| Age | Commit message (Collapse) | Author |
|
1.) Fix both syslog and logrotate writing /etc/logrotate.d/vyos-rsyslog
- system_syslog.py generates /etc/logrotate.d/vyos-rsyslog-user for user file
logrotate
- system_logs.py generates /etc/logrotate.d/vyos-rsyslog using configured
rotation parameters
2.) Fix /run/rsyslog/rsyslog.conf ignoring configured size for /var/log/messages
- system_syslog.py retrieves "system logs" config to set rotation limits
- default rotation size is now based on configuration defaults
3.) prifilt strings for rsyslog are modified to use override syntax
(e.g. ";facility.none") when all is combined with other facilities to honor
per facility user intent
Smoke test changes:
Commonize configuration of syslog facilities
Check that prifilt is sane based on configured facilities (i.e. overides only
present when required)
Test wildcard (all) only, specific facility only, and wildcard + specific facility
|
|
checks
- Renamed `permitted-peers` to `permitted-peer` across templates, schema, and tests.
- Added support for multiple `permitted-peer` entries and trimmed empty values.
- Replaced TLS/UDP warning with ConfigError for strict validation.
- Updated tests to use TCP for TLS and verified new validation logic.
|
|
|
|
While working on task T7664 (FRR 10.4 upgrade), I identified the need for
additional validation and safeguards around the FRR management daemon. The
most appropriate place for this logic is in the setUp() and tearDown() methods
of the smoketest base class, VyOSUnitTestSHIM.
However, during implementation, it became apparent that test cases do not
consistently invoke the base class's setup and teardown methods. This
inconsistency complicates the process of capturing the FRR mgmtd PID at the
start of a test and verifying that it remains unchanged by the end - a key step
in detecting crashes or unexpected terminations (e.g., SIGSEGV) of the FRR
management daemon during tests.
|
|
syslog: T4251: Add TLS support to syslog
|
|
When smoketest debugging is enabled (by creating the file
/tmp/vyos.smoketest.debug), all available smoketests will fail fast instead
of running to completion. This helps reduce test time when something is
broken or undergoing refactoring, as it avoids waiting for the full test suite
to finish.
|
|
Add TLS support for remote syslog by extending the CLI and backend to support configuration of CA certificates, client certificates, keys, and authentication modes.
This update integrates with the PKI subsystem for certificate management, ensures proper validation of protocol settings when TLS is enabled, and generates secure rsyslog configuration for forwarding logs over TLS.
|
|
The legal team says years are not necessary so we can go ahead with it, since
it will simplify backporting.
Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \
's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g'
In addition we will error-out during "make" if someone re-adds a legacy
copyright notice
|
|
Systemd states:
The default syslog implementation should make syslog.service a symlink to
itself, so that this socket activates the right actual syslog service.
|
|
|
|
|
|
|
|
Otherwise rsyslog will report an error:
omfwd: could not get addrinfo for hostname '[2001:db8::2]':'514': System error
|
|
New CLI command
set system syslog marker disable
|
|
|
|
|
|
Rsyslog supports individual VRFs per omfwd remote entry - so we should support
this, too.
|
|
The previously "global" options actually were only relevant for the local
logging to /var/log/messages.
|
|
|
|
Move "global preserve-fqdn" one CLI level up, as it relates to all logging
targets (console, global and remote).
|
|
|
|
|
|
Commit 042be39cc ("syslog: T5367: add format option to include timezone in
message") added an invalid, outer if-statement when rendering the rsyslog
configuration option for TCP.
Remote hosts only got added when the format option "octet-counting" was defined
in addition to the TCP protocol. This has been fix and now TCP transport is
decoupled from octet-counting mode.
|
|
|
|
|
|
As there has been no route to the configured syslog servers, smoketests produced:
rsyslogd: omfwd: socket 8: error 101 sending via udp: Network is unreachable
Rather use some fake syslog servers from 127.0.0.0/8 which are directly
connected and we do not need to look up a route, which will suppress the above
error message.
|
|
found using "git ls-files *.py | xargs pylint | grep W0611"
|
|
as it's done with facility. Create basic smoketest for syslog
|