From a93a1dbd7d18ff82246b4f7fb9a3757c14e6a9c7 Mon Sep 17 00:00:00 2001 From: hagbard Date: Wed, 4 Dec 2019 08:24:16 -0800 Subject: syslog: T1845: syslog host no longer accepts a port - renamed interface xml - renamed syslog.py to system-syslog.py - moved protocol out of the facility node (bug) - node port created - migration script included --- src/conf_mode/syslog.py | 320 ---------------------------------------- src/conf_mode/system-syslog.py | 321 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 321 insertions(+), 320 deletions(-) delete mode 100755 src/conf_mode/syslog.py create mode 100755 src/conf_mode/system-syslog.py (limited to 'src/conf_mode') diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py deleted file mode 100755 index c4f3d2c9c..000000000 --- a/src/conf_mode/syslog.py +++ /dev/null @@ -1,320 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import os -import re -import jinja2 - -from vyos.config import Config -from vyos import ConfigError - -# config templates - -# /etc/rsyslog.d/vyos-rsyslog.conf ### -configs = ''' -## generated by syslog.py ## -## file based logging -{% if files['global']['marker'] -%} -$ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} -$PreserveFQDN on -{% endif -%} -{% for file in files %} -$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} -{{files[file]['selectors']}} :omfile:${{file}} -{% endfor %} -{% if console %} -## console logging -{% for con in console %} -{{console[con]['selectors']}} /dev/console -{% endfor %} -{% endif %} -{% if hosts %} -## remote logging -{% for host in hosts %} -{% if hosts[host]['proto'] == 'tcp' %} -{{hosts[host]['selectors']}} @@{{host}} -{% else %} -{{hosts[host]['selectors']}} @{{host}} -{% endif %} -{% endfor %} -{% endif %} -{% if user %} -{% for u in user %} -{{user[u]['selectors']}} :omusrmsg:{{u}} -{% endfor %} -{% endif %} -''' - -logrotate_configs = ''' -{% for file in files %} -{{files[file]['log-file']}} { - missingok - notifempty - create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript -} -{% endfor %} -''' -# config templates end - - -def get_config(): - c = Config() - if not c.exists('system syslog'): - return None - c.set_level('system syslog') - - config_data = { - 'files': {}, - 'console': {}, - 'hosts': {}, - 'user': {} - } - - # - # /etc/rsyslog.d/vyos-rsyslog.conf - # 'set system syslog global' - # - config_data['files'].update( - { - 'global': { - 'log-file': '/var/log/messages', - 'max-size': 262144, - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', - 'selectors': '*.notice;local7.debug', - 'max-files': '5', - 'preserver_fqdn': False - } - } - ) - - if c.exists('global marker'): - config_data['files']['global']['marker'] = True - if c.exists('global marker interval'): - config_data['files']['global'][ - 'marker-interval'] = c.return_value('global marker interval') - if c.exists('global facility'): - config_data['files']['global'][ - 'selectors'] = generate_selectors(c, 'global facility') - if c.exists('global archive size'): - config_data['files']['global']['max-size'] = int( - c.return_value('global archive size')) * 1024 - if c.exists('global archive file'): - config_data['files']['global'][ - 'max-files'] = c.return_value('global archive file') - if c.exists('global preserve-fqdn'): - config_data['files']['global']['preserver_fqdn'] = True - - # - # set system syslog file - # - - if c.exists('file'): - filenames = c.list_nodes('file') - for filename in filenames: - config_data['files'].update( - { - filename: { - 'log-file': '/var/log/user/' + filename, - 'max-files': '5', - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, - 'selectors': '*.err', - 'max-size': 262144 - } - } - ) - - if c.exists('file ' + filename + ' facility'): - config_data['files'][filename]['selectors'] = generate_selectors( - c, 'file ' + filename + ' facility') - if c.exists('file ' + filename + ' archive size'): - config_data['files'][filename]['max-size'] = int( - c.return_value('file ' + filename + ' archive size')) * 1024 - if c.exists('file ' + filename + ' archive files'): - config_data['files'][filename]['max-files'] = c.return_value( - 'file ' + filename + ' archive files') - - # set system syslog console - if c.exists('console'): - config_data['console'] = { - '/dev/console': { - 'selectors': '*.err' - } - } - - for f in c.list_nodes('console facility'): - if c.exists('console facility ' + f + ' level'): - config_data['console'] = { - '/dev/console': { - 'selectors': generate_selectors(c, 'console facility') - } - } - - # set system syslog host - if c.exists('host'): - proto = 'udp' - rhosts = c.list_nodes('host') - for rhost in rhosts: - for fac in c.list_nodes('host ' + rhost + ' facility'): - if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): - proto = c.return_value( - 'host ' + rhost + ' facility ' + fac + ' protocol') - - config_data['hosts'].update( - { - rhost: { - 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), - 'proto': proto - } - } - ) - - # set system syslog user - if c.exists('user'): - usrs = c.list_nodes('user') - for usr in usrs: - config_data['user'].update( - { - usr: { - 'selectors': generate_selectors(c, 'user ' + usr + ' facility') - } - } - ) - - return config_data - - -def generate_selectors(c, config_node): -# protocols and security are being mapped here -# for backward compatibility with old configs -# security and protocol mappings can be removed later - if c.is_tag(config_node): - nodes = c.list_nodes(config_node) - selectors = "" - for node in nodes: - lvl = c.return_value(config_node + ' ' + node + ' level') - if lvl == None: - lvl = "err" - if lvl == 'all': - lvl = '*' - if node == 'all' and node != nodes[-1]: - selectors += "*." + lvl + ";" - elif node == 'all': - selectors += "*." + lvl - elif node != nodes[-1]: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl + ";" - else: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl - return selectors - - -def generate(c): - if c == None: - return None - - tmpl = jinja2.Template(configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: - f.write(config_text) - - # eventually write for each file its own logrotate file, since size is - # defined it shouldn't matter - tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: - f.write(config_text) - - -def verify(c): - if c == None: - return None - # - # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) - # it interferes with the global logging, to make sure we are using a single base, template is enforced here - # - if not os.path.islink('/etc/rsyslog.conf'): - os.remove('/etc/rsyslog.conf') - os.symlink( - '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') - - # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there - # is a chance that someone still needs it, so I don't automatically remove - # them - - if c == None: - return None - - fac = [ - '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', - 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] - lvl = ['emerg', 'alert', 'crit', 'err', - 'warning', 'notice', 'info', 'debug', '*'] - - for conf in c: - if c[conf]: - for item in c[conf]: - for s in c[conf][item]['selectors'].split(";"): - f = re.sub("\..*$", "", s) - if f not in fac: - print (c[conf]) - raise ConfigError( - 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) - l = re.sub("^.