I have screenshot the rsyslog.conf rules on here. I have been at this for a while and I am looking for some good answers and explanation to this. Please help me understand. THIS IS LINUX. These are the questions:
- Looking at all the active rules in rsyslog.conf, what action(s) would rsyslog take if a record were received from the kernel with a priority of emerg?
- Looking at all the active rules in rsyslog.conf, what action(s) would rsyslog take if a record were received from a mail facility with a priority of notice?
- Looking at all the active rules in rsyslog.conf, what action(s) would rsyslog take if a record were received from a local6 facility with a priority of err?
#### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern. /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! :msg, contains, "apparmor" *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg :omusrmsg:* # Everybody gets emergency messages *.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log #debug *kern.debug /var/log/mydebug # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace lg # 1gb space limit (use as much as possible) #$ActionQueue SaveOnShutdown on # save messages to disk on shutdown #$ActionQueue Type LinkedList # run asynchronously # Save boot messages also to boot.log local7.* /var/log/boot.log #debug *kern.debug /var/log/mydebug # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple #forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$ActionQueueFileName fwdRulel # unique name prefix for spool files #$ActionQueueMaxDiskSpace lg # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResume RetryCount -1 #infinite retries if host is down #remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #** @@remote-host:514 # ### end of the forwarding rule ### #### RULES #### # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern. /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! :msg, contains, "apparmor" *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg :omusrmsg:* # Everybody gets emergency messages *.emerg :omusrmsg:* # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log #debug *kern.debug /var/log/mydebug # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple # forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$ActionQueueFileName fwdRule1 # unique name prefix for spool files #$ActionQueueMaxDiskSpace lg # 1gb space limit (use as much as possible) #$ActionQueue SaveOnShutdown on # save messages to disk on shutdown #$ActionQueue Type LinkedList # run asynchronously # Save boot messages also to boot.log local7.* /var/log/boot.log #debug *kern.debug /var/log/mydebug # ### begin forwarding rule ### # The statement between the begin ... end define a SINGLE forwarding # rule. They belong together, do NOT split them. If you create multiple #forwarding rules, duplicate the whole block! # Remote Logging (we use TCP for reliable delivery) # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. #$ActionQueueFileName fwdRulel # unique name prefix for spool files #$ActionQueueMaxDiskSpace lg # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResume RetryCount -1 #infinite retries if host is down #remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #** @@remote-host:514 # ### end of the forwarding rule ###
