From 395e3cb72c521ea9d62c0efd1620e679fc709cda Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 8 Jan 2025 20:41:03 +0100 Subject: syslog: T6989: remove "file" logging destination --- data/templates/rsyslog/rsyslog.conf.j2 | 14 -------- .../include/version/system-version.xml.i | 2 +- interface-definitions/system_syslog.xml.in | 39 ---------------------- src/migration-scripts/system/28-to-29 | 29 ++++++++++++++++ 4 files changed, 30 insertions(+), 54 deletions(-) create mode 100644 src/migration-scripts/system/28-to-29 diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 253a4bee2..67c062ab9 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -24,20 +24,6 @@ $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }} {{ tmp | join(';') }} :omfile:$global {% endif %} -{% if file is vyos_defined %} -# File based configuration section -{% for file_name, file_options in file.items() %} -{% set tmp = [] %} -$outchannel {{ file_name }},/var/log/user/{{ file_name }},{{ file_options.archive.size }},/usr/sbin/logrotate {{ logrotate }} -{% if file_options.facility is vyos_defined %} -{% for facility, facility_options in file_options.facility.items() %} -{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %} -{% endfor %} -{% endif %} -{{ tmp | join(';') }} :omfile:${{ file }} -{% endfor %} -{% endif %} - {% if console.facility is vyos_defined %} # Console logging {% set tmp = [] %} diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i index 3ecf124c7..5cdece74a 100644 --- a/interface-definitions/include/version/system-version.xml.i +++ b/interface-definitions/include/version/system-version.xml.i @@ -1,3 +1,3 @@ - + diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 0a9a00572..1d5b3635f 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -106,45 +106,6 @@ - - - Logging to a file - - [a-zA-Z0-9\-_.]{1,255} - - illegal characters in filename or filename longer than 255 characters - - - - - Log file size and rotation characteristics - - - - - Number of saved files - - [0-9]+ - - illegal characters in number of files - - 5 - - - - Size of log files in kbytes - - [0-9]+ - - illegal characters in size - - 256 - - - - #include - - logging to serial console diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 new file mode 100644 index 000000000..e12063fc4 --- /dev/null +++ b/src/migration-scripts/system/28-to-29 @@ -0,0 +1,29 @@ +# Copyright 2025 VyOS maintainers and contributors +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see . + +# T6989: +# - remove syslog arbitrary file logging +# - remove syslog user console logging + +from vyos.configtree import ConfigTree + +base = ['system', 'syslog'] + +def migrate(config: ConfigTree) -> None: + if not config.exists(base): + return + + if config.exists(base + ['file']): + config.delete(base + ['file']) -- cgit v1.2.3 From 196797346b973d1eba3f3d000321786c54e3bdbf Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 8 Jan 2025 20:41:36 +0100 Subject: syslog: T6989: remove CLI option for user terminal logging Should be added as runtime option similar to "terminal monitor" known from other vendors. --- data/templates/rsyslog/rsyslog.conf.j2 | 13 ------------- interface-definitions/system_syslog.xml.in | 19 ------------------- src/migration-scripts/system/28-to-29 | 3 +++ 3 files changed, 3 insertions(+), 32 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 67c062ab9..21bfbf822 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -49,16 +49,3 @@ $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }} {% endif %} {% endfor %} {% endif %} - -{% if user is defined and user is not none %} -# Log to user terminal -{% for username, user_options in user.items() %} -{% set tmp = [] %} -{% if user_options.facility is vyos_defined %} -{% for facility, facility_options in user_options.facility.items() %} -{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %} -{% endfor %} -{% endif %} -{{ tmp | join(';') }} :omusrmsg:{{ username }} -{% endfor %} -{% endif %} diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 1d5b3635f..df9536c3b 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -8,25 +8,6 @@ 400 - - - Logging to specific terminal of given user - - system login user - - - txt - Local user account - - - #include - - illegal characters in user - - - #include - - Logging to remote host diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index e12063fc4..b8439100a 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -27,3 +27,6 @@ def migrate(config: ConfigTree) -> None: if config.exists(base + ['file']): config.delete(base + ['file']) + + if config.exists(base + ['user']): + config.delete(base + ['user']) -- cgit v1.2.3 From 8784aaa6fbec978aa97cab09cfbf9894163a2b1b Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 8 Jan 2025 21:46:50 +0100 Subject: syslog: T6989: rename "host" to "remote" --- data/templates/rsyslog/rsyslog.conf.j2 | 14 +-- interface-definitions/system_syslog.xml.in | 2 +- smoketest/config-tests/basic-vyos | 8 +- smoketest/config-tests/bgp-azure-ipsec-gateway | 4 +- smoketest/config-tests/dialup-router-complex | 2 +- smoketest/config-tests/dialup-router-medium-vpn | 4 +- .../config-tests/dialup-router-wireguard-ipv6 | 2 +- smoketest/scripts/cli/test_system_syslog.py | 103 +++++++++++++-------- src/migration-scripts/system/28-to-29 | 9 ++ 9 files changed, 90 insertions(+), 58 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 21bfbf822..2e3d19afd 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -33,19 +33,19 @@ $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }} {{ tmp | join(';') }} /dev/console {% endif %} -{% if host is vyos_defined %} +{% if remote is vyos_defined %} # Remote logging -{% for host_name, host_options in host.items() %} +{% for remote_name, remote_options in remote.items() %} {% set tmp = [] %} -{% if host_options.facility is vyos_defined %} -{% for facility, facility_options in host_options.facility.items() %} +{% if remote_options.facility is vyos_defined %} +{% for facility, facility_options in remote_options.facility.items() %} {% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %} {% endfor %} {% endif %} -{% if host_options.protocol is vyos_defined('tcp') %} -{{ tmp | join(';') }} @@{{ '(o)' if host_options.format.octet_counted is vyos_defined }}{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.include_timezone is vyos_defined }} +{% if remote_options.protocol is vyos_defined('tcp') %} +{{ tmp | join(';') }} @@{{ '(o)' if remote_options.format.octet_counted is vyos_defined }}{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }} {% else %} -{{ tmp | join(';') }} @{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.include_timezone is vyos_defined }} +{{ tmp | join(';') }} @{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }} {% endif %} {% endfor %} {% endif %} diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index df9536c3b..68cb11423 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -8,7 +8,7 @@ 400 - + Logging to remote host diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos index 6ff28ec2e..b6bb6ac67 100644 --- a/smoketest/config-tests/basic-vyos +++ b/smoketest/config-tests/basic-vyos @@ -96,8 +96,8 @@ set system syslog global facility all level 'info' set system syslog global facility auth level 'info' set system syslog global facility local7 level 'debug' set system syslog global preserve-fqdn -set system syslog host syslog.vyos.net facility auth level 'warning' -set system syslog host syslog.vyos.net facility local7 level 'notice' -set system syslog host syslog.vyos.net format octet-counted -set system syslog host syslog.vyos.net port '8000' +set system syslog remote syslog.vyos.net facility auth level 'warning' +set system syslog remote syslog.vyos.net facility local7 level 'notice' +set system syslog remote syslog.vyos.net format octet-counted +set system syslog remote syslog.vyos.net port '8000' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway index bbd7b961f..91ec057a9 100644 --- a/smoketest/config-tests/bgp-azure-ipsec-gateway +++ b/smoketest/config-tests/bgp-azure-ipsec-gateway @@ -137,8 +137,8 @@ set system logs logrotate messages rotate '10' set system name-server '192.0.2.254' set system syslog global facility all level 'info' set system syslog global facility local7 level 'debug' -set system syslog host 10.0.9.188 facility all level 'info' -set system syslog host 10.0.9.188 protocol 'udp' +set system syslog remote 10.0.9.188 facility all level 'info' +set system syslog remote 10.0.9.188 protocol 'udp' set system time-zone 'Europe/Berlin' set vpn ipsec authentication psk peer_51-105-0-1 id '51.105.0.1' set vpn ipsec authentication psk peer_51-105-0-1 id '192.0.2.189' diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex index c693cc382..404bf342c 100644 --- a/smoketest/config-tests/dialup-router-complex +++ b/smoketest/config-tests/dialup-router-complex @@ -736,5 +736,5 @@ set system option reboot-on-panic set system option startup-beep set system syslog global facility all level 'debug' set system syslog global facility local7 level 'debug' -set system syslog host 172.16.100.1 facility all level 'warning' +set system syslog remote 172.16.100.1 facility all level 'warning' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn index d6b00c678..b7187887b 100644 --- a/smoketest/config-tests/dialup-router-medium-vpn +++ b/smoketest/config-tests/dialup-router-medium-vpn @@ -315,8 +315,8 @@ set system static-host-mapping host-name host109.vyos.net inet '192.168.0.109' set system sysctl parameter net.core.default_qdisc value 'fq' set system sysctl parameter net.ipv4.tcp_congestion_control value 'bbr' set system syslog global facility all level 'info' -set system syslog host 192.168.0.252 facility all level 'debug' -set system syslog host 192.168.0.252 protocol 'udp' +set system syslog remote 192.168.0.252 facility all level 'debug' +set system syslog remote 192.168.0.252 protocol 'udp' set system task-scheduler task Update-Blacklists executable path '/config/scripts/vyos-foo-update.script' set system task-scheduler task Update-Blacklists interval '3h' set system time-zone 'Pacific/Auckland' diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6 index 3e298fb82..e4b8bcac4 100644 --- a/smoketest/config-tests/dialup-router-wireguard-ipv6 +++ b/smoketest/config-tests/dialup-router-wireguard-ipv6 @@ -693,5 +693,5 @@ set system option reboot-on-panic set system option startup-beep set system syslog global facility all level 'debug' set system syslog global facility local7 level 'debug' -set system syslog host 172.16.100.1 facility all level 'warning' +set system syslog remote 172.16.100.1 facility all level 'warning' set system time-zone 'Europe/Berlin' diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index a86711119..961b7a6f4 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -53,31 +53,10 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): # Check for running process self.assertFalse(process_named_running(PROCESS_NAME)) - def test_syslog_basic(self): - host1 = '127.0.0.10' - host2 = '127.0.0.20' - - self.cli_set(base_path + ['host', host1, 'port', '999']) - self.cli_set(base_path + ['host', host1, 'facility', 'all', 'level', 'all']) - self.cli_set(base_path + ['host', host2, 'facility', 'kern', 'level', 'err']) + def test_syslog_console(self): self.cli_set(base_path + ['console', 'facility', 'all', 'level', 'warning']) - self.cli_commit() - # verify log level and facilities in config file - # *.warning /dev/console - # *.* @198.51.100.1:999 - # kern.err @192.0.2.1:514 - config = [ - get_config_value('\*.