+\.", "", s) - if l not in lvl: - raise ConfigError( - 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) - - -def apply(c): - if not c and os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl stop syslog.socket") - os.system("sudo systemctl stop rsyslog") - else: - if not os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl start rsyslog >/dev/null") - else: - os.system("sudo systemctl restart rsyslog >/dev/null") - - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py new file mode 100755 index 000000000..f238acc15 --- /dev/null +++ b/src/conf_mode/system-syslog.py @@ -0,0 +1,321 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import re +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +# config templates + +# /etc/rsyslog.d/vyos-rsyslog.conf ### +configs = ''' +## generated by syslog.py ## +## file based logging +{% if files['global']['marker'] -%} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif -%} +{% if files['global']['preserver_fqdn'] -%} +$PreserveFQDN on +{% endif -%} +{% for file in files %} +$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} +{{files[file]['selectors']}} :omfile:${{file}} +{% endfor %} +{% if console %} +## console logging +{% for con in console %} +{{console[con]['selectors']}} /dev/console +{% endfor %} +{% endif %} +{% if hosts %} +## remote logging +{% for host in hosts %} +{% if hosts[host]['proto'] == 'tcp' %} +{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} +{% else %} +{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} +{% endif %} +{% endfor %} +{% endif %} +{% if user %} +{% for u in user %} +{{user[u]['selectors']}} :omusrmsg:{{u}} +{% endfor %} +{% endif %} +''' + +logrotate_configs = ''' +{% for file in files %} +{{files[file]['log-file']}} { + missingok + notifempty + create + rotate {{files[file]['max-files']}} + size={{files[file]['max-size']//1024}}k + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} +{% endfor %} +''' +# config templates end + + +def get_config(): + c = Config() + if not c.exists('system syslog'): + return None + c.set_level('system syslog') + + config_data = { + 'files': {}, + 'console': {}, + 'hosts': {}, + 'user': {} + } + + # + # /etc/rsyslog.d/vyos-rsyslog.conf + # 'set system syslog global' + # + config_data['files'].update( + { + 'global': { + 'log-file': '/var/log/messages', + 'max-size': 262144, + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', + 'selectors': '*.notice;local7.debug', + 'max-files': '5', + 'preserver_fqdn': False + } + } + ) + + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global'][ + 'marker-interval'] = c.return_value('global marker interval') + if c.exists('global facility'): + config_data['files']['global'][ + 'selectors'] = generate_selectors(c, 'global facility') + if c.exists('global archive size'): + config_data['files']['global']['max-size'] = int( + c.return_value('global archive size')) * 1024 + if c.exists('global archive file'): + config_data['files']['global'][ + 'max-files'] = c.return_value('global archive file') + if c.exists('global preserve-fqdn'): + config_data['files']['global']['preserver_fqdn'] = True + + # + # set system syslog file + # + + if c.exists('file'): + filenames = c.list_nodes('file') + for filename in filenames: + config_data['files'].update( + { + filename: { + 'log-file': '/var/log/user/' + filename, + 'max-files': '5', + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, + 'selectors': '*.err', + 'max-size': 262144 + } + } + ) + + if c.exists('file ' + filename + ' facility'): + config_data['files'][filename]['selectors'] = generate_selectors( + c, 'file ' + filename + ' facility') + if c.exists('file ' + filename + ' archive size'): + config_data['files'][filename]['max-size'] = int( + c.return_value('file ' + filename + ' archive size')) * 1024 + if c.exists('file ' + filename + ' archive files'): + config_data['files'][filename]['max-files'] = c.return_value( + 'file ' + filename + ' archive files') + + # set system syslog console + if c.exists('console'): + config_data['console'] = { + '/dev/console': { + 'selectors': '*.err' + } + } + + for f in c.list_nodes('console facility'): + if c.exists('console facility ' + f + ' level'): + config_data['console'] = { + '/dev/console': { + 'selectors': generate_selectors(c, 'console facility') + } + } + + # set system syslog host + if c.exists('host'): + rhosts = c.list_nodes(['host']) + for rhost in rhosts: + if c.exists('host ' + rhost + ' port'): + port = c.return_value(['host', rhost, 'port']) + else: + port = '514' + if c.exists('host ' + rhost + ' protocol'): + proto = c.return_value(['host', rhost, 'protocol']) + else: + proto = 'udp' + config_data['hosts'].update( + { + rhost: { + 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), + 'proto': proto, + 'port' : port + } + } + ) + + # set system syslog user + if c.exists('user'): + usrs = c.list_nodes('user') + for usr in usrs: + config_data['user'].update( + { + usr: { + 'selectors': generate_selectors(c, 'user ' + usr + ' facility') + } + } + ) + + return config_data + + +def generate_selectors(c, config_node): +# protocols and security are being mapped here +# for backward compatibility with old configs +# security and protocol mappings can be removed later + if c.is_tag(config_node): + nodes = c.list_nodes(config_node) + selectors = "" + for node in nodes: + lvl = c.return_value(config_node + ' ' + node + ' level') + if lvl == None: + lvl = "err" + if lvl == 'all': + lvl = '*' + if node == 'all' and node != nodes[-1]: + selectors += "*." + lvl + ";" + elif node == 'all': + selectors += "*." + lvl + elif node != nodes[-1]: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + ";" + else: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + return selectors + + +def generate(c): + if c == None: + return None + + tmpl = jinja2.Template(configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: + f.write(config_text) + + # eventually write for each file its own logrotate file, since size is + # defined it shouldn't matter + tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: + f.write(config_text) + + +def verify(c): + if c == None: + return None + # + # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) + # it interferes with the global logging, to make sure we are using a single base, template is enforced here + # + if not os.path.islink('/etc/rsyslog.conf'): + os.remove('/etc/rsyslog.conf') + os.symlink( + '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') + + # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there + # is a chance that someone still needs it, so I don't automatically remove + # them + + if c == None: + return None + + fac = [ + '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', + 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] + lvl = ['emerg', 'alert', 'crit', 'err', + 'warning', 'notice', 'info', 'debug', '*'] + + for conf in c: + if c[conf]: + for item in c[conf]: + for s in c[conf][item]['selectors'].split(";"): + f = re.sub("\..*$", "", s) + if f not in fac: + raise ConfigError( + 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) + l = re.sub("^.+\.", "", s) + if l not in lvl: + raise ConfigError( + 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) + +def apply(c): + if not c and os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl stop syslog.socket") + os.system("sudo systemctl stop rsyslog") + else: + if not os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl start rsyslog >/dev/null") + else: + os.system("sudo systemctl restart rsyslog >/dev/null") + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) -- cgit v1.2.3 From f412545f8d43ab7523790f159bd4f8416fa94e2e Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Thu, 5 Dec 2019 12:40:03 +0000 Subject: dmvpn: T1784: Add swanctl load call --- src/conf_mode/ipsec-settings.py | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/ipsec-settings.py b/src/conf_mode/ipsec-settings.py index 156bb2edd..331a62316 100755 --- a/src/conf_mode/ipsec-settings.py +++ b/src/conf_mode/ipsec-settings.py @@ -21,6 +21,7 @@ import re import os import jinja2 import syslog as sl +import time import vyos.config import vyos.defaults @@ -38,6 +39,7 @@ server_cert_path = '/etc/ipsec.d/certs' server_key_path = '/etc/ipsec.d/private' delim_ipsec_l2tp_begin = "### VyOS L2TP VPN Begin ###" delim_ipsec_l2tp_end = "### VyOS L2TP VPN End ###" +charon_pidfile = '/var/run/charon.pid' l2pt_ipsec_conf = ''' {{delim_ipsec_l2tp_begin}} @@ -243,11 +245,22 @@ def generate(data): remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_secrets_flie) remove_confs(delim_ipsec_l2tp_begin, delim_ipsec_l2tp_end, ipsec_conf_flie) -def apply(data): - # Do nothing - # StrongSWAN should only be restarted when actual tunnels are configured - # Restart ipsec for l2tp +def restart_ipsec(): os.system("ipsec restart >&/dev/null") + # counter for apply swanctl config + counter = 10 + while counter <= 10: + if os.path.exists(charon_pidfile): + os.system("swanctl -q >&/dev/null") + break + counter -=1 + time.sleep(1) + if counter == 0: + raise ConfigError('VPN configuration error: IPSec is not running.') + +def apply(data): + # Restart IPSec daemon + restart_ipsec() if __name__ == '__main__': try: -- cgit v1.2.3 From c9390e9f1522cf5208dcdce59f2913639ab7fd6d Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 5 Dec 2019 08:06:29 -0800 Subject: Revert "syslog: T1845: syslog host no longer accepts a port" This reverts commit a93a1dbd7d18ff82246b4f7fb9a3757c14e6a9c7. --- interface-definitions/syslog.xml | 932 +++++++++++++++++++++++++++++++ interface-definitions/system-syslog.xml | 945 -------------------------------- src/conf_mode/syslog.py | 320 +++++++++++ src/conf_mode/system-syslog.py | 321 ----------- src/migration-scripts/system/11-to-12 | 55 -- 5 files changed, 1252 insertions(+), 1321 deletions(-) create mode 100644 interface-definitions/syslog.xml delete mode 100644 interface-definitions/system-syslog.xml create mode 100755 src/conf_mode/syslog.py delete mode 100755 src/conf_mode/system-syslog.py delete mode 100755 src/migration-scripts/system/11-to-12 (limited to 'src/conf_mode') diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml new file mode 100644 index 000000000..d5ea4511e --- /dev/null +++ b/interface-definitions/syslog.xml @@ -0,0 +1,932 @@ + + + + + + + System logging + 400 + + + + + Logging to specific user's terminal + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters in user + + username + user login name + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to a remote host + + + (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) + + Invalid host FQDN or IP address + + x.x.x.x or host.domain.tld + Remote host name or IP address + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + syslog communication protocol + + udp + send log messages to remote syslog server over udp + + + tcp + send log messages to remote syslog server over tcp + + + udp tcp + + + (udp|tcp) + + invalid protocol name + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to system standard location + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + ^[a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + logging to serial console + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + + + diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml deleted file mode 100644 index 504efd8fd..000000000 --- a/interface-definitions/system-syslog.xml +++ /dev/null @@ -1,945 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific user's terminal - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters in user - - username - user login name - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to a remote host - - - (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) - - Invalid host FQDN or IP address - - x.x.x.x or host.domain.tld - Remote host name or IP address - - - - - - Syslog communication protocol - - udp - Send log messages to remote syslog server over udp - - - tcp - Send log messages to remote syslog server over tcp - - - udp tcp - - - (udp|tcp) - - Invalid protocol name - - - - - Destination port - - 1-65535 - Protocol destination port - - - - - Invalid destination port - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to system standard location - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds (default: 1200) - - - - - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - ^[a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - logging to serial console - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - - - diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py new file mode 100755 index 000000000..c4f3d2c9c --- /dev/null +++ b/src/conf_mode/syslog.py @@ -0,0 +1,320 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import re +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +# config templates + +# /etc/rsyslog.d/vyos-rsyslog.conf ### +configs = ''' +## generated by syslog.py ## +## file based logging +{% if files['global']['marker'] -%} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif -%} +{% if files['global']['preserver_fqdn'] -%} +$PreserveFQDN on +{% endif -%} +{% for file in files %} +$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} +{{files[file]['selectors']}} :omfile:${{file}} +{% endfor %} +{% if console %} +## console logging +{% for con in console %} +{{console[con]['selectors']}} /dev/console +{% endfor %} +{% endif %} +{% if hosts %} +## remote logging +{% for host in hosts %} +{% if hosts[host]['proto'] == 'tcp' %} +{{hosts[host]['selectors']}} @@{{host}} +{% else %} +{{hosts[host]['selectors']}} @{{host}} +{% endif %} +{% endfor %} +{% endif %} +{% if user %} +{% for u in user %} +{{user[u]['selectors']}} :omusrmsg:{{u}} +{% endfor %} +{% endif %} +''' + +logrotate_configs = ''' +{% for file in files %} +{{files[file]['log-file']}} { + missingok + notifempty + create + rotate {{files[file]['max-files']}} + size={{files[file]['max-size']//1024}}k + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} +{% endfor %} +''' +# config templates end + + +def get_config(): + c = Config() + if not c.exists('system syslog'): + return None + c.set_level('system syslog') + + config_data = { + 'files': {}, + 'console': {}, + 'hosts': {}, + 'user': {} + } + + # + # /etc/rsyslog.d/vyos-rsyslog.conf + # 'set system syslog global' + # + config_data['files'].update( + { + 'global': { + 'log-file': '/var/log/messages', + 'max-size': 262144, + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', + 'selectors': '*.notice;local7.debug', + 'max-files': '5', + 'preserver_fqdn': False + } + } + ) + + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global'][ + 'marker-interval'] = c.return_value('global marker interval') + if c.exists('global facility'): + config_data['files']['global'][ + 'selectors'] = generate_selectors(c, 'global facility') + if c.exists('global archive size'): + config_data['files']['global']['max-size'] = int( + c.return_value('global archive size')) * 1024 + if c.exists('global archive file'): + config_data['files']['global'][ + 'max-files'] = c.return_value('global archive file') + if c.exists('global preserve-fqdn'): + config_data['files']['global']['preserver_fqdn'] = True + + # + # set system syslog file + # + + if c.exists('file'): + filenames = c.list_nodes('file') + for filename in filenames: + config_data['files'].update( + { + filename: { + 'log-file': '/var/log/user/' + filename, + 'max-files': '5', + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, + 'selectors': '*.err', + 'max-size': 262144 + } + } + ) + + if c.exists('file ' + filename + ' facility'): + config_data['files'][filename]['selectors'] = generate_selectors( + c, 'file ' + filename + ' facility') + if c.exists('file ' + filename + ' archive size'): + config_data['files'][filename]['max-size'] = int( + c.return_value('file ' + filename + ' archive size')) * 1024 + if c.exists('file ' + filename + ' archive files'): + config_data['files'][filename]['max-files'] = c.return_value( + 'file ' + filename + ' archive files') + + # set system syslog console + if c.exists('console'): + config_data['console'] = { + '/dev/console': { + 'selectors': '*.err' + } + } + + for f in c.list_nodes('console facility'): + if c.exists('console facility ' + f + ' level'): + config_data['console'] = { + '/dev/console': { + 'selectors': generate_selectors(c, 'console facility') + } + } + + # set system syslog host + if c.exists('host'): + proto = 'udp' + rhosts = c.list_nodes('host') + for rhost in rhosts: + for fac in c.list_nodes('host ' + rhost + ' facility'): + if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): + proto = c.return_value( + 'host ' + rhost + ' facility ' + fac + ' protocol') + + config_data['hosts'].update( + { + rhost: { + 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), + 'proto': proto + } + } + ) + + # set system syslog user + if c.exists('user'): + usrs = c.list_nodes('user') + for usr in usrs: + config_data['user'].update( + { + usr: { + 