diff options
| -rw-r--r-- | files/resolv.conf/resolv.conf | 4 | ||||
| -rw-r--r-- | files/rsyslog/rsyslog.conf | 97 |
2 files changed, 101 insertions, 0 deletions
diff --git a/files/resolv.conf/resolv.conf b/files/resolv.conf/resolv.conf new file mode 100644 index 000000000..02713fe7f --- /dev/null +++ b/files/resolv.conf/resolv.conf @@ -0,0 +1,4 @@ +search fedoraproject.org vpn.fedoraproject.org fedoraproject.org +nameserver 8.8.8.8 + + diff --git a/files/rsyslog/rsyslog.conf b/files/rsyslog/rsyslog.conf new file mode 100644 index 000000000..8215f5cd7 --- /dev/null +++ b/files/rsyslog/rsyslog.conf @@ -0,0 +1,97 @@ +#rsyslog v3 config file + +# if you experience problems, check +# http://www.rsyslog.com/troubleshoot for assistance + +#### MODULES #### + +$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command) +$ModLoad imklog.so # provides kernel logging support (previously done by rklogd) +#$ModLoad immark.so # provides --MARK-- message capability + +# Provides UDP syslog reception +#$ModLoad imudp.so +#$UDPServerRun 514 + +# Provides TCP syslog reception +#$ModLoad imtcp.so +#$InputTCPServerRun 514 + + +#### GLOBAL DIRECTIVES #### + +# Use default timestamp format +$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat + +# File syncing capability is disabled by default. This feature is usually not required, +# not useful and an extreme performance hit +#$ActionFileEnableSync on + + +#### RULES #### + +# Log all kernel messages to the console. +# Logging much else clutters up the screen. +#kern.* /dev/console + +# Log anything (except mail) of level info or higher. +# Don't log private authentication messages! +*.info;local6.none;mail.none;authpriv.none;cron.none /var/log/messages + +# The authpriv file has restricted access. +authpriv.* /var/log/secure + +# Log all the mail messages in one place. +mail.* -/var/log/maillog + + +# Log cron stuff +cron.* /var/log/cron + +# Everybody gets emergency messages +*.emerg * + +# Save news errors of level crit and higher in a special file. +uucp,news.crit /var/log/spooler + +# Save boot messages also to boot.log +local7.* /var/log/boot.log + +# monitor auditd log and send out over local6 to central loghost +$ModLoad imfile.so + +# auditd audit.log +$InputFileName /var/log/audit/audit.log +$InputFileTag tag_audit_log: +$InputFileStateFile audit_log +$InputFileSeverity info +$InputFileFacility local6 +$InputRunFileMonitor + +# ### begin forwarding rule ### +# The statement between the begin ... end define a SINGLE forwarding +# rule. They belong together, do NOT split them. If you create multiple +# forwarding rules, duplicate the whole block! +# Remote Logging (we use TCP for reliable delivery) +# +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +$WorkDirectory /var/spool/rsyslog # where to place spool files +$ActionQueueFileName fwdRule1 # unique name prefix for spool files +$ActionQueueMaxDiskSpace 512m # 512M space limit (use as much as possible) +$ActionQueueSaveOnShutdown on # save messages to disk on shutdown +$ActionQueueType LinkedList # run asynchronously +$ActionResumeRetryCount -1 # infinite retries if host is down + +# Disable rate limiting +$IMUXSockRateLimitInterval 0 +$SystemLogRateLimitInterval 0 + +# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional +#*.* @@remote-host:514 +# ### end of the forwarding rule ### +cron.*;kern.*;authpriv.*;local7.*;*.info;local6.none @@log02:514 + +:msg, !contains, "type=AVC" ~ +local6.* @@log02:514 + |