# Use traditional timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
 
# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock
$ModLoad imklog
 
$FileOwner admin
$FileGroup admin
$FileCreateMode 0640
$DirCreateMode 0755
 
*.*     @192.168.210.16
 
$ModLoad imudp
$UDPServerRun 514
 
$DirOwner admin
$DirGroup admin
 
 
$ModLoad imtcp
$InputTCPServerRun 514
 
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console
 
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
 
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure
 
# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
 
 
# Log cron stuff
cron.*                                                  /var/log/cron
 
# Everybody gets emergency messages
*.emerg                                                 *
 
# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler
 
# Save boot messages also to boot.log
local7.*                                                /var/boot/log
 
# Remote logging
 
$ModLoad imudp
$UDPServerAddress *
$UDPServerRun 514
 
$template DYNmessages,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages"
$template DYNsecure,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/secure"
$template DYNmaillog,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/maillog"
$template DYNcron,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/cron"
$template DYNspooler,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/spooler"
$template DYNboot,"/var/log/journaux/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/boot.log"
 
if \
        $source != 'localhost' \
#       and \
#               $syslogseverity <= '4' \
        and ( \
                                $syslogfacility-text != 'mail' \
                        and \
                                $syslogfacility-text != 'authpriv' \
                        and \
                                $syslogfacility-text != 'cron' \
        ) \
then ?DYNmessages
 
if \
        $source != 'localhost' \
                and \
        $syslogfacility-text == 'authpriv' \
then ?DYNsecure
 
if \
        $source != 'localhost' \
                and \
        $syslogfacility-text == 'mail' \
then -?DYNmaillog
 
if \
        $source != 'localhost' \
                and \
        $syslogfacility-text == 'cron' \
then ?DYNcron
 
if \
        $source != 'localhost' \
                and \
        (\
                $syslogfacility-text == 'uucp' \
                        or \
                $syslogfacility-text == 'news' \
        )\
                and \
        $syslogseverity-text == 'crit' \
then ?DYNspooler
 
if \
        $source != 'localhost' \
                and \
        $syslogfacility-text == 'local7' \
then ?DYNboot