'selectors': generate_selectors(c, 'user ' + usr + ' facility') + } + } + ) + + return config_data + + +def generate_selectors(c, config_node): +# protocols and security are being mapped here +# for backward compatibility with old configs +# security and protocol mappings can be removed later + if c.is_tag(config_node): + nodes = c.list_nodes(config_node) + selectors = "" + for node in nodes: + lvl = c.return_value(config_node + ' ' + node + ' level') + if lvl == None: + lvl = "err" + if lvl == 'all': + lvl = '*' + if node == 'all' and node != nodes[-1]: + selectors += "*." + lvl + ";" + elif node == 'all': + selectors += "*." + lvl + elif node != nodes[-1]: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + ";" + else: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + return selectors + + +def generate(c): + if c == None: + return None + + tmpl = jinja2.Template(configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: + f.write(config_text) + + # eventually write for each file its own logrotate file, since size is + # defined it shouldn't matter + tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: + f.write(config_text) + + +def verify(c): + if c == None: + return None + # + # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) + # it interferes with the global logging, to make sure we are using a single base, template is enforced here + # + if not os.path.islink('/etc/rsyslog.conf'): + os.remove('/etc/rsyslog.conf') + os.symlink( + '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') + + # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there + # is a chance that someone still needs it, so I don't automatically remove + # them + + if c == None: + return None + + fac = [ + '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', + 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] + lvl = ['emerg', 'alert', 'crit', 'err', + 'warning', 'notice', 'info', 'debug', '*'] + + for conf in c: + if c[conf]: + for item in c[conf]: + for s in c[conf][item]['selectors'].split(";"): + f = re.sub("\..*$", "", s) + if f not in fac: + print (c[conf]) + raise ConfigError( + 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) + l = re.sub("^.+\.", "", s) + if l not in lvl: + raise ConfigError( + 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) + + +def apply(c): + if not c and os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl stop syslog.socket") + os.system("sudo systemctl stop rsyslog") + else: + if not os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl start rsyslog >/dev/null") + else: + os.system("sudo systemctl restart rsyslog >/dev/null") + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py deleted file mode 100755 index f238acc15..000000000 --- a/src/conf_mode/system-syslog.py +++ /dev/null @@ -1,321 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import os -import re -import jinja2 - -from vyos.config import Config -from vyos import ConfigError - -# config templates - -# /etc/rsyslog.d/vyos-rsyslog.conf ### -configs = ''' -## generated by syslog.py ## -## file based logging -{% if files['global']['marker'] -%} -$ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} -$PreserveFQDN on -{% endif -%} -{% for file in files %} -$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} -{{files[file]['selectors']}} :omfile:${{file}} -{% endfor %} -{% if console %} -## console logging -{% for con in console %} -{{console[con]['selectors']}} /dev/console -{% endfor %} -{% endif %} -{% if hosts %} -## remote logging -{% for host in hosts %} -{% if hosts[host]['proto'] == 'tcp' %} -{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} -{% else %} -{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} -{% endif %} -{% endfor %} -{% endif %} -{% if user %} -{% for u in user %} -{{user[u]['selectors']}} :omusrmsg:{{u}} -{% endfor %} -{% endif %} -''' - -logrotate_configs = ''' -{% for file in files %} -{{files[file]['log-file']}} { - missingok - notifempty - create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript -} -{% endfor %} -''' -# config templates end - - -def get_config(): - c = Config() - if not c.exists('system syslog'): - return None - c.set_level('system syslog') - - config_data = { - 'files': {}, - 'console': {}, - 'hosts': {}, - 'user': {} - } - - # - # /etc/rsyslog.d/vyos-rsyslog.conf - # 'set system syslog global' - # - config_data['files'].update( - { - 'global': { - 'log-file': '/var/log/messages', - 'max-size': 262144, - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', - 'selectors': '*.notice;local7.debug', - 'max-files': '5', - 'preserver_fqdn': False - } - } - ) - - if c.exists('global marker'): - config_data['files']['global']['marker'] = True - if c.exists('global marker interval'): - config_data['files']['global'][ - 'marker-interval'] = c.return_value('global marker interval') - if c.exists('global facility'): - config_data['files']['global'][ - 'selectors'] = generate_selectors(c, 'global facility') - if c.exists('global archive size'): - config_data['files']['global']['max-size'] = int( - c.return_value('global archive size')) * 1024 - if c.exists('global archive file'): - config_data['files']['global'][ - 'max-files'] = c.return_value('global archive file') - if c.exists('global preserve-fqdn'): - config_data['files']['global']['preserver_fqdn'] = True - - # - # set system syslog file - # - - if c.exists('file'): - filenames = c.list_nodes('file') - for filename in filenames: - config_data['files'].update( - { - filename: { - 'log-file': '/var/log/user/' + filename, - 'max-files': '5', - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, - 'selectors': '*.err', - 'max-size': 262144 - } - } - ) - - if c.exists('file ' + filename + ' facility'): - config_data['files'][filename]['selectors'] = generate_selectors( - c, 'file ' + filename + ' facility') - if c.exists('file ' + filename + ' archive size'): - config_data['files'][filename]['max-size'] = int( - c.return_value('file ' + filename + ' archive size')) * 1024 - if c.exists('file ' + filename + ' archive files'): - config_data['files'][filename]['max-files'] = c.return_value( - 'file ' + filename + ' archive files') - - # set system syslog console - if c.exists('console'): - config_data['console'] = { - '/dev/console': { - 'selectors': '*.err' - } - } - - for f in c.list_nodes('console facility'): - if c.exists('console facility ' + f + ' level'): - config_data['console'] = { - '/dev/console': { - 'selectors': generate_selectors(c, 'console facility') - } - } - - # set system syslog host - if c.exists('host'): - rhosts = c.list_nodes(['host']) - for rhost in rhosts: - if c.exists('host ' + rhost + ' port'): - port = c.return_value(['host', rhost, 'port']) - else: - port = '514' - if c.exists('host ' + rhost + ' protocol'): - proto = c.return_value(['host', rhost, 'protocol']) - else: - proto = 'udp' - config_data['hosts'].update( - { - rhost: { - 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), - 'proto': proto, - 'port' : port - } - } - ) - - # set system syslog user - if c.exists('user'): - usrs = c.list_nodes('user') - for usr in usrs: - config_data['user'].update( - { - usr: { - 'selectors': generate_selectors(c, 'user ' + usr + ' facility') - } - } - ) - - return config_data - - -def generate_selectors(c, config_node): -# protocols and security are being mapped here -# for backward compatibility with old configs -# security and protocol mappings can be removed later - if c.is_tag(config_node): - nodes = c.list_nodes(config_node) - selectors = "" - for node in nodes: - lvl = c.return_value(config_node + ' ' + node + ' level') - if lvl == None: - lvl = "err" - if lvl == 'all': - lvl = '*' - if node == 'all' and node != nodes[-1]: - selectors += "*." + lvl + ";" - elif node == 'all': - selectors += "*." + lvl - elif node != nodes[-1]: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl + ";" - else: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl - return selectors - - -def generate(c): - if c == None: - return None - - tmpl = jinja2.Template(configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: - f.write(config_text) - - # eventually write for each file its own logrotate file, since size is - # defined it shouldn't matter - tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: - f.write(config_text) - - -def verify(c): - if c == None: - return None - # - # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) - # it interferes with the global logging, to make sure we are using a single base, template is enforced here - # - if not os.path.islink('/etc/rsyslog.conf'): - os.remove('/etc/rsyslog.conf') - os.symlink( - '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') - - # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there - # is a chance that someone still needs it, so I don't automatically remove - # them - - if c == None: - return None - - fac = [ - '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', - 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] - lvl = ['emerg', 'alert', 'crit', 'err', - 'warning', 'notice', 'info', 'debug', '*'] - - for conf in c: - if c[conf]: - for item in c[conf]: - for s in c[conf][item]['selectors'].split(";"): - f = re.sub("\..