$ActionQueueFileName queue
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1
$PreserveFQDN on
global (
    WorkDirectory="/var/spool/rsyslog"
    MaxMessageSize="64k"
  
)
module(load="imklog")
module(load="immark")
module(load="imuxsock" 
          SysSock.RateLimit.Burst="600"
          SysSock.RateLimit.Interval="3"
     
)
if $programname == 'drupal' then stop
# template_RemoteFormat
$template RemoteFormat,"%timegenerated% %syslogtag%%msg:::drop-last-lf%"

if $programname == 'monit' then {
  if $msg contains "status failed (0)" then stop
  action(type="omfile" file="/var/log/monit.log")
  stop
}
if $programname == 'ntpd' then {
  action(type="omfile" file="/var/log/ntp/ntpd.log")
  stop
}
if $programname == 'proftpd' then {
  action(type="omfile" file="/var/log/proftpd/daemon.log")
  stop
}
# remotelog
*.*     @syslog.int.masterhost.ru;RemoteFormat

if $programname == 'ipmievd' then {
  action(type="omfile" file="/var/log/rsyslog/ipmievd_sel.log")
  stop
}
auth,authpriv.*     /var/log/auth.log
*.*;auth,authpriv.none    -/var/log/syslog
cron.*       /var/log/cron.log
daemon.*      -/var/log/daemon.log
kern.*        -/var/log/kern.log
lpr.*       -/var/log/lpr.log
mail.*        -/var/log/mail.log
user.*        -/var/log/user.log
mail.info     -/var/log/mail.info
mail.warn     -/var/log/mail.warn
mail.err      /var/log/mail.err
# boot_wtf_rule
local7.*     -/var/log/boot.log

# news_crit_rule
news.crit     /var/log/news/news.crit

# news_err_rule
news.err     /var/log/news/news.err

# news_notice_rule
news.notice     -/var/log/news/news.notice

# news_wtf_rule
uucp,news.crit     -/var/log/spooler

*.=debug;\
  auth,authpriv.none;\
  news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
  auth,authpriv.none;\
  cron,daemon.none;\
  mail,news.none    -/var/log/messages
if $programname == 'puppet-agent' then {
  action(type="omfile" file="/var/log/rsyslog/puppet-agent.log")
  stop
}
# emerg_rule
*.emerg     -/var/log/syslog