\*'), - get_config_value('kern.err'), - get_config_value('\*.warning'), - ] - expected = [f'@{host1}:999', f'@{host2}:514', '/dev/console'] - - for i in range(0, 3): - self.assertIn(expected[i], config[i]) - # Check for running process - self.assertTrue(process_named_running(PROCESS_NAME)) + self.assertIn('/dev/console', get_config_value('\*.warning')) def test_syslog_global(self): hostname = 'vyos123' @@ -100,32 +79,76 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): for e in expected: self.assertIn(e, config) - # Check for running process - self.assertTrue(process_named_running(PROCESS_NAME)) def test_syslog_remote(self): - rhost = '169.254.0.1' - default_port = default_value(base_path + ['host', rhost, 'port']) - - self.cli_set(base_path + ['global', 'facility', 'all', 'level', 'info']) - self.cli_set(base_path + ['global', 'facility', 'local7', 'level', 'debug']) - self.cli_set(base_path + ['host', rhost, 'facility', 'all', 'level', 'all']) - self.cli_set(base_path + ['host', rhost, 'protocol', 'tcp']) + rhosts = { + '169.254.0.1': { + 'facility': {'name' : 'auth', 'level': 'info'}, + 'protocol': 'udp', + }, + '169.254.0.2': { + 'port': '1514', + 'protocol': 'udp', + }, + '169.254.0.3': { + 'format': ['include-timezone', 'octet-counted'], + 'protocol': 'tcp', + }, + } + default_port = default_value(base_path + ['remote', next(iter(rhosts)), 'port']) + + for remote, remote_options in rhosts.items(): + remote_base = base_path + ['remote', remote] + + if 'port' in remote_options: + self.cli_set(remote_base + ['port', remote_options['port']]) + + if ('facility' in remote_options and + 'name' in remote_options['facility'] and + 'level' in remote_options['facility'] + ): + facility = remote_options['facility']['name'] + level = remote_options['facility']['level'] + self.cli_set(remote_base + ['facility', facility, 'level', level]) + + if 'format' in remote_options: + for format in remote_options['format']: + self.cli_set(remote_base + ['format', format]) + + if 'protocol' in remote_options: + protocol = remote_options['protocol'] + self.cli_set(remote_base + ['protocol', protocol]) self.cli_commit() config = read_file(RSYSLOG_CONF) - self.assertIn(f'*.* @@{rhost}:{default_port}', config) + for remote, remote_options in rhosts.items(): + tmp = ' ' + if ('facility' in remote_options and + 'name' in remote_options['facility'] and + 'level' in remote_options['facility'] + ): + facility = remote_options['facility']['name'] + level = remote_options['facility']['level'] + tmp = f'{facility}.{level} ' - # Change default port and enable "octet-counting" mode - port = '10514' - self.cli_set(base_path + ['host', rhost, 'port', port]) - self.cli_set(base_path + ['host', rhost, 'format', 'octet-counted']) - self.cli_commit() + tmp += '@' + if 'protocol' in remote_options and remote_options['protocol'] == 'tcp': + tmp += '@' - config = read_file(RSYSLOG_CONF) - self.assertIn(f'*.* @@(o){rhost}:{port}', config) + if 'format' in remote_options and 'octet-counted' in remote_options['format']: + tmp += '(o)' + + port = default_port + if 'port' in remote_options: + port = remote_options['port'] + + tmp += f'{remote}:{port}' + + if 'format' in remote_options and 'include-timezone' in remote_options['format']: + tmp += ';RSYSLOG_SyslogProtocol23Format' + self.assertIn(tmp, config) if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index b8439100a..2f55d425a 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -30,3 +30,12 @@ def migrate(config: ConfigTree) -> None: if config.exists(base + ['user']): config.delete(base + ['user']) + + # rename host -> remote + if config.exists(base + ['host']): + config.set(base + ['remote']) + config.set_tag(base + ['remote']) + for remote in config.list_nodes(base + ['host']): + config.copy(base + ['host', remote], base + ['remote', remote]) + config.set_tag(base + ['remote']) + config.delete(base + ['host']) -- cgit v1.2.3 From e143e496e28b9d6d5803278fa76a14bf2bc2304e Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 13 Jan 2025 19:36:41 +0100 Subject: syslog: T6989: convert old configuration format to "advanced" --- data/templates/rsyslog/override.conf.j2 | 11 -- data/templates/rsyslog/rsyslog.conf.j2 | 125 +++++++++++++---- debian/vyos-1x.install | 1 - interface-definitions/system_syslog.xml.in | 17 ++- smoketest/scripts/cli/test_system_syslog.py | 151 ++++++++++++++------- src/conf_mode/system_option.py | 2 +- src/conf_mode/system_syslog.py | 14 +- src/etc/rsyslog.conf | 67 --------- .../systemd/system/rsyslog.service.d/override.conf | 10 ++ src/migration-scripts/system/28-to-29 | 7 +- 10 files changed, 235 insertions(+), 170 deletions(-) delete mode 100644 data/templates/rsyslog/override.conf.j2 delete mode 100644 src/etc/rsyslog.conf create mode 100644 src/etc/systemd/system/rsyslog.service.d/override.conf diff --git a/data/templates/rsyslog/override.conf.j2 b/data/templates/rsyslog/override.conf.j2 deleted file mode 100644 index 5f6a87edf..000000000 --- a/data/templates/rsyslog/override.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %} -[Unit] -StartLimitIntervalSec=0 - -[Service] -ExecStart= -ExecStart={{ vrf_command }}/usr/sbin/rsyslogd -n -iNONE -Restart=always -RestartPreventExitStatus= -RestartSec=10 -RuntimeDirectoryPreserve=yes diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 2e3d19afd..efb23ca7d 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -1,51 +1,126 @@ ### Autogenerated by system_syslog.py ### +#### MODULES #### +# Load input modules for local logging and kernel logging + +# Old-style log file format with low-precision timestamps +# A modern-style logfile format with high-precision timestamps and timezone info +# RSYSLOG_FileFormat +module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat") +module(load="imuxsock") # provides support for local system logging +module(load="imklog") # provides kernel logging support + +# Import logs from journald +module( + load="imjournal" + StateFile="/var/spool/rsyslog/imjournal.state" # Persistent state file to track the journal cursor + Ratelimit.Interval="0" # Disable rate limiting (set to "0" for no limit) + RateLimit.Burst="0" +) + +#### GLOBAL DIRECTIVES #### +### TODO - remove +# Filter duplicated messages +# https://www.rsyslog.com/doc/configuration/action/rsconf1_repeatedmsgreduction.html +$RepeatedMsgReduction on + +########################################## +#### AUTH.LOG CHANNEL AND LOGGING RULES #### +########################################## + +# Log specific programs to auth.log, then stop further processing +if ( + $programname == "CRON" or + $programname == "sudo" or + $programname == "su" +) then { + action(type="omfile" file="/var/log/auth.log") + stop +} + +global(workDirectory="/var/spool/rsyslog") + +############### +#### RULES #### +############### + +# Send emergency messages to all logged-in users +*.emerg action(type="omusrmsg" users="*") + {% if global.marker is vyos_defined %} -$ModLoad immark -{% if global.marker.interval is vyos_defined %} -$MarkMessagePeriod {{ global.marker.interval }} -{% endif %} +# Load the immark module for periodic --MARK-- message capability +module(load="immark" interval="{{ global.marker.interval }}") {% endif %} {% if global.preserve_fqdn is vyos_defined %} -$PreserveFQDN on +# Preserve the fully qualified domain name (FQDN) in log messages +global(preserveFQDN="on") {% endif %} - {% if global.local_host_name is vyos_defined %} -$LocalHostName {{ global.local_host_name }} +# Set the local hostname for log messages +global(localHostname="{{ global.local_host_name }}") {% endif %} -# We always log to /var/log/messages -$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }} +#### GLOBAL LOGGING #### {% if global.facility is vyos_defined %} {% set tmp = [] %} -{% for facility, facility_options in global.facility.items() %} -{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %} -{% endfor %} -{{ tmp | join(';') }} :omfile:$global +{% if global.facility is vyos_defined %} +{% for facility, facility_options in global.facility.items() %} +{% set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %} +{% endfor %} +if prifilt("{{ tmp | join(',') }}") then { + action( + type="omfile" + file="/var/log/messages" + queue.size="262144" + rotation.sizeLimitCommand="/usr/sbin/logrotate {{ logrotate }}" + ) +} +{% endif %} {% endif %} +#### CONSOLE LOGGING #### {% if console.facility is vyos_defined %} -# Console logging {% set tmp = [] %} -{% for facility, facility_options in console.facility.items() %} -{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %} -{% endfor %} -{{ tmp | join(';') }} /dev/console +{% if console.facility is vyos_defined %} +{% for facility, facility_options in console.facility.items() %} +{% set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %} +{% endfor %} +if prifilt("{{ tmp | join(',') }}") then { + action(type="omfile" file="/dev/console") +} +{% endif %} {% endif %} +#### REMOTE LOGGING #### {% if remote is vyos_defined %} -# Remote logging {% for remote_name, remote_options in remote.items() %} {% set tmp = [] %} {% if remote_options.facility is vyos_defined %} {% for facility, facility_options in remote_options.facility.items() %} -{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %} +{% set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %} {% endfor %} -{% endif %} -{% if remote_options.protocol is vyos_defined('tcp') %} -{{ tmp | join(';') }} @@{{ '(o)' if remote_options.format.octet_counted is vyos_defined }}{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }} -{% else %} -{{ tmp | join(';') }} @{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }} +{% set _ = tmp.sort() %} +# Remote syslog to {{ remote_name }} +if prifilt("{{ tmp | join(',') }}") then { + action( + type="omfwd" + # Remote syslog server where we send our logs to + target="{{ remote_name | bracketize_ipv6 }}" + # Port on the remote syslog server + port="{{ remote_options.port }}" + protocol="{{ remote_options.protocol }}" +{% if remote_options.format.include_timezone is vyos_defined %} + template="SyslogProtocol23Format" +{% endif %} + TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}" +{% if vrf is vyos_defined %} + Device="{{ vrf }}" +{% endif %} + ) +} {% endif %} {% endfor %} {% endif %} + +# Include all configuration files in /etc/rsyslog.d/ +include(file="/etc/rsyslog.d/*.conf") diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install index 5fcff959a..4e312a648 100644 --- a/debian/vyos-1x.install +++ b/debian/vyos-1x.install @@ -9,7 +9,6 @@ etc/netplug etc/opennhrp etc/modprobe.d etc/ppp -etc/rsyslog.conf etc/securetty etc/security etc/skel diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 68cb11423..acc7b4747 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -10,7 +10,7 @@ - Logging to remote host + Log to remote host @@ -59,21 +59,26 @@ - Logging to system standard location + Log to standard system location /var/log/messages #include - mark messages sent to syslog + Mark messages sent to syslog - time interval how often a mark message is being sent in seconds + Mark message interval + + u32:1-65535 + Time in seconds + - + + Port number must be in range 1 to 86400 1200 @@ -89,7 +94,7 @@ - logging to serial console + Log to system console (/dev/console) #include diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index 961b7a6f4..de2e9b260 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2019-2024 VyOS maintainers and contributors +# Copyright (C) 2019-2025 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,18 +20,24 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM from vyos.utils.file import read_file +from vyos.utils.process import cmd from vyos.utils.process import process_named_running from vyos.xml_ref import default_value PROCESS_NAME = 'rsyslogd' -RSYSLOG_CONF = '/etc/rsyslog.d/00-vyos.conf' +RSYSLOG_CONF = '/run/rsyslog/rsyslog.conf' base_path = ['system', 'syslog'] -def get_config_value(key): - tmp = read_file(RSYSLOG_CONF) - tmp = re.findall(r'\n?