext and dateyesterday
-Charles Atkinson
+<pre>
-Charles Atkinson
+/var/log/syslog
 Charles Atkinson
-Charles Atkinson
+	rotate 7
-Charles Atkinson
+	daily
-Charles Atkinson
+	dateext
-Charles Atkinson
+	dateyesterday
-Charles Atkinson
+	missingok
-Charles Atkinson
+	notifempty
-Charles Atkinson
+	delaycompress
-Charles Atkinson
+	compress
-Charles Atkinson
+	postrotate
-Charles Atkinson
+		invoke-rc.d rsyslog rotate > /dev/null
-Charles Atkinson
+	endscript
 Charles Atkinson
 Charles Atkinson
-Charles Atkinson
+/var/log/mail.info
-Charles Atkinson
+/var/log/mail.warn
-Charles Atkinson
+/var/log/mail.err
-Charles Atkinson
+/var/log/mail.log
-Charles Atkinson
+/var/log/daemon.log
-Charles Atkinson
+/var/log/kern.log
-Charles Atkinson
+/var/log/auth.log
-Charles Atkinson
+/var/log/user.log
-Charles Atkinson
+/var/log/lpr.log
-Charles Atkinson
+/var/log/cron.log
-Charles Atkinson
+/var/log/debug
-Charles Atkinson
+/var/log/messages
 Charles Atkinson
-Charles Atkinson
+	rotate 4
-Charles Atkinson
+	weekly
-Charles Atkinson
+	dateext
-Charles Atkinson
+	dateyesterday
-Charles Atkinson
+	missingok
-Charles Atkinson
+	notifempty
-Charles Atkinson
+	compress
-Charles Atkinson
+	delaycompress
-Charles Atkinson
+	sharedscripts
-Charles Atkinson
+	postrotate
-Charles Atkinson
+		invoke-rc.d rsyslog rotate > /dev/null
-Charles Atkinson
+	endscript
 Charles Atkinson
 Charles Atkinson
-Charles Atkinson
+</pre>
 Charles Atkinson
-Charles Atkinson
+h2. MikroTik routers
 Charles Atkinson
-Charles Atkinson
+<pre>
-Charles Atkinson
+/system logging action
-Charles Atkinson
+set 3 bsd-syslog=yes remote=<syslog server address> src-address=<router address to send messages from> \
-Charles Atkinson
+    syslog-facility=local0 syslog-severity=alert
-Charles Atkinson
+</pre>