*$", "", s) - if f not in fac: - raise ConfigError( - 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) - l = re.sub("^.+\.", "", s) - if l not in lvl: - raise ConfigError( - 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) - -def apply(c): - if not c and os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl stop syslog.socket") - os.system("sudo systemctl stop rsyslog") - else: - if not os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl start rsyslog >/dev/null") - else: - os.system("sudo systemctl restart rsyslog >/dev/null") - - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/migration-scripts/system/11-to-12 b/src/migration-scripts/system/11-to-12 deleted file mode 100755 index beba194fc..000000000 --- a/src/migration-scripts/system/11-to-12 +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env python3 - -# converts 'set system syslog host
:' -# to 'set system syslog host
port ' - -import sys -import re - -from vyos.configtree import ConfigTree - -if (len(sys.argv) < 1): - print("Must specify file name!") - sys.exit(1) - -file_name = sys.argv[1] - -with open(file_name, 'r') as f: - config_file = f.read() - -config = ConfigTree(config_file) -cbase = ['system', 'syslog', 'host'] - -if not config.exists(cbase): - sys.exit(0) -else: - config.set(cbase) - config.set_tag(cbase) - for host in config.list_nodes(cbase): - h = None - pt = None - if re.search('^[a-zA-Z\-0-9\.]+', host): - h = re.search('^[a-zA-Z\-0-9\.]+', host).group(0) - if re.search(':[0-9]+$', host): - pt = re.sub(':', '', re.search(':[0-9]+$', host).group(0)) - - config.set(cbase + [h]) - for fac in config.list_nodes(cbase + [host, 'facility']): - config.set(cbase + [h, 'facility', fac]) - config.set_tag(cbase + [h, 'facility']) - lvl = config.return_value(cbase + [host, 'facility', fac, 'level']) - prot = config.return_value(cbase + [host, 'facility', fac, 'protocol']) - config.set(cbase + [h, 'facility', fac, 'level'], value=lvl) - # port can be be in each tag node and different, - # that's something we can't fix here - if prot: - config.set(cbase + [h, 'protocol'], value=prot) - config.set(cbase + [h, 'port'], value=pt) - config.delete(cbase + [host]) - - try: - open(file_name,'w').write(config.to_string()) - except OSError as e: - print("Failed to save the modified config: {}".format(e)) - sys.exit(1) - -- cgit v1.2.3 From fde531d3791a3d71aa27f99244d7cbb3b3625bf0 Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 5 Dec 2019 13:56:26 -0800 Subject: wireguard: T1853: disable peer doesn't work --- src/conf_mode/interfaces-wireguard.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/conf_mode') diff --git a/src/conf_mode/interfaces-wireguard.py b/src/conf_mode/interfaces-wireguard.py index 013a07f32..cac911c8c 100755 --- a/src/conf_mode/interfaces-wireguard.py +++ b/src/conf_mode/interfaces-wireguard.py @@ -169,6 +169,10 @@ def get_config(): if key_eff != key_cfg and key_eff != None: wg['peer_remove'].append(key_cfg) + # if a peer is disabled, we have to exec a remove for it's pubkey + else: + peer_key = c.return_value('peer {peer} pubkey'.format(peer=p)) + wg['peer_remove'].append(peer_key) return wg @@ -191,6 +195,7 @@ def verify(c): if not c['peer'][p]['pubkey']: raise ConfigError("peer pubkey required for peer " + p) + def apply(c): # no wg configs left, remove all interface from system # maybe move it into ifconfig.py -- cgit v1.2.3 From a45c23b57f09a805843c72d3dee5256eb118497a Mon Sep 17 00:00:00 2001 From: hagbard Date: Thu, 5 Dec 2019 15:13:11 -0800 Subject: syslog: renaming files and conf script to fit new scheme --- interface-definitions/syslog.xml | 932 -------------------------------- interface-definitions/system-syslog.xml | 932 ++++++++++++++++++++++++++++++++ src/conf_mode/syslog.py | 320 ----------- src/conf_mode/system-syslog.py | 320 +++++++++++ 4 files changed, 1252 insertions(+), 1252 deletions(-) delete mode 100644 interface-definitions/syslog.xml create mode 100644 interface-definitions/system-syslog.xml delete mode 100755 src/conf_mode/syslog.py create mode 100755 src/conf_mode/system-syslog.py (limited to 'src/conf_mode') diff --git a/interface-definitions/syslog.xml b/interface-definitions/syslog.xml deleted file mode 100644 index d5ea4511e..000000000 --- a/interface-definitions/syslog.xml +++ /dev/null @@ -1,932 +0,0 @@ - - - - - - - System logging - 400 - - - - - Logging to specific user's terminal - - ^[a-z_][a-z0-9_-]{1,31}[$]? - - illegal characters in user - - username - user login name - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to a remote host - - - (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) - - Invalid host FQDN or IP address - - x.x.x.x or host.domain.tld - Remote host name or IP address - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - syslog communication protocol - - udp - send log messages to remote syslog server over udp - - - tcp - send log messages to remote syslog server over tcp - - - udp tcp - - - (udp|tcp) - - invalid protocol name - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - Logging to system standard location - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - mark messages sent to syslog - - - - - time interval how often a mark message is being sent in seconds (default: 1200) - - - - - - - - - - uses FQDN for logging - - - - - - - - Logging to a file - - ^[a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files (default is 5) - - ^[0-9]+ - - illegal characters in number of files - - - - - Size of log files (in kbytes, default is 256) - - ^[0-9]+ - - illegal characters in size - - - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - logging to serial console - - - - - Facility for logging - - auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all - - - (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) - - Invalid facility type - - all - All facilities excluding "mark" - - - auth - Authentication and authorization - - - authpriv - Non-system authorization - - - cron - Cron daemon - - - daemon - System daemons - - - kern - Kernel - - - lpr - Line printer spooler - - - mail - Mail subsystem - - - mark - Timestamp - - - news - USENET subsystem - - - protocols - depricated will be set to local7 - - - security - depricated will be set to auth - - - syslog - Authentication and authorization - - - user - Application processes - - - uucp - UUCP subsystem - - - local0 - Local facility 0 - - - local1 - Local facility 1 - - - local2 - Local facility 2 - - - local3 - Local facility 3 - - - local4 - Local facility 4 - - - local5 - Local facility 5 - - - local6 - Local facility 6 - - - local7 - Local facility 7 - - - - - - Logging level - - emerg alert crit err warning notice info debug all - - - (emerg|alert|crit|err|warning|notice|info|debug|all) - - Invalid loglevel - - emerg - Emergency messages - - - alert - Urgent messages - - - crit - Critical messages - - - err - Error messages - - - warning - Warning messages - - - notice - Messages for further investigation - - - info - Informational messages - - - debug - Debug messages - - - all - Log everything - - - - - - - - - - - - diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml new file mode 100644 index 000000000..2d6af5395 --- /dev/null +++ b/interface-definitions/system-syslog.xml @@ -0,0 +1,932 @@ + + + + + + + System logging + 400 + + + + + Logging to specific user's terminal + + ^[a-z_][a-z0-9_-]{1,31}[$]? + + illegal characters in user + + username + user login name + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to a remote host + + + (?