{}\s+(.*)'.format(key), tmp) - return tmp[0] +def get_config(string=''): + """ + Retrieve current "running configuration" from FRR + string: search for a specific start string in the configuration + """ + command = 'cat /run/rsyslog/rsyslog.conf' + if string: + command += f' | sed -n "/^{string}$/,/}}/p"' # }} required to escape } in f-string + return cmd(command) class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): @classmethod @@ -53,37 +59,72 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): # Check for running process self.assertFalse(process_named_running(PROCESS_NAME)) - def test_syslog_console(self): - self.cli_set(base_path + ['console', 'facility', 'all', 'level', 'warning']) + def test_console(self): + level = 'warning' + self.cli_set(base_path + ['console', 'facility', 'all', 'level', level]) self.cli_commit() - self.assertIn('/dev/console', get_config_value('\*.warning')) - def test_syslog_global(self): + rsyslog_conf = get_config() + config = [ + f'if prifilt("*.{level}") then {{', # {{ required to escape { in f-string + 'action(type="omfile" file="/dev/console")', + ] + for tmp in config: + self.assertIn(tmp, rsyslog_conf) + + def test_global(self): hostname = 'vyos123' - domainname = 'example.local' + domain_name = 'example.local' + default_marker_interval = default_value(base_path + ['global', + 'marker', 'interval']) + + facility = { + 'auth': {'level': 'info'}, + 'kern': {'level': 'debug'}, + 'all': {'level': 'notice'}, + } + self.cli_set(['system', 'host-name', hostname]) - self.cli_set(['system', 'domain-name', domainname]) - self.cli_set(base_path + ['global', 'marker', 'interval', '600']) + self.cli_set(['system', 'domain-name', domain_name]) self.cli_set(base_path + ['global', 'preserve-fqdn']) - self.cli_set(base_path + ['global', 'facility', 'kern', 'level', 'err']) + + for tmp, tmp_options in facility.items(): + level = tmp_options['level'] + self.cli_set(base_path + ['global', 'facility', tmp, 'level', level]) self.cli_commit() - config = read_file(RSYSLOG_CONF) + config = get_config('') expected = [ - '$MarkMessagePeriod 600', - '$PreserveFQDN on', - 'kern.err', - f'$LocalHostName {hostname}.{domainname}', + f'module(load="immark" interval="{default_marker_interval}")', + 'global(preserveFQDN="on")', + f'global(localHostname="{hostname}.{domain_name}")', ] - for e in expected: self.assertIn(e, config) - def test_syslog_remote(self): + config = get_config('#### GLOBAL LOGGING ####') + prifilt = [] + for tmp, tmp_options in facility.items(): + if tmp == 'all': + tmp = '*' + level = tmp_options['level'] + prifilt.append(f'{tmp}.{level}') + + prifilt.sort() + prifilt = ','.join(prifilt) + + self.assertIn(f'if prifilt("{prifilt}") then {{', config) + self.assertIn( ' action(', config) + self.assertIn( ' type="omfile"', config) + self.assertIn( ' file="/var/log/messages"', config) + self.assertIn( ' queue.size="262144"', config) + self.assertIn( ' rotation.sizeLimitCommand="/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog"', config) + + def test_remote(self): rhosts = { '169.254.0.1': { - 'facility': {'name' : 'auth', 'level': 'info'}, + 'facility': {'auth' : {'level': 'info'}}, 'protocol': 'udp', }, '169.254.0.2': { @@ -91,11 +132,17 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): 'protocol': 'udp', }, '169.254.0.3': { + 'facility': {'auth' : {'level': 'info'}, + 'kern' : {'level': 'debug'}, + 'all' : {'level': 'notice'}, + }, 'format': ['include-timezone', 'octet-counted'], 'protocol': 'tcp', + 'port': '10514', }, } default_port = default_value(base_path + ['remote', next(iter(rhosts)), 'port']) + default_protocol = default_value(base_path + ['remote', next(iter(rhosts)), 'protocol']) for remote, remote_options in rhosts.items(): remote_base = base_path + ['remote', remote] @@ -103,13 +150,10 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): if 'port' in remote_options: self.cli_set(remote_base + ['port', remote_options['port']]) - if ('facility' in remote_options and - 'name' in remote_options['facility'] and - 'level' in remote_options['facility'] - ): - facility = remote_options['facility']['name'] - level = remote_options['facility']['level'] - self.cli_set(remote_base + ['facility', facility, 'level', level]) + if 'facility' in remote_options: + for facility, facility_options in remote_options['facility'].items(): + level = facility_options['level'] + self.cli_set(remote_base + ['facility', facility, 'level', level]) if 'format' in remote_options: for format in remote_options['format']: @@ -123,32 +167,43 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): config = read_file(RSYSLOG_CONF) for remote, remote_options in rhosts.items(): - tmp = ' ' - if ('facility' in remote_options and - 'name' in remote_options['facility'] and - 'level' in remote_options['facility'] - ): - facility = remote_options['facility']['name'] - level = remote_options['facility']['level'] - tmp = f'{facility}.{level} ' - - tmp += '@' - if 'protocol' in remote_options and remote_options['protocol'] == 'tcp': - tmp += '@' - - if 'format' in remote_options and 'octet-counted' in remote_options['format']: - tmp += '(o)' + config = get_config(f'# Remote syslog to {remote}') + prifilt = [] + if 'facility' in remote_options: + for facility, facility_options in remote_options['facility'].items(): + level = facility_options['level'] + if facility == 'all': + facility = '*' + prifilt.append(f'{facility}.{level}') + + prifilt.sort() + prifilt = ','.join(prifilt) + if not prifilt: + # Skip test - as we do not render anything if no facility is set + continue + + self.assertIn(f'if prifilt("{prifilt}") then {{', config) + self.assertIn( ' type="omfwd"', config) + self.assertIn(f' target="{remote}"', config) port = default_port if 'port' in remote_options: port = remote_options['port'] + self.assertIn(f'port="{port}"', config) - tmp += f'{remote}:{port}' + protocol = default_protocol + if 'protocol' in remote_options: + protocol = remote_options['protocol'] + self.assertIn(f'protocol="{protocol}"', config) - if 'format' in remote_options and 'include-timezone' in remote_options['format']: - tmp += ';RSYSLOG_SyslogProtocol23Format' + if 'format' in remote_options: + if 'include-timezone' in remote_options['format']: + self.assertIn( ' template="SyslogProtocol23Format"', config) - self.assertIn(tmp, config) + if 'octet-counted' in remote_options['format']: + self.assertIn( ' TCP_Framing="octed-counted"', config) + else: + self.assertIn( ' TCP_Framing="traditional"', config) if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py index e2832cde6..064a1aa91 100755 --- a/src/conf_mode/system_option.py +++ b/src/conf_mode/system_option.py @@ -86,7 +86,7 @@ def verify(options): if 'source_address' in config: if not is_addr_assigned(config['source_address']): - raise ConfigError('No interface with give address specified!') + raise ConfigError('No interface with given address specified!') if 'ssh_client' in options: config = options['ssh_client'] diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py index eb2f02eb3..78840a5f5 100755 --- a/src/conf_mode/system_syslog.py +++ b/src/conf_mode/system_syslog.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2024 VyOS maintainers and contributors +# Copyright (C) 2018-2025 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -22,15 +22,15 @@ from vyos.base import Warning from vyos.config import Config from vyos.configdict import is_node_changed from vyos.configverify import verify_vrf +from vyos.utils.network import is_addr_assigned from vyos.utils.process import call from vyos.template import render from vyos import ConfigError from vyos import airbag airbag.enable() -rsyslog_conf = '/etc/rsyslog.d/00-vyos.conf' +rsyslog_conf = '/run/rsyslog/rsyslog.conf' logrotate_conf = '/etc/logrotate.d/vyos-rsyslog' -systemd_override = r'/run/systemd/system/rsyslog.service.d/override.conf' def get_config(config=None): if config: @@ -70,8 +70,8 @@ def verify(syslog): if not syslog: return None - if 'host' in syslog: - for host, host_options in syslog['host'].items(): + if 'remote' in syslog: + for host, host_options in syslog['remote'].items(): if 'protocol' in host_options and host_options['protocol'] == 'udp': if 'format' in host_options and 'octet_counted' in host_options['format']: Warning(f'Syslog UDP transport for "{host}" should not use octet-counted format!') @@ -88,11 +88,7 @@ def generate(syslog): return None render(rsyslog_conf, 'rsyslog/rsyslog.conf.j2', syslog) - render(systemd_override, 'rsyslog/override.conf.j2', syslog) render(logrotate_conf, 'rsyslog/logrotate.j2', syslog) - - # Reload systemd manager configuration - call('systemctl daemon-reload') return None def apply(syslog): diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf deleted file mode 100644 index b3f41acb6..000000000 --- a/src/etc/rsyslog.conf +++ /dev/null @@ -1,67 +0,0 @@ -################# -#### MODULES #### -################# - -$ModLoad imuxsock # provides support for local system logging -$ModLoad imklog # provides kernel logging support (previously done by rklogd) -#$ModLoad immark # provides --MARK-- message capability - -$OmitLocalLogging off -$SystemLogSocketName /run/systemd/journal/syslog - -$KLogPath /proc/kmsg - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# Use traditional timestamp format. -# To enable high precision timestamps, comment out the following line. -# A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information -#$ActionFileDefaultTemplate RSYSLOG_FileFormat -# The "old style" default log file format with low-precision timestamps -$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat - -# Filter duplicated messages -$RepeatedMsgReduction on - -# -# Set the default permissions for all log files. -# -$FileOwner root -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 - -# -# Stop excessive logging of sudo -# -:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" stop -:msg, contains, "pam_unix(sudo:session): session closed for user root" stop - -# -# Include all config files in /etc/rsyslog.d/ -# -$IncludeConfig /etc/rsyslog.d/*.conf - -# The lines below cause all listed daemons/processes to be logged into -# /var/log/auth.log, then drops the message so it does not also go to the -# regular syslog so that messages are not duplicated - -$outchannel auth_log,/var/log/auth.log -if $programname == 'CRON' or - $programname == 'sudo' or - $programname == 'su' - then :omfile:$auth_log - -if $programname == 'CRON' or - $programname == 'sudo' or - $programname == 'su' - then stop - -############### -#### RULES #### -############### -# Emergencies are sent to everybody logged in. -*.emerg :omusrmsg:* \ No newline at end of file diff --git a/src/etc/systemd/system/rsyslog.service.d/override.conf b/src/etc/systemd/system/rsyslog.service.d/override.conf new file mode 100644 index 000000000..665b994d9 --- /dev/null +++ b/src/etc/systemd/system/rsyslog.service.d/override.conf @@ -0,0 +1,10 @@ +[Unit] +StartLimitIntervalSec=0 + +[Service] +ExecStart= +ExecStart=/usr/sbin/rsyslogd -n -iNONE -f /run/rsyslog/rsyslog.conf +Restart=always +RestartPreventExitStatus= +RestartSec=10 +RuntimeDirectoryPreserve=yes diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index 2f55d425a..1addad035 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -16,6 +16,7 @@ # T6989: # - remove syslog arbitrary file logging # - remove syslog user console logging +# - rename "host" to "remote" from vyos.configtree import ConfigTree @@ -24,14 +25,16 @@ base = ['system', 