From e143e496e28b9d6d5803278fa76a14bf2bc2304e Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 13 Jan 2025 19:36:41 +0100
Subject: syslog: T6989: convert old configuration format to "advanced"

---
 src/conf_mode/system_option.py                     |  2 +-
 src/conf_mode/system_syslog.py                     | 14 ++---
 src/etc/rsyslog.conf                               | 67 ----------------------
 .../systemd/system/rsyslog.service.d/override.conf | 10 ++++
 src/migration-scripts/system/28-to-29              |  7 ++-
 5 files changed, 21 insertions(+), 79 deletions(-)
 delete mode 100644 src/etc/rsyslog.conf
 create mode 100644 src/etc/systemd/system/rsyslog.service.d/override.conf

(limited to 'src')

diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py
index e2832cde6..064a1aa91 100755
--- a/src/conf_mode/system_option.py
+++ b/src/conf_mode/system_option.py
@@ -86,7 +86,7 @@ def verify(options):
 
         if 'source_address' in config:
             if not is_addr_assigned(config['source_address']):
-                raise ConfigError('No interface with give address specified!')
+                raise ConfigError('No interface with given address specified!')
 
     if 'ssh_client' in options:
         config = options['ssh_client']
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index eb2f02eb3..78840a5f5 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2024 VyOS maintainers and contributors
+# Copyright (C) 2018-2025 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -22,15 +22,15 @@ from vyos.base import Warning
 from vyos.config import Config
 from vyos.configdict import is_node_changed
 from vyos.configverify import verify_vrf
+from vyos.utils.network import is_addr_assigned
 from vyos.utils.process import call
 from vyos.template import render
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
-rsyslog_conf = '/etc/rsyslog.d/00-vyos.conf'
+rsyslog_conf = '/run/rsyslog/rsyslog.conf'
 logrotate_conf = '/etc/logrotate.d/vyos-rsyslog'
-systemd_override = r'/run/systemd/system/rsyslog.service.d/override.conf'
 
 def get_config(config=None):
     if config:
@@ -70,8 +70,8 @@ def verify(syslog):
     if not syslog:
         return None
 
-    if 'host' in syslog:
-         for host, host_options in syslog['host'].items():
+    if 'remote' in syslog:
+         for host, host_options in syslog['remote'].items():
              if 'protocol' in host_options and host_options['protocol'] == 'udp':
                  if 'format' in host_options and 'octet_counted' in host_options['format']:
                      Warning(f'Syslog UDP transport for "{host}" should not use octet-counted format!')
@@ -88,11 +88,7 @@ def generate(syslog):
         return None
 
     render(rsyslog_conf, 'rsyslog/rsyslog.conf.j2', syslog)
-    render(systemd_override, 'rsyslog/override.conf.j2', syslog)
     render(logrotate_conf, 'rsyslog/logrotate.j2', syslog)
-
-    # Reload systemd manager configuration
-    call('systemctl daemon-reload')
     return None
 
 def apply(syslog):
diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
deleted file mode 100644
index b3f41acb6..000000000
--- a/src/etc/rsyslog.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-#################
-#### MODULES ####
-#################
-
-$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
-#$ModLoad immark  # provides --MARK-- message capability
-
-$OmitLocalLogging off
-$SystemLogSocketName /run/systemd/journal/syslog
-
-$KLogPath /proc/kmsg
-
-###########################
-#### GLOBAL DIRECTIVES ####
-###########################
-
-# Use traditional timestamp format.
-# To enable high precision timestamps, comment out the following line.
-# A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
-#$ActionFileDefaultTemplate RSYSLOG_FileFormat
-# The "old style" default log file format with low-precision timestamps
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-# Filter duplicated messages
-$RepeatedMsgReduction on
-
-#
-# Set the default permissions for all log files.
-#
-$FileOwner root
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-
-#
-# Stop excessive logging of sudo
-#
-:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" stop
-:msg, contains, "pam_unix(sudo:session): session closed for user root" stop
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-# The lines below cause all listed daemons/processes to be logged into
-# /var/log/auth.log, then drops the message so it does not also go to the
-# regular syslog so that messages are not duplicated
-
-$outchannel auth_log,/var/log/auth.log
-if  $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then :omfile:$auth_log
-
-if $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then stop
-
-###############
-#### RULES ####
-###############
-# Emergencies are sent to everybody logged in.
-*.emerg                         :omusrmsg:*
\ No newline at end of file
diff --git a/src/etc/systemd/system/rsyslog.service.d/override.conf b/src/etc/systemd/system/rsyslog.service.d/override.conf
new file mode 100644
index 000000000..665b994d9
--- /dev/null
+++ b/src/etc/systemd/system/rsyslog.service.d/override.conf
@@ -0,0 +1,10 @@
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/rsyslogd -n -iNONE -f /run/rsyslog/rsyslog.conf
+Restart=always
+RestartPreventExitStatus=
+RestartSec=10
+RuntimeDirectoryPreserve=yes
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index 2f55d425a..1addad035 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -16,6 +16,7 @@
 # T6989:
 #   - remove syslog arbitrary file logging
 #   - remove syslog user console logging
+#   - rename "host" to "remote"
 
 from vyos.configtree import ConfigTree
 
@@ -24,14 +25,16 @@ base = ['system', 'syslog']
 def migrate(config: ConfigTree) -> None:
     if not config.exists(base):
         return
-
+    # Drop support for custom file logging
     if config.exists(base + ['file']):
         config.delete(base + ['file'])
 
+    # Drop support for logging to a user tty
+    # This should be dynamically added via an op-mode command like "terminal monitor"
     if config.exists(base + ['user']):
         config.delete(base + ['user'])
 
-    # rename host -> remote
+    # Rename host x.x.x.x -> remote x.x.x.x
     if config.exists(base + ['host']):
         config.set(base + ['remote'])
         config.set_tag(base + ['remote'])
-- 
cgit v1.2.3