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$) + + Invalid host FQDN or IP address + + x.x.x.x or host.domain.tld + Remote host name or IP address + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + syslog communication protocol + + udp + send log messages to remote syslog server over udp + + + tcp + send log messages to remote syslog server over tcp + + + udp tcp + + + (udp|tcp) + + invalid protocol name + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + Logging to system standard location + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + mark messages sent to syslog + + + + + time interval how often a mark message is being sent in seconds (default: 1200) + + + + + + + + + + uses FQDN for logging + + + + + + + + Logging to a file + + ^[a-zA-Z0-9\-_.]{1,255} + + illegal characters in filename or filename longer than 255 characters + + + + + Log file size and rotation characteristics + + + + + Number of saved files (default is 5) + + ^[0-9]+ + + illegal characters in number of files + + + + + Size of log files (in kbytes, default is 256) + + ^[0-9]+ + + illegal characters in size + + + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + logging to serial console + + + + + Facility for logging + + auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all + + + (auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all) + + Invalid facility type + + all + All facilities excluding "mark" + + + auth + Authentication and authorization + + + authpriv + Non-system authorization + + + cron + Cron daemon + + + daemon + System daemons + + + kern + Kernel + + + lpr + Line printer spooler + + + mail + Mail subsystem + + + mark + Timestamp + + + news + USENET subsystem + + + protocols + depricated will be set to local7 + + + security + depricated will be set to auth + + + syslog + Authentication and authorization + + + user + Application processes + + + uucp + UUCP subsystem + + + local0 + Local facility 0 + + + local1 + Local facility 1 + + + local2 + Local facility 2 + + + local3 + Local facility 3 + + + local4 + Local facility 4 + + + local5 + Local facility 5 + + + local6 + Local facility 6 + + + local7 + Local facility 7 + + + + + + Logging level + + emerg alert crit err warning notice info debug all + + + (emerg|alert|crit|err|warning|notice|info|debug|all) + + Invalid loglevel + + emerg + Emergency messages + + + alert + Urgent messages + + + crit + Critical messages + + + err + Error messages + + + warning + Warning messages + + + notice + Messages for further investigation + + + info + Informational messages + + + debug + Debug messages + + + all + Log everything + + + + + + + + + + + + diff --git a/src/conf_mode/syslog.py b/src/conf_mode/syslog.py deleted file mode 100755 index c4f3d2c9c..000000000 --- a/src/conf_mode/syslog.py +++ /dev/null @@ -1,320 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2018 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# - -import sys -import os -import re -import jinja2 - -from vyos.config import Config -from vyos import ConfigError - -# config templates - -# /etc/rsyslog.d/vyos-rsyslog.conf ### -configs = ''' -## generated by syslog.py ## -## file based logging -{% if files['global']['marker'] -%} -$ModLoad immark -{% if files['global']['marker-interval'] %} -$MarkMessagePeriod {{files['global']['marker-interval']}} -{% endif %} -{% endif -%} -{% if files['global']['preserver_fqdn'] -%} -$PreserveFQDN on -{% endif -%} -{% for file in files %} -$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} -{{files[file]['selectors']}} :omfile:${{file}} -{% endfor %} -{% if console %} -## console logging -{% for con in console %} -{{console[con]['selectors']}} /dev/console -{% endfor %} -{% endif %} -{% if hosts %} -## remote logging -{% for host in hosts %} -{% if hosts[host]['proto'] == 'tcp' %} -{{hosts[host]['selectors']}} @@{{host}} -{% else %} -{{hosts[host]['selectors']}} @{{host}} -{% endif %} -{% endfor %} -{% endif %} -{% if user %} -{% for u in user %} -{{user[u]['selectors']}} :omusrmsg:{{u}} -{% endfor %} -{% endif %} -''' - -logrotate_configs = ''' -{% for file in files %} -{{files[file]['log-file']}} { - missingok - notifempty - create - rotate {{files[file]['max-files']}} - size={{files[file]['max-size']//1024}}k - postrotate - invoke-rc.d rsyslog rotate > /dev/null - endscript -} -{% endfor %} -''' -# config templates end - - -def get_config(): - c = Config() - if not c.exists('system syslog'): - return None - c.set_level('system syslog') - - config_data = { - 'files': {}, - 'console': {}, - 'hosts': {}, - 'user': {} - } - - # - # /etc/rsyslog.d/vyos-rsyslog.conf - # 'set system syslog global' - # - config_data['files'].update( - { - 'global': { - 'log-file': '/var/log/messages', - 'max-size': 262144, - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', - 'selectors': '*.notice;local7.debug', - 'max-files': '5', - 'preserver_fqdn': False - } - } - ) - - if c.exists('global marker'): - config_data['files']['global']['marker'] = True - if c.exists('global marker interval'): - config_data['files']['global'][ - 'marker-interval'] = c.return_value('global marker interval') - if c.exists('global facility'): - config_data['files']['global'][ - 'selectors'] = generate_selectors(c, 'global facility') - if c.exists('global archive size'): - config_data['files']['global']['max-size'] = int( - c.return_value('global archive size')) * 1024 - if c.exists('global archive file'): - config_data['files']['global'][ - 'max-files'] = c.return_value('global archive file') - if c.exists('global preserve-fqdn'): - config_data['files']['global']['preserver_fqdn'] = True - - # - # set system syslog file - # - - if c.exists('file'): - filenames = c.list_nodes('file') - for filename in filenames: - config_data['files'].update( - { - filename: { - 'log-file': '/var/log/user/' + filename, - 'max-files': '5', - 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, - 'selectors': '*.err', - 'max-size': 262144 - } - } - ) - - if c.exists('file ' + filename + ' facility'): - config_data['files'][filename]['selectors'] = generate_selectors( - c, 'file ' + filename + ' facility') - if c.exists('file ' + filename + ' archive size'): - config_data['files'][filename]['max-size'] = int( - c.return_value('file ' + filename + ' archive size')) * 1024 - if c.exists('file ' + filename + ' archive files'): - config_data['files'][filename]['max-files'] = c.return_value( - 'file ' + filename + ' archive files') - - # set system syslog console - if c.exists('console'): - config_data['console'] = { - '/dev/console': { - 'selectors': '*.err' - } - } - - for f in c.list_nodes('console facility'): - if c.exists('console facility ' + f + ' level'): - config_data['console'] = { - '/dev/console': { - 'selectors': generate_selectors(c, 'console facility') - } - } - - # set system syslog host - if c.exists('host'): - proto = 'udp' - rhosts = c.list_nodes('host') - for rhost in rhosts: - for fac in c.list_nodes('host ' + rhost + ' facility'): - if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): - proto = c.return_value( - 'host ' + rhost + ' facility ' + fac + ' protocol') - - config_data['hosts'].update( - { - rhost: { - 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), - 'proto': proto - } - } - ) - - # set system syslog user - if c.exists('user'): - usrs = c.list_nodes('user') - for usr in usrs: - config_data['user'].update( - { - usr: { - 'selectors': generate_selectors(c, 'user ' + usr + ' facility') - } - } - ) - - return config_data - - -def generate_selectors(c, config_node): -# protocols and security are being