'syslog'] def migrate(config: ConfigTree) -> None: if not config.exists(base): return - + # Drop support for custom file logging if config.exists(base + ['file']): config.delete(base + ['file']) + # Drop support for logging to a user tty + # This should be dynamically added via an op-mode command like "terminal monitor" if config.exists(base + ['user']): config.delete(base + ['user']) - # rename host -> remote + # Rename host x.x.x.x -> remote x.x.x.x if config.exists(base + ['host']): config.set(base + ['remote']) config.set_tag(base + ['remote']) -- cgit v1.2.3 From 04d296a3446fa8488add17ce1ec7931d43c4a4d0 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 13 Jan 2025 19:39:50 +0100 Subject: syslog: T6989: add new source-address CLI option for outgoing connections --- data/templates/rsyslog/rsyslog.conf.j2 | 4 ++++ interface-definitions/system_syslog.xml.in | 1 + src/conf_mode/system_syslog.py | 7 +++++++ 3 files changed, 12 insertions(+) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index efb23ca7d..779ae8d04 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -113,6 +113,10 @@ if prifilt("{{ tmp | join(',') }}") then { template="SyslogProtocol23Format" {% endif %} TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}" +{% if source_address is vyos_defined %} + # Sender IP address + Address="{{ source_address }}" +{% endif %} {% if vrf is vyos_defined %} Device="{{ vrf }}" {% endif %} diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index acc7b4747..f47a95f09 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -100,6 +100,7 @@ #include + #include #include diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py index 78840a5f5..ce806a540 100755 --- a/src/conf_mode/system_syslog.py +++ b/src/conf_mode/system_syslog.py @@ -78,6 +78,13 @@ def verify(syslog): verify_vrf(syslog) + if 'source_address' in syslog: + syslog_vrf = None + if 'vrf' in syslog: + syslog_vrf = syslog['vrf'] + if not is_addr_assigned(syslog['source_address'], syslog_vrf): + raise ConfigError('No interface with given address specified!') + def generate(syslog): if not syslog: if os.path.exists(rsyslog_conf): -- cgit v1.2.3 From 20ab585a68982c4635c4e5a1ee5bbcc219feaebc Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 15 Jan 2025 20:38:43 +0100 Subject: syslog: T6989: move up "global preserve-fqdn" one level in CLI Move "global preserve-fqdn" one CLI level up, as it relates to all logging targets (console, global and remote). --- data/templates/rsyslog/rsyslog.conf.j2 | 8 ++++---- interface-definitions/system_syslog.xml.in | 24 ++++++++++++------------ smoketest/config-tests/basic-vyos | 2 +- smoketest/config-tests/bgp-big-as-cloud | 2 +- smoketest/scripts/cli/test_system_syslog.py | 2 +- src/conf_mode/system_syslog.py | 23 +++++++++++++---------- src/migration-scripts/system/28-to-29 | 7 +++++++ 7 files changed, 39 insertions(+), 29 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 779ae8d04..bc98329b2 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -51,13 +51,13 @@ global(workDirectory="/var/spool/rsyslog") # Load the immark module for periodic --MARK-- message capability module(load="immark" interval="{{ global.marker.interval }}") {% endif %} -{% if global.preserve_fqdn is vyos_defined %} +{% if preserve_fqdn is vyos_defined %} # Preserve the fully qualified domain name (FQDN) in log messages global(preserveFQDN="on") -{% endif %} -{% if global.local_host_name is vyos_defined %} +{% if preserve_fqdn.host_name is vyos_defined and preserve_fqdn.domain_name is vyos_defined %} # Set the local hostname for log messages -global(localHostname="{{ global.local_host_name }}") +global(localHostname="{{ preserve_fqdn.host_name }}.{{ preserve_fqdn.domain_name }}") +{% endif %} {% endif %} #### GLOBAL LOGGING #### diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index f47a95f09..09cfd3dd4 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -8,6 +8,14 @@ 400 + + + Log to system console (/dev/console) + + + #include + + Log to remote host @@ -84,22 +92,14 @@ - - - uses FQDN for logging - - - - + - Log to system console (/dev/console) + Always include domain portion in hostname + - - #include - - + #include #include diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos index b6bb6ac67..eaa61c56d 100644 --- a/smoketest/config-tests/basic-vyos +++ b/smoketest/config-tests/basic-vyos @@ -95,7 +95,7 @@ set system syslog console facility mail level 'info' set system syslog global facility all level 'info' set system syslog global facility auth level 'info' set system syslog global facility local7 level 'debug' -set system syslog global preserve-fqdn +set system syslog preserve-fqdn set system syslog remote syslog.vyos.net facility auth level 'warning' set system syslog remote syslog.vyos.net facility local7 level 'notice' set system syslog remote syslog.vyos.net format octet-counted diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud index d6c17b3d2..ff7549957 100644 --- a/smoketest/config-tests/bgp-big-as-cloud +++ b/smoketest/config-tests/bgp-big-as-cloud @@ -848,5 +848,5 @@ set system sflow interface 'eth0.4088' set system sflow interface 'eth0.4089' set system sflow server 1.2.3.4 port '1234' set system syslog global facility all level 'all' -set system syslog global preserve-fqdn +set system syslog preserve-fqdn set system time-zone 'Europe/Zurich' diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index de2e9b260..b1aaa53a5 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -86,7 +86,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): self.cli_set(['system', 'host-name', hostname]) self.cli_set(['system', 'domain-name', domain_name]) - self.cli_set(base_path + ['global', 'preserve-fqdn']) + self.cli_set(base_path + ['preserve-fqdn']) for tmp, tmp_options in facility.items(): level = tmp_options['level'] diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py index ce806a540..6f6546fd1 100755 --- a/src/conf_mode/system_syslog.py +++ b/src/conf_mode/system_syslog.py @@ -53,16 +53,13 @@ def get_config(config=None): if syslog.from_defaults(['global']): del syslog['global'] - if ( - 'global' in syslog - and 'preserve_fqdn' in syslog['global'] - and conf.exists(['system', 'host-name']) - and conf.exists(['system', 'domain-name']) - ): - hostname = conf.return_value(['system', 'host-name']) - domain = conf.return_value(['system', 'domain-name']) - fqdn = f'{hostname}.{domain}' - syslog['global']['local_host_name'] = fqdn + if 'preserve_fqdn' in syslog: + if conf.exists(['system', 'host-name']): + tmp = conf.return_value(['system', 'host-name']) + syslog['preserve_fqdn']['host_name'] = tmp + if conf.exists(['system', 'domain-name']): + tmp = conf.return_value(['system', 'domain-name']) + syslog['preserve_fqdn']['domain_name'] = tmp return syslog @@ -70,6 +67,12 @@ def verify(syslog): if not syslog: return None + if 'preserve_fqdn' in syslog: + if 'host_name' not in syslog['preserve_fqdn']: + Warning('No "system host-name" defined - cannot set syslog FQDN!') + if 'domain_name' not in syslog['preserve_fqdn']: + Warning('No "system domain-name" defined - cannot set syslog FQDN!') + if 'remote' in syslog: for host, host_options in syslog['remote'].items(): if 'protocol' in host_options and host_options['protocol'] == 'udp': diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index 1addad035..dadfc994a 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -16,6 +16,7 @@ # T6989: # - remove syslog arbitrary file logging # - remove syslog user console logging +# - move "global preserve-fqdn" one CLI level up # - rename "host" to "remote" from vyos.configtree import ConfigTree @@ -34,6 +35,12 @@ def migrate(config: ConfigTree) -> None: if config.exists(base + ['user']): config.delete(base + ['user']) + # Move "global preserve-fqdn" one CLI level up, as it relates to all + # logging targets (console, global and remote) + if config.exists(base + ['global', 'preserve-fqdn']): + config.delete(base + ['global', 'preserve-fqdn']) + config.set(base + ['preserve-fqdn']) + # Rename host x.x.x.x -> remote x.x.x.x if config.exists(base + ['host']): config.set(base + ['remote']) -- cgit v1.2.3 From b9c43b19acb6f649bb6f64c75ab63df768e360c9 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 15 Jan 2025 20:45:42 +0100 Subject: syslog: T6989: move up "global marker" one level in CLI --- data/templates/rsyslog/rsyslog.conf.j2 | 4 +-- interface-definitions/system_syslog.xml.in | 38 ++++++++++++++--------------- smoketest/config-tests/basic-vyos | 1 + smoketest/configs/basic-vyos | 3 +++ smoketest/scripts/cli/test_system_syslog.py | 3 +-- src/migration-scripts/system/28-to-29 | 7 ++++++ 6 files changed, 33 insertions(+), 23 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index bc98329b2..26d62a23f 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -47,9 +47,9 @@ global(workDirectory="/var/spool/rsyslog") # Send emergency messages to all logged-in users *.emerg action(type="omusrmsg" users="*") -{% if global.marker is vyos_defined %} +{% if marker is vyos_defined %} # Load the immark module for periodic --MARK-- message capability -module(load="immark" interval="{{ global.marker.interval }}") +module(load="immark" interval="{{ marker.interval }}") {% endif %} {% if preserve_fqdn is vyos_defined %} # Preserve the fully qualified domain name (FQDN) in log messages diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 09cfd3dd4..1ee5a7687 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -71,27 +71,27 @@ #include - + + + + + Mark messages sent to syslog + + + - Mark messages sent to syslog + Mark message interval + + u32:1-65535 + Time in seconds + + + + + Port number must be in range 1 to 86400 - - - - Mark message interval - - u32:1-65535 - Time in seconds - - - - - Port number must be in range 1 to 86400 - - 1200 - - - + 1200 + diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos index eaa61c56d..94a4d139e 100644 --- a/smoketest/config-tests/basic-vyos +++ b/smoketest/config-tests/basic-vyos @@ -95,6 +95,7 @@ set system syslog console facility mail level 'info' set system syslog global facility all level 'info' set system syslog global facility auth level 'info' set system syslog global facility local7 level 'debug' +set system syslog marker interval '1000' set system syslog preserve-fqdn set system syslog remote syslog.vyos.net facility auth level 'warning' set system syslog remote syslog.vyos.net facility local7 level 'notice' diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos index 242f3d1de..527e620da 100644 --- a/smoketest/configs/basic-vyos +++ b/smoketest/configs/basic-vyos @@ -236,6 +236,9 @@ system { facility security { level info } + marker { + interval 1000 + } preserve-fqdn } host syslog.vyos.net { diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index b1aaa53a5..1233bf12b 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -75,8 +75,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): def test_global(self): hostname = 'vyos123' domain_name = 'example.local' - default_marker_interval = default_value(base_path + ['global', - 'marker', 'interval']) + default_marker_interval = default_value(base_path + ['marker', 'interval']) facility = { 'auth': {'level': 'info'}, diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index dadfc994a..9716e9e90 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -41,6 +41,13 @@ def migrate(config: ConfigTree) -> None: config.delete(base + ['global', 'preserve-fqdn']) config.set(base + ['preserve-fqdn']) + # Move "global marker" one CLI level up, as it relates to all + # logging targets (console, global and remote) + marker_base = base + ['global', 'marker'] + if config.exists(marker_base): + config.copy(marker_base, base + ['marker']) + config.delete(marker_base) + # Rename host x.x.x.x -> remote x.x.x.x if config.exists(base + ['host']): config.set(base + ['remote']) -- cgit v1.2.3 From 211bc4a767564d1eb28b431e1529eb719bb721a9 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 22 Jan 2025 20:52:52 +0100 Subject: syslog: T6989: rename "global" to "local" The previously "global" options actually were only relevant for the local logging to /var/log/messages. --- data/templates/rsyslog/rsyslog.conf.j2 | 6 +++--- interface-definitions/system_syslog.xml.in | 2 +- smoketest/config-tests/basic-api-service | 4 ++-- smoketest/config-tests/basic-vyos | 7 ++++--- smoketest/config-tests/basic-vyos-no-ntp | 4 ++-- smoketest/config-tests/bgp-azure-ipsec-gateway | 4 ++-- smoketest/config-tests/bgp-bfd-communities | 4 ++-- smoketest/config-tests/bgp-big-as-cloud | 2 +- smoketest/config-tests/bgp-dmvpn-hub | 4 ++-- smoketest/config-tests/bgp-dmvpn-spoke | 4 ++-- smoketest/config-tests/bgp-evpn-l2vpn-leaf | 4 ++-- smoketest/config-tests/bgp-evpn-l2vpn-spine | 4 ++-- smoketest/config-tests/bgp-evpn-l3vpn-pe-router | 4 ++-- smoketest/config-tests/bgp-medium-confederation | 4 ++-- smoketest/config-tests/bgp-rpki | 4 ++-- smoketest/config-tests/bgp-small-internet-exchange | 4 ++-- smoketest/config-tests/bgp-small-ipv4-unicast | 4 ++-- smoketest/config-tests/cluster-basic | 4 ++-- smoketest/config-tests/dialup-router-complex | 4 ++-- smoketest/config-tests/dialup-router-medium-vpn | 2 +- smoketest/config-tests/dialup-router-wireguard-ipv6 | 4 ++-- smoketest/config-tests/egp-igp-route-maps | 2 +- smoketest/config-tests/igmp-pim-small | 4 ++-- smoketest/config-tests/ipoe-server | 4 ++-- smoketest/config-tests/ipv6-disable | 4 ++-- smoketest/config-tests/isis-small | 4 ++-- smoketest/config-tests/nat-basic | 4 ++-- smoketest/config-tests/ospf-simple | 4 ++-- smoketest/config-tests/ospf-small | 4 ++-- smoketest/config-tests/pppoe-server | 4 ++-- smoketest/config-tests/qos-basic | 4 ++-- smoketest/config-tests/rip-router | 4 ++-- smoketest/config-tests/rpki-only | 4 ++-- smoketest/config-tests/static-route-basic | 4 ++-- smoketest/config-tests/tunnel-broker | 4 ++-- smoketest/config-tests/vpn-openconnect-sstp | 4 ++-- smoketest/config-tests/vrf-basic | 4 ++-- smoketest/config-tests/vrf-bgp-pppoe-underlay | 4 ++-- smoketest/config-tests/vrf-ospf | 4 ++-- smoketest/config-tests/wireless-basic | 4 ++-- smoketest/configs/basic-vyos | 1 + smoketest/scripts/cli/test_system_syslog.py | 2 +- src/conf_mode/system_syslog.py | 4 ++-- src/migration-scripts/system/28-to-29 | 10 ++++++++-- 44 files changed, 91 insertions(+), 83 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 26d62a23f..c2cb8a1ca 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -61,10 +61,10 @@ global(localHostname="{{ preserve_fqdn.host_name }}.{{ preserve_fqdn.domain_name {% endif %} #### GLOBAL LOGGING #### -{% if global.facility is vyos_defined %} +{% if local.facility is vyos_defined %} {% set tmp = [] %} -{% if global.facility is vyos_defined %} -{% for facility, facility_options in global.facility.items() %} +{% if local.facility is vyos_defined %} +{% for facility, facility_options in local.facility.items() %} {% set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %} {% endfor %} if prifilt("{{ tmp | join(',') }}") then { diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 1ee5a7687..0dbf5d497 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -65,7 +65,7 @@ - + Log to standard system location /var/log/messages diff --git a/smoketest/config-tests/basic-api-service b/smoketest/config-tests/basic-api-service index 3f796f35d..ca10cf4e9 100644 --- a/smoketest/config-tests/basic-api-service +++ b/smoketest/config-tests/basic-api-service @@ -24,5 +24,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos index 94a4d139e..4793e069e 100644 --- a/smoketest/config-tests/basic-vyos +++ b/smoketest/config-tests/basic-vyos @@ -92,13 +92,14 @@ set system login user vyos authentication plaintext-password '' set system name-server '192.168.0.1' set system syslog console facility all level 'emerg' set system syslog console facility mail level 'info' -set system syslog global facility all level 'info' -set system syslog global facility auth level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility auth level 'info' +set system syslog local facility local7 level 'debug' set system syslog marker interval '1000' set system syslog preserve-fqdn set system syslog remote syslog.vyos.net facility auth level 'warning' set system syslog remote syslog.vyos.net facility local7 level 'notice' set system syslog remote syslog.vyos.net format octet-counted set system syslog remote syslog.vyos.net port '8000' +set system syslog remote syslog.vyos.net protocol 'tcp' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/basic-vyos-no-ntp b/smoketest/config-tests/basic-vyos-no-ntp index a18260108..f00dea5d4 100644 --- a/smoketest/config-tests/basic-vyos-no-ntp +++ b/smoketest/config-tests/basic-vyos-no-ntp @@ -48,6 +48,6 @@ set system host-name 'no-ntp' set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' set system login user vyos authentication plaintext-password '' set system name-server '172.16.254.30' -set system syslog global facility all level 'debug' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'debug' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway index 91ec057a9..0d683c921 100644 --- a/smoketest/config-tests/bgp-azure-ipsec-gateway +++ b/smoketest/config-tests/bgp-azure-ipsec-gateway @@ -135,8 +135,8 @@ set system login user vyos authentication plaintext-password '' set system logs logrotate messages max-size '20' set system logs logrotate messages rotate '10' set system name-server '192.0.2.254' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system syslog remote 10.0.9.188 facility all level 'info' set system syslog remote 10.0.9.188 protocol 'udp' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/bgp-bfd-communities b/smoketest/config-tests/bgp-bfd-communities index 6eee0137e..06e412c55 100644 --- a/smoketest/config-tests/bgp-bfd-communities +++ b/smoketest/config-tests/bgp-bfd-communities @@ -196,6 +196,6 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud index ff7549957..f71a51be3 100644 --- a/smoketest/config-tests/bgp-big-as-cloud +++ b/smoketest/config-tests/bgp-big-as-cloud @@ -847,6 +847,6 @@ set system name-server '192.0.2.2' set system sflow interface 'eth0.4088' set system sflow interface 'eth0.4089' set system sflow server 1.2.3.4 port '1234' -set system syslog global facility all level 'all' +set system syslog local facility all level 'all' set system syslog preserve-fqdn set system time-zone 'Europe/Zurich' diff --git a/smoketest/config-tests/bgp-dmvpn-hub b/smoketest/config-tests/bgp-dmvpn-hub index 99f3799a4..f9ceba11c 100644 --- a/smoketest/config-tests/bgp-dmvpn-hub +++ b/smoketest/config-tests/bgp-dmvpn-hub @@ -50,8 +50,8 @@ set system login user vyos authentication plaintext-password '' set system name-server '1.1.1.1' set system name-server '8.8.8.8' set system name-server '9.9.9.9' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set vpn ipsec esp-group ESP-DMVPN lifetime '1800' set vpn ipsec esp-group ESP-DMVPN mode 'transport' set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2' diff --git a/smoketest/config-tests/bgp-dmvpn-spoke b/smoketest/config-tests/bgp-dmvpn-spoke index e4fb82a0e..a98275ba4 100644 --- a/smoketest/config-tests/bgp-dmvpn-spoke +++ b/smoketest/config-tests/bgp-dmvpn-spoke @@ -56,8 +56,8 @@ set system login user vyos authentication plaintext-password '' set system name-server '1.1.1.1' set system name-server '8.8.8.8' set system name-server '9.9.9.9' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set vpn ipsec esp-group ESP-DMVPN lifetime '1800' set vpn ipsec esp-group ESP-DMVPN mode 'transport' set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2' diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-leaf b/smoketest/config-tests/bgp-evpn-l2vpn-leaf index 315cb9e06..5e42a269e 100644 --- a/smoketest/config-tests/bgp-evpn-l2vpn-leaf +++ b/smoketest/config-tests/bgp-evpn-l2vpn-leaf @@ -48,8 +48,8 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62 set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1 set vrf name MGMT table '1000' diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-spine b/smoketest/config-tests/bgp-evpn-l2vpn-spine index dee29e021..e6d876af6 100644 --- a/smoketest/config-tests/bgp-evpn-l2vpn-spine +++ b/smoketest/config-tests/bgp-evpn-l2vpn-spine @@ -41,8 +41,8 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62 set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1 set vrf name MGMT table '1000' diff --git a/smoketest/config-tests/bgp-evpn-l3vpn-pe-router b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router index 7a2ec9f91..f867c221e 100644 --- a/smoketest/config-tests/bgp-evpn-l3vpn-pe-router +++ b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router @@ -101,8 +101,8 @@ set system login user vyos authentication plaintext-password '' set system name-server '192.0.2.251' set system name-server '192.0.2.252' set system name-server '2001:db8::1' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set vrf name blue protocols bgp address-family ipv4-unicast redistribute connected set vrf name blue protocols bgp address-family l2vpn-evpn advertise ipv4 unicast set vrf name blue protocols bgp system-as '100' diff --git a/smoketest/config-tests/bgp-medium-confederation b/smoketest/config-tests/bgp-medium-confederation index 582e28047..71797fe93 100644 --- a/smoketest/config-tests/bgp-medium-confederation +++ b/smoketest/config-tests/bgp-medium-confederation @@ -69,5 +69,5 @@ set system host-name 'vyos' set system ip protocol bgp route-map 'DEFAULT-ZEBRA-IN' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'notice' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'notice' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/bgp-rpki b/smoketest/config-tests/bgp-rpki index 44e95ae98..587de67c6 100644 --- a/smoketest/config-tests/bgp-rpki +++ b/smoketest/config-tests/bgp-rpki @@ -39,5 +39,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/bgp-small-internet-exchange b/smoketest/config-tests/bgp-small-internet-exchange index a9dce4dd5..2adb3fbb5 100644 --- a/smoketest/config-tests/bgp-small-internet-exchange +++ b/smoketest/config-tests/bgp-small-internet-exchange @@ -205,5 +205,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/bgp-small-ipv4-unicast b/smoketest/config-tests/bgp-small-ipv4-unicast index b8c0e1246..f8820cb3c 100644 --- a/smoketest/config-tests/bgp-small-ipv4-unicast +++ b/smoketest/config-tests/bgp-small-ipv4-unicast @@ -28,5 +28,5 @@ set system domain-name 'vyos.net' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'notice' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'notice' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/cluster-basic b/smoketest/config-tests/cluster-basic index 744c117eb..871b40bbb 100644 --- a/smoketest/config-tests/cluster-basic +++ b/smoketest/config-tests/cluster-basic @@ -16,6 +16,6 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Antarctica/South_Pole' diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex index 404bf342c..c356c73c0 100644 --- a/smoketest/config-tests/dialup-router-complex +++ b/smoketest/config-tests/dialup-router-complex @@ -734,7 +734,7 @@ set system name-server '172.16.254.30' set system option ctrl-alt-delete 'ignore' set system option reboot-on-panic set system option startup-beep -set system syslog global facility all level 'debug' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'debug' +set system syslog local facility local7 level 