mapped here -# for backward compatibility with old configs -# security and protocol mappings can be removed later - if c.is_tag(config_node): - nodes = c.list_nodes(config_node) - selectors = "" - for node in nodes: - lvl = c.return_value(config_node + ' ' + node + ' level') - if lvl == None: - lvl = "err" - if lvl == 'all': - lvl = '*' - if node == 'all' and node != nodes[-1]: - selectors += "*." + lvl + ";" - elif node == 'all': - selectors += "*." + lvl - elif node != nodes[-1]: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl + ";" - else: - if node == 'protocols': - node = 'local7' - if node == 'security': - node = 'auth' - selectors += node + "." + lvl - return selectors - - -def generate(c): - if c == None: - return None - - tmpl = jinja2.Template(configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: - f.write(config_text) - - # eventually write for each file its own logrotate file, since size is - # defined it shouldn't matter - tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) - config_text = tmpl.render(c) - with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: - f.write(config_text) - - -def verify(c): - if c == None: - return None - # - # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) - # it interferes with the global logging, to make sure we are using a single base, template is enforced here - # - if not os.path.islink('/etc/rsyslog.conf'): - os.remove('/etc/rsyslog.conf') - os.symlink( - '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') - - # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there - # is a chance that someone still needs it, so I don't automatically remove - # them - - if c == None: - return None - - fac = [ - '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', - 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] - lvl = ['emerg', 'alert', 'crit', 'err', - 'warning', 'notice', 'info', 'debug', '*'] - - for conf in c: - if c[conf]: - for item in c[conf]: - for s in c[conf][item]['selectors'].split(";"): - f = re.sub("\..*$", "", s) - if f not in fac: - print (c[conf]) - raise ConfigError( - 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) - l = re.sub("^.+\.", "", s) - if l not in lvl: - raise ConfigError( - 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) - - -def apply(c): - if not c and os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl stop syslog.socket") - os.system("sudo systemctl stop rsyslog") - else: - if not os.path.exists('/var/run/rsyslogd.pid'): - os.system("sudo systemctl start rsyslog >/dev/null") - else: - os.system("sudo systemctl restart rsyslog >/dev/null") - - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - sys.exit(1) diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py new file mode 100755 index 000000000..c4f3d2c9c --- /dev/null +++ b/src/conf_mode/system-syslog.py @@ -0,0 +1,320 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2018 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# + +import sys +import os +import re +import jinja2 + +from vyos.config import Config +from vyos import ConfigError + +# config templates + +# /etc/rsyslog.d/vyos-rsyslog.conf ### +configs = ''' +## generated by syslog.py ## +## file based logging +{% if files['global']['marker'] -%} +$ModLoad immark +{% if files['global']['marker-interval'] %} +$MarkMessagePeriod {{files['global']['marker-interval']}} +{% endif %} +{% endif -%} +{% if files['global']['preserver_fqdn'] -%} +$PreserveFQDN on +{% endif -%} +{% for file in files %} +$outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{files[file]['action-on-max-size']}} +{{files[file]['selectors']}} :omfile:${{file}} +{% endfor %} +{% if console %} +## console logging +{% for con in console %} +{{console[con]['selectors']}} /dev/console +{% endfor %} +{% endif %} +{% if hosts %} +## remote logging +{% for host in hosts %} +{% if hosts[host]['proto'] == 'tcp' %} +{{hosts[host]['selectors']}} @@{{host}} +{% else %} +{{hosts[host]['selectors']}} @{{host}} +{% endif %} +{% endfor %} +{% endif %} +{% if user %} +{% for u in user %} +{{user[u]['selectors']}} :omusrmsg:{{u}} +{% endfor %} +{% endif %} +''' + +logrotate_configs = ''' +{% for file in files %} +{{files[file]['log-file']}} { + missingok + notifempty + create + rotate {{files[file]['max-files']}} + size={{files[file]['max-size']//1024}}k + postrotate + invoke-rc.d rsyslog rotate > /dev/null + endscript +} +{% endfor %} +''' +# config templates end + + +def get_config(): + c = Config() + if not c.exists('system syslog'): + return None + c.set_level('system syslog') + + config_data = { + 'files': {}, + 'console': {}, + 'hosts': {}, + 'user': {} + } + + # + # /etc/rsyslog.d/vyos-rsyslog.conf + # 'set system syslog global' + # + config_data['files'].update( + { + 'global': { + 'log-file': '/var/log/messages', + 'max-size': 262144, + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog', + 'selectors': '*.notice;local7.debug', + 'max-files': '5', + 'preserver_fqdn': False + } + } + ) + + if c.exists('global marker'): + config_data['files']['global']['marker'] = True + if c.exists('global marker interval'): + config_data['files']['global'][ + 'marker-interval'] = c.return_value('global marker interval') + if c.exists('global facility'): + config_data['files']['global'][ + 'selectors'] = generate_selectors(c, 'global facility') + if c.exists('global archive size'): + config_data['files']['global']['max-size'] = int( + c.return_value('global archive size')) * 1024 + if c.exists('global archive file'): + config_data['files']['global'][ + 'max-files'] = c.return_value('global archive file') + if c.exists('global preserve-fqdn'): + config_data['files']['global']['preserver_fqdn'] = True + + # + # set system syslog file + # + + if c.exists('file'): + filenames = c.list_nodes('file') + for filename in filenames: + config_data['files'].update( + { + filename: { + 'log-file': '/var/log/user/' + filename, + 'max-files': '5', + 'action-on-max-size': '/usr/sbin/logrotate /etc/logrotate.d/' + filename, + 'selectors': '*.err', + 'max-size': 262144 + } + } + ) + + if c.exists('file ' + filename + ' facility'): + config_data['files'][filename]['selectors'] = generate_selectors( + c, 'file ' + filename + ' facility') + if c.exists('file ' + filename + ' archive size'): + config_data['files'][filename]['max-size'] = int( + c.return_value('file ' + filename + ' archive size')) * 1024 + if c.exists('file ' + filename + ' archive files'): + config_data['files'][filename]['max-files'] = c.return_value( + 'file ' + filename + ' archive files') + + # set system syslog console + if c.exists('console'): + config_data['console'] = { + '/dev/console': { + 'selectors': '*.err' + } + } + + for f in c.list_nodes('console facility'): + if c.exists('console facility ' + f + ' level'): + config_data['console'] = { + '/dev/console': { + 'selectors': generate_selectors(c, 'console facility') + } + } + + # set system syslog host + if c.exists('host'): + proto = 'udp' + rhosts = c.list_nodes('host') + for rhost in rhosts: + for fac in c.list_nodes('host ' + rhost + ' facility'): + if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): + proto = c.return_value( + 'host ' + rhost + ' facility ' + fac + ' protocol') + + config_data['hosts'].update( + { + rhost: { + 'selectors': generate_selectors(c, 'host ' + rhost + ' facility'), + 'proto': proto + } + } + ) + + # set system syslog user + if c.exists('user'): + usrs = c.list_nodes('user') + for usr in usrs: + config_data['user'].update( + { + usr: { + 'selectors': generate_selectors(c, 'user ' + usr + ' facility') + } + } + ) + + return config_data + + +def generate_selectors(c, config_node): +# protocols and security are being mapped here +# for backward compatibility with old configs +# security and protocol mappings can be removed later + if c.is_tag(config_node): + nodes = c.list_nodes(config_node) + selectors = "" + for node in nodes: + lvl = c.return_value(config_node + ' ' + node + ' level') + if lvl == None: + lvl = "err" + if lvl == 'all': + lvl = '*' + if node == 'all' and node != nodes[-1]: + selectors += "*." + lvl + ";" + elif node == 'all': + selectors += "*." + lvl + elif node != nodes[-1]: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + ";" + else: + if node == 'protocols': + node = 'local7' + if node == 'security': + node = 'auth' + selectors += node + "." + lvl + return selectors + + +def generate(c): + if c == None: + return None + + tmpl = jinja2.Template(configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/rsyslog.d/vyos-rsyslog.conf', 'w') as f: + f.write(config_text) + + # eventually write for each file its own logrotate file, since size is + # defined it shouldn't matter + tmpl = jinja2.Template(logrotate_configs, trim_blocks=True) + config_text = tmpl.render(c) + with open('/etc/logrotate.d/vyos-rsyslog', 'w') as f: + f.write(config_text) + + +def verify(c): + if c == None: + return None + # + # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) + # it interferes with the global logging, to make sure we are using a single base, template is enforced here + # + if not os.path.islink('/etc/rsyslog.conf'): + os.remove('/etc/rsyslog.conf') + os.symlink( + '/usr/share/vyos/templates/rsyslog/rsyslog.conf', '/etc/rsyslog.conf') + + # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there + # is a chance that someone still needs it, so I don't automatically remove + # them + + if c == None: + return None + + fac = [ + '*', 'auth', 'authpriv', 'cron', 'daemon', 'kern', 'lpr', 'mail', 'mark', 'news', 'protocols', 'security', + 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7'] + lvl = ['emerg', 'alert', 'crit', 'err', + 'warning', 'notice', 'info', 'debug', '*'] + + for conf in c: + if c[conf]: + for item in c[conf]: + for s in c[conf][item]['selectors'].split(";"): + f = re.sub("\..*$", "", s) + if f not in fac: + print (c[conf]) + raise ConfigError( + 'Invalid facility ' + s + ' set in ' + conf + ' ' + item) + l = re.sub("^.+\.", "", s) + if l not in lvl: + raise ConfigError( + 'Invalid logging level ' + s + ' set in ' + conf + ' ' + item) + + +def apply(c): + if not c and os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl stop syslog.socket") + os.system("sudo systemctl stop rsyslog") + else: + if not os.path.exists('/var/run/rsyslogd.pid'): + os.system("sudo systemctl start rsyslog >/dev/null") + else: + os.system("sudo systemctl restart rsyslog >/dev/null") + + +if __name__ == '__main__': + try: + c = get_config() + verify(c) + generate(c) + apply(c) + except ConfigError as e: + print(e) + sys.exit(1) -- cgit v1.2.3 From 123e7f8c07f56ad868604bcb42f8da095f97b2c9 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 6 Dec 2019 07:59:59 -0800 Subject: syslog: T1845: syslog host no longer accepts a port - created 'set system syslog host port' --- interface-definitions/system-syslog.xml | 13 +++++++++++++ src/conf_mode/system-syslog.py | 17 +++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) (limited to 'src/conf_mode') diff --git a/interface-definitions/system-syslog.xml b/interface-definitions/system-syslog.xml index 2d6af5395..8f4b105c8 100644 --- a/interface-definitions/system-syslog.xml +++ b/interface-definitions/system-syslog.xml @@ -191,6 +191,19 @@ + + + Destination port + + 1-65535 + Destination port + + + + + Invalid destination port value + + Facility for logging diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index c4f3d2c9c..950a185bc 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -53,10 +53,18 @@ $outchannel {{file}},{{files[file]['log-file']}},{{files[file]['max-size']}},{{f ## remote logging {% for host in hosts %} {% if hosts[host]['proto'] == 'tcp' %} +{% if hosts[host]['port'] %} +{{hosts[host]['selectors']}} @@{{host}}:{{hosts[host]['port']}} +{% else %} {{hosts[host]['selectors']}} @@{{host}} +{% endif %} +{% else %} +{% if hosts[host]['port'] %} +{{hosts[host]['selectors']}} @{{host}}:{{hosts[host]['port']}} {% else %} {{hosts[host]['selectors']}} @{{host}} {% endif %} +{% endif %} {% endfor %} {% endif %} {% if user %} @@ -177,13 +185,14 @@ def get_config(): # set system syslog host if c.exists('host'): - proto = 'udp' rhosts = c.list_nodes('host') for rhost in rhosts: for fac in c.list_nodes('host ' + rhost + ' facility'): if c.exists('host ' + rhost + ' facility ' + fac + ' protocol'): proto = c.return_value( 'host ' + rhost + ' facility ' + fac + ' protocol') + else: + proto = 'udp' config_data['hosts'].update( { @@ -193,6 +202,8 @@ def get_config(): } } ) + if c.exists('host ' + rhost + ' port'): + config_data['hosts'][rhost]['port'] = c.return_value(['host', rhost, 'port']) # set system syslog user if c.exists('user'): @@ -261,7 +272,8 @@ def generate(c): def verify(c): if c == None: return None - # + + ### may be obsolete # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) # it interferes with the global logging, to make sure we are using a single base, template is enforced here # @@ -273,6 +285,7 @@ def verify(c): # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there # is a chance that someone still needs it, so I don't automatically remove # them + ### if c == None: return None -- cgit v1.2.3 From d02b0d62185018521cd8e14e550af72551b15ae9 Mon Sep 17 00:00:00 2001 From: hagbard Date: Fri, 6 Dec 2019 08:07:25 -0800 Subject: syslog: code formatting --- src/conf_mode/system-syslog.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/system-syslog.py b/src/conf_mode/system-syslog.py index 950a185bc..4f0a54962 100755 --- a/src/conf_mode/system-syslog.py +++ b/src/conf_mode/system-syslog.py @@ -203,7 +203,8 @@ def get_config(): } ) if c.exists('host ' + rhost + ' port'): - config_data['hosts'][rhost]['port'] = c.return_value(['host', rhost, 'port']) + config_data['hosts'][rhost][ + 'port'] = c.return_value(['host', rhost, 'port']) # set system syslog user if c.exists('user'): @@ -273,7 +274,7 @@ def verify(c): if c == None: return None - ### may be obsolete + # may be obsolete # /etc/rsyslog.conf is generated somewhere and copied over the original (exists in /opt/vyatta/etc/rsyslog.conf) # it interferes with the global logging, to make sure we are using a single base, template is enforced here # @@ -285,7 +286,7 @@ def verify(c): # /var/log/vyos-rsyslog were the old files, we may want to clean those up, but currently there # is a chance that someone still needs it, so I don't automatically remove # them - ### + # if c == None: return None -- cgit v1.2.3 From c4c0cc382ffa98cd9e0adb31dabc46ba4aa30674 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 6 Dec 2019 18:49:37 +0100 Subject: ddclient: T1853: bugfix TypeError exception When service was deleted we tried accessing a key in the dictionary. But there was no dictionary at all as get_config() returned 'None' instead of 'dyndns'. --- src/conf_mode/dynamic_dns.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'src/conf_mode') diff --git a/src/conf_mode/dynamic_dns.py b/src/conf_mode/dynamic_dns.py index 7c3b9ff6a..9ba8659a1 100755 --- a/src/conf_mode/dynamic_dns.py +++ b/src/conf_mode/dynamic_dns.py @@ -95,6 +95,7 @@ default_service_protocol = { default_config_data = { 'interfaces': [], 'cache_file': cache_file, + 'deleted': False, 'pid_file': pid_file } @@ -102,7 +103,8 @@ def get_config(): dyndns = default_config_data conf = Config() if not conf.exists('service dns dynamic'): - return None + dyndns['deleted'] = True + return dyndns else: conf.set_level('service dns dynamic') @@ -194,7 +196,7 @@ def get_config(): def verify(dyndns): # bail out early - looks like removal from running config - if dyndns is None: + if dyndns['deleted']: return None # A 'node' corresponds to an interface @@ -239,7 +241,10 @@ def verify(dyndns): def generate(dyndns): # bail out early - looks like removal from running config - if dyndns is None: + if dyndns['deleted']: + if os.path.exists(config_file): + os.unlink(config_file) + return None dirname = os.path.dirname(dyndns['pid_file']) @@ -264,7 +269,7 @@ def apply(dyndns): if os.path.exists('/etc/ddclient.conf'): os.unlink('/etc/ddclient.conf') - if dyndns is None: + if dyndns['deleted']: os.system('/etc/init.d/ddclient stop') if os.path.exists(dyndns['pid_file']): os.unlink(dyndns['pid_file']) -- cgit v1.2.3