'debug' set system syslog remote 172.16.100.1 facility all level 'warning' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn index b7187887b..ba3ed29f4 100644 --- a/smoketest/config-tests/dialup-router-medium-vpn +++ b/smoketest/config-tests/dialup-router-medium-vpn @@ -314,7 +314,7 @@ set system static-host-mapping host-name host107.vyos.net inet '192.168.0.107' set system static-host-mapping host-name host109.vyos.net inet '192.168.0.109' set system sysctl parameter net.core.default_qdisc value 'fq' set system sysctl parameter net.ipv4.tcp_congestion_control value 'bbr' -set system syslog global facility all level 'info' +set system syslog local facility all level 'info' set system syslog remote 192.168.0.252 facility all level 'debug' set system syslog remote 192.168.0.252 protocol 'udp' set system task-scheduler task Update-Blacklists executable path '/config/scripts/vyos-foo-update.script' diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6 index e4b8bcac4..269e9d722 100644 --- a/smoketest/config-tests/dialup-router-wireguard-ipv6 +++ b/smoketest/config-tests/dialup-router-wireguard-ipv6 @@ -691,7 +691,7 @@ set system option ctrl-alt-delete 'ignore' set system option performance 'network-latency' set system option reboot-on-panic set system option startup-beep -set system syslog global facility all level 'debug' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'debug' +set system syslog local facility local7 level 'debug' set system syslog remote 172.16.100.1 facility all level 'warning' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/egp-igp-route-maps b/smoketest/config-tests/egp-igp-route-maps index fc46d25ff..222325cd7 100644 --- a/smoketest/config-tests/egp-igp-route-maps +++ b/smoketest/config-tests/egp-igp-route-maps @@ -42,5 +42,5 @@ set system login user vyos authentication plaintext-password '' set system logs logrotate messages max-size '1' set system logs logrotate messages rotate '5' set system name-server '192.168.0.1' -set system syslog global facility all level 'info' +set system syslog local facility all level 'info' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/igmp-pim-small b/smoketest/config-tests/igmp-pim-small index 909c3d67b..06051af41 100644 --- a/smoketest/config-tests/igmp-pim-small +++ b/smoketest/config-tests/igmp-pim-small @@ -32,6 +32,6 @@ set system domain-name 'vyos.io' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/ipoe-server b/smoketest/config-tests/ipoe-server index f4a12f502..c21495ab2 100644 --- a/smoketest/config-tests/ipoe-server +++ b/smoketest/config-tests/ipoe-server @@ -44,5 +44,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/ipv6-disable b/smoketest/config-tests/ipv6-disable index 40e34fa0c..5f906b5f7 100644 --- a/smoketest/config-tests/ipv6-disable +++ b/smoketest/config-tests/ipv6-disable @@ -27,5 +27,5 @@ set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX set system login user vyos authentication plaintext-password '' set system name-server '172.16.254.20' set system name-server '172.16.254.30' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/isis-small b/smoketest/config-tests/isis-small index b322f4e29..e61d0362e 100644 --- a/smoketest/config-tests/isis-small +++ b/smoketest/config-tests/isis-small @@ -39,6 +39,6 @@ set system login user vyos authentication plaintext-password '' set service ntp server time1.vyos.net set service ntp server time2.vyos.net set service ntp server time3.vyos.net -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/nat-basic b/smoketest/config-tests/nat-basic index 471add3b3..ba2b1b838 100644 --- a/smoketest/config-tests/nat-basic +++ b/smoketest/config-tests/nat-basic @@ -84,5 +84,5 @@ set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX set system login user vyos authentication plaintext-password '' set system name-server '1.1.1.1' set system name-server '9.9.9.9' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/ospf-simple b/smoketest/config-tests/ospf-simple index 355709448..4273e4b8f 100644 --- a/smoketest/config-tests/ospf-simple +++ b/smoketest/config-tests/ospf-simple @@ -20,5 +20,5 @@ set system console device ttyS0 speed '115200' set system host-name 'lab-vyos-r1' set system login user vyos authentication encrypted-password '$6$R.OnGzfXSfl6J$Iba/hl9bmjBs0VPtZ2zdW.Snh/nHuvxUwi0R6ruypgW63iKEbicJH.uUst8xZCyByURblxRtjAC1lAnYfIt.b0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/ospf-small b/smoketest/config-tests/ospf-small index a7f8b682c..af69e5702 100644 --- a/smoketest/config-tests/ospf-small +++ b/smoketest/config-tests/ospf-small @@ -77,6 +77,6 @@ set system sysctl parameter net.ipv4.igmp_max_memberships value '5' set system sysctl parameter net.ipv4.ipfrag_time value '4' set system sysctl parameter net.mpls.default_ttl value '10' set system sysctl parameter net.mpls.ip_ttl_propagate value '0' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' diff --git a/smoketest/config-tests/pppoe-server b/smoketest/config-tests/pppoe-server index 34fbea215..e488fc746 100644 --- a/smoketest/config-tests/pppoe-server +++ b/smoketest/config-tests/pppoe-server @@ -43,5 +43,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/qos-basic b/smoketest/config-tests/qos-basic index 0e198b80c..655a5794e 100644 --- a/smoketest/config-tests/qos-basic +++ b/smoketest/config-tests/qos-basic @@ -71,5 +71,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/rip-router b/smoketest/config-tests/rip-router index 829aafbd5..d22f424a5 100644 --- a/smoketest/config-tests/rip-router +++ b/smoketest/config-tests/rip-router @@ -79,5 +79,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/rpki-only b/smoketest/config-tests/rpki-only index dcbc7673d..f3e2a74b9 100644 --- a/smoketest/config-tests/rpki-only +++ b/smoketest/config-tests/rpki-only @@ -38,5 +38,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'debug' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'debug' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/static-route-basic b/smoketest/config-tests/static-route-basic index d2d33d043..a6135d2c4 100644 --- a/smoketest/config-tests/static-route-basic +++ b/smoketest/config-tests/static-route-basic @@ -32,6 +32,6 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Asia/Macau' diff --git a/smoketest/config-tests/tunnel-broker b/smoketest/config-tests/tunnel-broker index ee6301c85..5518c303b 100644 --- a/smoketest/config-tests/tunnel-broker +++ b/smoketest/config-tests/tunnel-broker @@ -71,5 +71,5 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' diff --git a/smoketest/config-tests/vpn-openconnect-sstp b/smoketest/config-tests/vpn-openconnect-sstp index 28d7d5daa..e7969f633 100644 --- a/smoketest/config-tests/vpn-openconnect-sstp +++ b/smoketest/config-tests/vpn-openconnect-sstp @@ -16,8 +16,8 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set vpn openconnect authentication local-users username test password 'test' set vpn openconnect authentication mode local 'password' set vpn openconnect network-settings client-ip-settings subnet '192.168.160.0/24' diff --git a/smoketest/config-tests/vrf-basic b/smoketest/config-tests/vrf-basic index 1d2874a60..0c4e49c52 100644 --- a/smoketest/config-tests/vrf-basic +++ b/smoketest/config-tests/vrf-basic @@ -35,8 +35,8 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 interface 'eth1' set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 vrf 'default' diff --git a/smoketest/config-tests/vrf-bgp-pppoe-underlay b/smoketest/config-tests/vrf-bgp-pppoe-underlay index bd64c914a..e3c765a9a 100644 --- a/smoketest/config-tests/vrf-bgp-pppoe-underlay +++ b/smoketest/config-tests/vrf-bgp-pppoe-underlay @@ -143,8 +143,8 @@ set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' set system name-server '192.168.0.1' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' set vrf bind-to-all set vrf name vyos-test-01 protocols bgp address-family ipv4-unicast network 100.64.50.0/23 diff --git a/smoketest/config-tests/vrf-ospf b/smoketest/config-tests/vrf-ospf index fd14615e0..53207d565 100644 --- a/smoketest/config-tests/vrf-ospf +++ b/smoketest/config-tests/vrf-ospf @@ -28,8 +28,8 @@ set system console device ttyS0 speed '115200' set system host-name 'vyos' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' set system login user vyos authentication plaintext-password '' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system time-zone 'Europe/Berlin' set vrf name blue protocols ospf area 0 network '172.18.201.0/24' set vrf name blue protocols ospf interface eth2 authentication md5 key-id 30 md5-key 'vyoskey456' diff --git a/smoketest/config-tests/wireless-basic b/smoketest/config-tests/wireless-basic index d9e6c8fac..e424b2b0f 100644 --- a/smoketest/config-tests/wireless-basic +++ b/smoketest/config-tests/wireless-basic @@ -20,6 +20,6 @@ set system console device ttyS0 speed '115200' set system domain-name 'dev.vyos.net' set system host-name 'WR1' set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' -set system syslog global facility all level 'info' -set system syslog global facility local7 level 'debug' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' set system wireless country-code 'es' diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos index 527e620da..a6cd3b6e1 100644 --- a/smoketest/configs/basic-vyos +++ b/smoketest/configs/basic-vyos @@ -254,6 +254,7 @@ system { format { octet-counted } + protocol tcp port 8000 } } diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index 1233bf12b..5a09fab18 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -89,7 +89,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): for tmp, tmp_options in facility.items(): level = tmp_options['level'] - self.cli_set(base_path + ['global', 'facility', tmp, 'level', level]) + self.cli_set(base_path + ['local', 'facility', tmp, 'level', level]) self.cli_commit() diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py index 6f6546fd1..f27c27e0b 100755 --- a/src/conf_mode/system_syslog.py +++ b/src/conf_mode/system_syslog.py @@ -50,8 +50,8 @@ def get_config(config=None): if tmp: syslog.update({'restart_required': {}}) syslog = conf.merge_defaults(syslog, recursive=True) - if syslog.from_defaults(['global']): - del syslog['global'] + if syslog.from_defaults(['local']): + del syslog['local'] if 'preserve_fqdn' in syslog: if conf.exists(['system', 'host-name']): diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index 9716e9e90..2ccd4b9c0 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -37,8 +37,9 @@ def migrate(config: ConfigTree) -> None: # Move "global preserve-fqdn" one CLI level up, as it relates to all # logging targets (console, global and remote) - if config.exists(base + ['global', 'preserve-fqdn']): - config.delete(base + ['global', 'preserve-fqdn']) + preserve_fqdn_base = base + ['global', 'preserve-fqdn'] + if config.exists(preserve_fqdn_base): + config.delete(preserve_fqdn_base) config.set(base + ['preserve-fqdn']) # Move "global marker" one CLI level up, as it relates to all @@ -48,6 +49,11 @@ def migrate(config: ConfigTree) -> None: config.copy(marker_base, base + ['marker']) config.delete(marker_base) + # Rename "global" -> "local" as this describes what is logged locally + # on the router to a file on the filesystem + if config.exists(base + ['global']): + config.rename(base + ['global'], 'local') + # Rename host x.x.x.x -> remote x.x.x.x if config.exists(base + ['host']): config.set(base + ['remote']) -- cgit v1.2.3 From 3f4c6422110c9a242ff3b81abd4f5ac5e01d5ab9 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Wed, 15 Jan 2025 20:48:34 +0100 Subject: syslog: T6989: remove RepeatedMsgReduction configuration option This is a feature that worked decades ago when logs were small and reviewed by a human, it fails badly on high volume logs processed by tools. https://www.rsyslog.com/doc/configuration/action/rsconf1_repeatedmsgreduction.html --- data/templates/rsyslog/rsyslog.conf.j2 | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index c2cb8a1ca..daaafa6d1 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -18,16 +18,9 @@ module( RateLimit.Burst="0" ) +########################### #### GLOBAL DIRECTIVES #### -### TODO - remove -# Filter duplicated messages -# https://www.rsyslog.com/doc/configuration/action/rsconf1_repeatedmsgreduction.html -$RepeatedMsgReduction on - -########################################## -#### AUTH.LOG CHANNEL AND LOGGING RULES #### -########################################## - +########################### # Log specific programs to auth.log, then stop further processing if ( $programname == "CRON" or -- cgit v1.2.3 From 5a7a9f3a20e19a52572ce1b9b214528b6ce958ce Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sat, 18 Jan 2025 20:28:16 +0100 Subject: syslog: T6989: add possibility to define VRF per remote Rsyslog supports individual VRFs per omfwd remote entry - so we should support this, too. --- data/templates/rsyslog/rsyslog.conf.j2 | 10 ++--- interface-definitions/system_syslog.xml.in | 14 +++--- smoketest/config-tests/basic-syslog | 25 +++++++++++ smoketest/configs/basic-syslog | 70 +++++++++++++++++++++++++++++ smoketest/scripts/cli/test_system_syslog.py | 65 ++++++++++++++++++++++++++- src/conf_mode/system_syslog.py | 46 +++++++++---------- src/migration-scripts/system/28-to-29 | 7 +++ 7 files changed, 201 insertions(+), 36 deletions(-) create mode 100644 smoketest/config-tests/basic-syslog create mode 100644 smoketest/configs/basic-syslog diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index daaafa6d1..45742b073 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -106,12 +106,11 @@ if prifilt("{{ tmp | join(',') }}") then { template="SyslogProtocol23Format" {% endif %} TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}" -{% if source_address is vyos_defined %} - # Sender IP address - Address="{{ source_address }}" +{% if remote_options.source_address is vyos_defined %} + Address="{{ remote_options.source_address }}" {% endif %} -{% if vrf is vyos_defined %} - Device="{{ vrf }}" +{% if remote_options.vrf is vyos_defined %} + Device="{{ remote_options.vrf }}" {% endif %} ) } @@ -121,3 +120,4 @@ if prifilt("{{ tmp | join(',') }}") then { # Include all configuration files in /etc/rsyslog.d/ include(file="/etc/rsyslog.d/*.conf") + diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in index 0dbf5d497..91fb680e0 100644 --- a/interface-definitions/system_syslog.xml.in +++ b/interface-definitions/system_syslog.xml.in @@ -38,11 +38,6 @@ - #include - - 514 - - #include #include @@ -63,6 +58,13 @@ + #include + + 514 + + #include + #include + #include @@ -100,8 +102,6 @@ - #include - #include diff --git a/smoketest/config-tests/basic-syslog b/smoketest/config-tests/basic-syslog new file mode 100644 index 000000000..349d642fd --- /dev/null +++ b/smoketest/config-tests/basic-syslog @@ -0,0 +1,25 @@ +set interfaces ethernet eth0 duplex 'auto' +set interfaces ethernet eth0 speed 'auto' +set interfaces ethernet eth1 address '172.16.33.154/24' +set interfaces ethernet eth1 duplex 'auto' +set interfaces ethernet eth1 speed 'auto' +set interfaces ethernet eth1 vrf 'red' +set system console device ttyS0 speed '115200' +set system domain-name 'vyos-ci-test.net' +set system host-name 'vyos' +set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0' +set system login user vyos authentication plaintext-password '' +set system syslog local facility all level 'info' +set system syslog local facility local7 level 'debug' +set system syslog marker interval '999' +set system syslog preserve-fqdn +set system syslog remote syslog01.vyos.net facility local7 level 'notice' +set system syslog remote syslog01.vyos.net port '8000' +set system syslog remote syslog01.vyos.net vrf 'red' +set system syslog remote syslog02.vyos.net facility all level 'debug' +set system syslog remote syslog02.vyos.net format include-timezone +set system syslog remote syslog02.vyos.net format octet-counted +set system syslog remote syslog02.vyos.net port '8001' +set system syslog remote syslog02.vyos.net protocol 'tcp' +set system syslog remote syslog02.vyos.net vrf 'red' +set vrf name red table '12321' diff --git a/smoketest/configs/basic-syslog b/smoketest/configs/basic-syslog new file mode 100644 index 000000000..9336b73bc --- /dev/null +++ b/smoketest/configs/basic-syslog @@ -0,0 +1,70 @@ +interfaces { + ethernet eth0 { + duplex "auto" + speed "auto" + } + ethernet eth1 { + address 172.16.33.154/24 + duplex auto + speed auto + vrf red + } +} +system { + console { + device ttyS0 { + speed 115200 + } + } + domain-name vyos-ci-test.net + host-name vyos + login { + user vyos { + authentication { + encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0 + plaintext-password "" + } + } + } + syslog { + global { + facility all { + level info + } + facility local7 { + level debug + } + marker { + interval 999 + } + preserve-fqdn + } + host syslog01.vyos.net { + facility local7 { + level notice + } + port 8000 + } + host syslog02.vyos.net { + facility all { + level debug + } + format { + include-timezone + octet-counted + } + protocol tcp + port 8001 + } + vrf red + } +} +vrf { + name red { + table 12321 + } +} + +// Warning: Do not remove the following line. +// vyos-config-version: "bgp@5:broadcast-relay@1:cluster@2:config-management@1:conntrack@5:conntrack-sync@2:container@2:dhcp-relay@2:dhcp-server@8:dhcpv6-server@1:dns-dynamic@4:dns-forwarding@4:firewall@15:flow-accounting@1:https@6:ids@1:interfaces@32:ipoe-server@3:ipsec@13:isis@3:l2tp@9:lldp@2:mdns@1:monitoring@1:nat@8:nat66@3:ntp@3:openconnect@3:ospf@2:pim@1:policy@8:pppoe-server@10:pptp@5:qos@2:quagga@11:reverse-proxy@1:rip@1:rpki@2:salt@1:snmp@3:ssh@2:sstp@6:system@27:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2" +// Release version: 1.4.0 diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index 5a09fab18..bf6d3134d 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -14,7 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -import re import unittest from base_vyostest_shim import VyOSUnitTestSHIM @@ -47,6 +46,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): # ensure we can also run this test on a live system - so lets clean # out the current configuration :) cls.cli_delete(cls, base_path) + cls.cli_delete(cls, ['vrf']) def tearDown(self): # Check for running process @@ -204,5 +204,68 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): else: self.assertIn( ' TCP_Framing="traditional"', config) + def test_vrf_source_address(self): + rhosts = { + '169.254.0.10': { }, + '169.254.0.11': { + 'vrf': {'name' : 'red', 'table' : '12321'}, + 'source_address' : '169.254.0.11', + }, + '169.254.0.12': { + 'vrf': {'name' : 'green', 'table' : '12322'}, + 'source_address' : '169.254.0.12', + }, + '169.254.0.13': { + 'vrf': {'name' : 'blue', 'table' : '12323'}, + 'source_address' : '169.254.0.13', + }, + } + + for remote, remote_options in rhosts.items(): + remote_base = base_path + ['remote', remote] + self.cli_set(remote_base + ['facility', 'all']) + + vrf = None + if 'vrf' in remote_options: + vrf = remote_options['vrf']['name'] + self.cli_set(['vrf', 'name', vrf, 'table', remote_options['vrf']['table']]) + self.cli_set(remote_base + ['vrf', vrf]) + + if 'source_address' in remote_options: + source_address = remote_options['source_address'] + self.cli_set(remote_base + ['source-address', source_address]) + + idx = source_address.split('.')[-1] + self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'address', f'{source_address}/32']) + if vrf: + self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'vrf', vrf]) + + + self.cli_commit() + config = read_file(RSYSLOG_CONF) + + for remote, remote_options in rhosts.items(): + config = get_config(f'# Remote syslog to {remote}') + + self.assertIn(f'target="{remote}"', config) + if 'vrf' in remote_options: + vrf = remote_options['vrf']['name'] + self.assertIn(f'Device="{vrf}"', config) + + if 'source_address' in remote_options: + source_address = remote_options['source_address'] + self.assertIn(f'Address="{source_address}"', config) + + # Cleanup VRF/Dummy interfaces + for remote, remote_options in rhosts.items(): + if 'vrf' in remote_options: + vrf = remote_options['vrf']['name'] + self.cli_delete(['vrf', 'name', vrf]) + + if 'source_address' in remote_options: + source_address = remote_options['source_address'] + idx = source_address.split('.')[-1] + self.cli_delete(['interfaces', 'dummy', f'dum{idx}']) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py index f27c27e0b..00c571ea9 100755 --- a/src/conf_mode/system_syslog.py +++ b/src/conf_mode/system_syslog.py @@ -20,11 +20,12 @@ from sys import exit from vyos.base import Warning from vyos.config import Config -from vyos.configdict import is_node_changed from vyos.configverify import verify_vrf from vyos.utils.network import is_addr_assigned from vyos.utils.process import call from vyos.template import render +from vyos.template import is_ipv4 +from vyos.template import is_ipv6 from vyos import ConfigError from vyos import airbag airbag.enable() @@ -46,9 +47,6 @@ def get_config(config=None): syslog.update({ 'logrotate' : logrotate_conf }) - tmp = is_node_changed(conf, base + ['vrf']) - if tmp: syslog.update({'restart_required': {}}) - syslog = conf.merge_defaults(syslog, recursive=True) if syslog.from_defaults(['local']): del syslog['local'] @@ -74,19 +72,26 @@ def verify(syslog): Warning('No "system domain-name" defined - cannot set syslog FQDN!') if 'remote' in syslog: - for host, host_options in syslog['remote'].items(): - if 'protocol' in host_options and host_options['protocol'] == 'udp': - if 'format' in host_options and 'octet_counted' in host_options['format']: - Warning(f'Syslog UDP transport for "{host}" should not use octet-counted format!') - - verify_vrf(syslog) - - if 'source_address' in syslog: - syslog_vrf = None - if 'vrf' in syslog: - syslog_vrf = syslog['vrf'] - if not is_addr_assigned(syslog['source_address'], syslog_vrf): - raise ConfigError('No interface with given address specified!') + for remote, remote_options in syslog['remote'].items(): + if 'protocol' in remote_options and remote_options['protocol'] == 'udp': + if 'format' in remote_options and 'octet_counted' in remote_options['format']: + Warning(f'Syslog UDP transport for "{remote}" should not use octet-counted format!') + + if 'vrf' in remote_options: + verify_vrf(remote_options) + + if 'source_address' in remote_options: + vrf = None + if 'vrf' in remote_options: + vrf = remote_options['vrf'] + if not is_addr_assigned(remote_options['source_address'], vrf): + raise ConfigError('No interface with given address specified!') + + source_address = remote_options['source_address'] + if ((is_ipv4(remote) and is_ipv6(source_address)) or + (is_ipv6(remote) and is_ipv4(source_address))): + raise ConfigError(f'Source-address "{source_address}" does not match '\ + f'address-family of remote "{remote}"!') def generate(syslog): if not syslog: @@ -108,12 +113,7 @@ def apply(syslog): call(f'systemctl stop {systemd_service} {systemd_socket}') return None - # we need to restart the service if e.g. the VRF name changed - systemd_action = 'reload-or-restart' - if 'restart_required' in syslog: - systemd_action = 'restart' - - call(f'systemctl {systemd_action} {systemd_service}') + call(f'systemctl reload-or-restart {systemd_service}') return None if __name__ == '__main__': diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29 index 2ccd4b9c0..ccf7056c4 100644 --- a/src/migration-scripts/system/28-to-29 +++ b/src/migration-scripts/system/28-to-29 @@ -54,6 +54,11 @@ def migrate(config: ConfigTree) -> None: if config.exists(base + ['global']): config.rename(base + ['global'], 'local') + vrf = '' + if config.exists(base + ['vrf']): + vrf = config.return_value(base + ['vrf']) + config.delete(base + ['vrf']) + # Rename host x.x.x.x -> remote x.x.x.x if config.exists(base + ['host']): config.set(base + ['remote']) @@ -61,4 +66,6 @@ def migrate(config: ConfigTree) -> None: for remote in config.list_nodes(base + ['host']): config.copy(base + ['host', remote], base + ['remote', remote]) config.set_tag(base + ['remote']) + if vrf: + config.set(base + ['remote', remote, 'vrf'], value=vrf) config.delete(base + ['host']) -- cgit v1.2.3 From ae52b7799f6872ee9ea2475e76a6d4ea32c2ddce Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 20 Jan 2025 21:02:22 +0100 Subject: syslog: T6989: increase local log size form 256KiB -> 1MiB --- data/templates/rsyslog/rsyslog.conf.j2 | 3 +-- smoketest/scripts/cli/test_system_syslog.py | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2 index 45742b073..c6eb6430c 100644 --- a/data/templates/rsyslog/rsyslog.conf.j2 +++ b/data/templates/rsyslog/rsyslog.conf.j2 @@ -64,7 +64,7 @@ if prifilt("{{ tmp | join(',') }}") then { action( type="omfile" file="/var/log/messages" - queue.size="262144" + rotation.sizeLimit="524288" # 512Kib - maximum filesize before rotation rotation.sizeLimitCommand="/usr/sbin/logrotate {{ logrotate }}" ) } @@ -120,4 +120,3 @@ if prifilt("{{ tmp | join(',') }}") then { # Include all configuration files in /etc/rsyslog.d/ include(file="/etc/rsyslog.d/*.conf") - diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index bf6d3134d..1fd9ee18d 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -117,7 +117,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): self.assertIn( ' action(', config) self.assertIn( ' type="omfile"', config) self.assertIn( ' file="/var/log/messages"', config) - self.assertIn( ' queue.size="262144"', config) + self.assertIn( ' rotation.sizeLimit="524288"', config) self.assertIn( ' rotation.sizeLimitCommand="/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog"', config) def test_remote(self): -- cgit v1.2.3 From a8db4a59d917572040bcc9cc4c0070c7816a064f Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 2 Feb 2025 21:38:34 +0100 Subject: smoketest: T6989: extend cli_set() signature to pass CLI node value --- smoketest/scripts/cli/base_vyostest_shim.py | 7 +++--- smoketest/scripts/cli/test_system_syslog.py | 34 ++++++++++++++++------------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py index a54622700..a89b8dce5 100644 --- a/smoketest/scripts/cli/base_vyostest_shim.py +++ b/smoketest/scripts/cli/base_vyostest_shim.py @@ -75,10 +75,11 @@ class VyOSUnitTestSHIM: cls._session.discard() cls.fail(cls) - def cli_set(self, config): + def cli_set(self, path, value=None): if self.debug: - print('set ' + ' '.join(config)) - self._session.set(config) + str = f'set {" ".join(path)} {value}' if value else f'set {" ".join(path)}' + print(str) + self._session.set(path, value) def cli_delete(self, config): if self.debug: diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py index 1fd9ee18d..c3b14e1c0 100755 --- a/smoketest/scripts/cli/test_system_syslog.py +++ b/smoketest/scripts/cli/test_system_syslog.py @@ -61,7 +61,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): def test_console(self): level = 'warning' - self.cli_set(base_path + ['console', 'facility', 'all', 'level', level]) + self.cli_set(base_path + ['console', 'facility', 'all', 'level'], value=level) self.cli_commit() rsyslog_conf = get_config() @@ -72,7 +72,7 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): for tmp in config: self.assertIn(tmp, rsyslog_conf) - def test_global(self): + def test_basic(self): hostname = 'vyos123' domain_name = 'example.local' default_marker_interval = default_value(base_path + ['marker', 'interval']) @@ -83,13 +83,13 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): 'all': {'level': 'notice'}, } - self.cli_set(['system', 'host-name', hostname]) - self.cli_set(['system', 'domain-name', domain_name]) + self.cli_set(['system', 'host-name'], value=hostname) + self.cli_set(['system', 'domain-name'], value=domain_name) self.cli_set(base_path + ['preserve-fqdn']) for tmp, tmp_options in facility.items(): level = tmp_options['level'] - self.cli_set(base_path + ['local', 'facility', tmp, 'level', level]) + self.cli_set(base_path + ['local', 'facility', tmp, 'level'], value=level) self.cli_commit() @@ -147,20 +147,21 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): remote_base = base_path + ['remote', remote] if 'port' in remote_options: - self.cli_set(remote_base + ['port', remote_options['port']]) + self.cli_set(remote_base + ['port'], value=remote_options['port']) if 'facility' in remote_options: for facility, facility_options in remote_options['facility'].items(): level = facility_options['level'] - self.cli_set(remote_base + ['facility', facility, 'level', level]) + self.cli_set(remote_base + ['facility', facility, 'level'], + value=level) if 'format' in remote_options: for format in remote_options['format']: - self.cli_set(remote_base + ['format', format]) + self.cli_set(remote_base + ['format'], value=format) if 'protocol' in remote_options: protocol = remote_options['protocol'] - self.cli_set(remote_base + ['protocol', protocol]) + self.cli_set(remote_base + ['protocol'], value=protocol) self.cli_commit() @@ -228,18 +229,21 @@ class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase): vrf = None if 'vrf' in remote_options: vrf = remote_options['vrf']['name'] - self.cli_set(['vrf', 'name', vrf, 'table', remote_options['vrf']['table']]) - self.cli_set(remote_base + ['vrf', vrf]) + self.cli_set(['vrf', 'name', vrf, 'table'], + value=remote_options['vrf']['table']) + self.cli_set(remote_base + ['vrf'], value=vrf) if 'source_address' in remote_options: source_address = remote_options['source_address'] - self.cli_set(remote_base + ['source-address', source_address]) + self.cli_set(remote_base + ['source-address'], + value=source_address) idx = source_address.split('.')[-1] - self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'address', f'{source_address}/32']) + self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'address'], + value=f'{source_address}/32') if vrf: - self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'vrf', vrf]) - + self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'vrf'], + value=vrf) self.cli_commit() config = read_file(RSYSLOG_CONF) -- cgit v1.2.3 From 29a7edaf871cbf77092308eab05cb750a9e74308 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 2 Feb 2025 21:39:45 +0100 Subject: init: T6989: start syslog early --- src/init/vyos-router | 1 + 1 file changed, 1 insertion(+) diff --git a/src/init/vyos-router b/src/init/vyos-router index 00136309b..ab3cc42cb 100755 --- a/src/init/vyos-router +++ b/src/init/vyos-router @@ -461,6 +461,7 @@ start () # As VyOS does not execute commands that are not present in the CLI we call # the script by hand to have a single source for the login banner and MOTD + ${vyos_conf_scripts_dir}/system_syslog.py || log_failure_msg "could not reset syslog" ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console" ${vyos_conf_scripts_dir}/system_login_banner.py || log_failure_msg "could not reset motd and issue files" ${vyos_conf_scripts_dir}/system_option.py || log_failure_msg "could not reset system option files" -- cgit v1.2.3 From cf7721f7d5345e484e0c57b643913d2353dca6f5 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Sun, 2 Feb 2025 21:40:46 +0100 Subject: defaults: T6989: provide single source of systemd services Some systemd services are re-used over multiple configuration files. Keep a single source of the real systemd names and only reference them by dictionary keys. --- python/vyos/defaults.py | 7 ++++++- src/conf_mode/service_snmp.py | 3 ++- src/conf_mode/system_host-name.py | 9 ++++++--- src/conf_mode/system_syslog.py | 6 ++++-- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index 9757a34df..89e51707b 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -1,4 +1,4 @@ -# Copyright 2018-2024 VyOS maintainers and contributors +# Copyright 2018-2025 VyOS maintainers and contributors # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -40,6 +40,11 @@ directories = { 'ca_certificates' : '/usr/local/share/ca-certificates/vyos' } +systemd_services = { + 'rsyslog' : 'rsyslog.service', + 'snmpd' : 'snmpd.service', +} + config_status = '/tmp/vyos-config-status' api_config_state = '/run/http-api-state' frr_debug_enable = '/tmp/vyos.frr.debug' diff --git a/src/conf_mode/service_snmp.py b/src/conf_mode/service_snmp.py index 1174b1238..d85f20820 100755 --- a/src/conf_mode/service_snmp.py +++ b/src/conf_mode/service_snmp.py @@ -22,6 +22,7 @@ from vyos.base import Warning from vyos.config import Config from vyos.configdict import dict_merge from vyos.configverify import verify_vrf +from vyos.defaults import systemd_services from vyos.snmpv3_hashgen import plaintext_to_md5 from vyos.snmpv3_hashgen import plaintext_to_sha1 from vyos.snmpv3_hashgen import random @@ -43,7 +44,7 @@ config_file_access = r'/usr/share/snmp/snmpd.conf' config_file_user = r'/var/lib/snmp/snmpd.conf' default_script_dir = r'/config/user-data/' systemd_override = r'/run/systemd/system/snmpd.service.d/override.conf' -systemd_service = 'snmpd.service' +systemd_service = systemd_services['snmpd'] def get_config(config=None): if config: diff --git a/src/conf_mode/system_host-name.py b/src/conf_mode/system_host-name.py index 3f245f166..fef034d1c 100755 --- a/src/conf_mode/system_host-name.py +++ b/src/conf_mode/system_host-name.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2024 VyOS maintainers and contributors +# Copyright (C) 2018-2025 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -23,6 +23,7 @@ import vyos.hostsd_client from vyos.base import Warning from vyos.config import Config from vyos.configdict import leaf_node_changed +from vyos.defaults import systemd_services from vyos.ifconfig import Section from vyos.template import is_ip from vyos.utils.process import cmd @@ -174,11 +175,13 @@ def apply(config): # Restart services that use the hostname if hostname_new != hostname_old: - call("systemctl restart rsyslog.service") + tmp = systemd_services['rsyslog'] + call(f'systemctl restart {tmp}') # If SNMP is running, restart it too if process_named_running('snmpd') and config['snmpd_restart_reqired']: - call('systemctl restart snmpd.service') + tmp = systemd_services['snmpd'] + call(f'systemctl restart {tmp}') return None diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py index 00c571ea9..414bd4b6b 100755 --- a/src/conf_mode/system_syslog.py +++ b/src/conf_mode/system_syslog.py @@ -21,6 +21,7 @@ from sys import exit from vyos.base import Warning from vyos.config import Config from vyos.configverify import verify_vrf +from vyos.defaults import systemd_services from vyos.utils.network import is_addr_assigned from vyos.utils.process import call from vyos.template import render @@ -33,6 +34,9 @@ airbag.enable() rsyslog_conf = '/run/rsyslog/rsyslog.conf' logrotate_conf = '/etc/logrotate.d/vyos-rsyslog' +systemd_socket = 'syslog.socket' +systemd_service = systemd_services['rsyslog'] + def get_config(config=None): if config: conf = config @@ -107,8 +111,6 @@ def generate(syslog): return None def apply(syslog): - systemd_socket = 'syslog.socket' - systemd_service = 'syslog.service' if not syslog: call(f'systemctl stop {systemd_service} {systemd_socket}') return None -- cgit v1.2.3