1 files changed, 60 insertions, 61 deletions
diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst
index ae1b9273..d266131d 100644
--- a/docs/configuration/system/syslog.rst
+++ b/docs/configuration/system/syslog.rst
@@ -17,56 +17,51 @@ Syslog supports logging to multiple targets, those targets could be a plain
 file on your VyOS installation itself, a serial console or a remote syslog
 server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP.
 
-Global
-------
+Global Settings
+---------------
 
-.. cfgcmd:: system syslog global marker interval <number>
+.. cfgcmd:: set system syslog marker interval <number>
 
-Interval (in seconds) for sending mark messages to the syslog input to
-indicate that the logging system is functioning.
+   Interval (in seconds) for sending mark messages to the syslog input to
+   indicate that the logging system is functioning.
 
-.. cfgcmd:: system syslog global preserve-fqdn
+   This defaults to 1200 seconds.
 
-If set, the domain part of the hostname is always sent,
-even within the same domain as the receiving system.
+.. cfgcmd:: set system syslog marker disable
 
-.. cfgcmd:: system rsyslog global facility <keyword> level <keyword>
+   Disable periodic injection of mark messages.
 
-Filter syslog messages based on facility and level.
+.. cfgcmd:: set system syslog preserve-fqdn
 
+   If set, the domain part of the hostname is always sent, even within the same
+   domain as the receiving system.
 
-Console
--------
-
-.. cfgcmd:: set system syslog console facility <keyword> level <keyword>
+.. cfgcmd:: set system syslog source-address <address>
 
-   Log syslog messages to ``/dev/console``, for an explanation on
-   :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
-   see tables below.
+   Source IP address used to initiate connection when sending log data to a
+   remote host.
 
-.. _custom-file:
+Local Logging
+-------------
 
-Custom File
------------
+Enable logging to a local target (``/var/log/messages``) on the system.
 
-.. cfgcmd:: set system syslog file <filename> facility <keyword> level <keyword>
+.. cfgcmd:: system rsyslog local facility <keyword> level <keyword>
 
-   Log syslog messages to file specified via `<filename>`, for an explanation on
-   :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
-   see tables below.
+   Filter syslog messages based on facility and level.
 
-.. cfgcmd:: set system syslog file <filename> archive size <size>
+.. _syslog_console:
 
-   Syslog will write `<size>` kilobytes into the file specified by `<filename>`.
-   After this limit has been reached, the custom file is "rotated" by logrotate
-   and a new custom file is created.
+Console
+-------
 
-.. cfgcmd:: set system syslog file <filename> archive file <number>
+.. cfgcmd:: set system syslog console facility <keyword> level <keyword>
 
-   Syslog uses logrotate to rotate logfiles after a number of gives bytes.
-   We keep as many as `<number>` rotated file before they are deleted on the
-   system.
+   Log syslog messages to ``/dev/console``, for an explanation on
+   :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
+   see tables below.
 
+.. _syslog_remote:
 
 Remote Host
 -----------
@@ -76,37 +71,54 @@ can be configured in parallel to a custom file or console logging. You can log
 to multiple hosts at the same time, using either TCP or UDP. The default is
 sending the messages via port 514/UDP.
 
-
-.. cfgcmd:: set system syslog host <address> facility <keyword> level <keyword>
+.. cfgcmd:: set system syslog remote <address> facility <keyword> level <keyword>
 
    Log syslog messages to remote host specified by `<address>`. The address
    can be specified by either FQDN or IP address. For an explanation on
    :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level`
    keywords see tables below.
 
-
-.. cfgcmd:: set system syslog host <address> facility <keyword> protocol
-   <udp|tcp>
+.. cfgcmd:: set system syslog remote <address> protocol <udp|tcp>
 
    Configure protocol used for communication to remote syslog host. This can be
    either UDP or TCP.
 
+.. cfgcmd:: set system syslog remote <address> port <port>
 
-.. cfgcmd:: set system syslog vrf <name>
+   Configure the TCP or UDP port to connect to on the remote syslog host.
+   By default, the standard port 514 is used.
 
-  Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance.
+.. cfgcmd:: set system syslog remote <address> format include-timezone
 
+   Send syslog messages in the :rfc:`5424` format, rather than the
+   default :rfc:`3164` (BSD syslog) format.
 
-Local User Account
-------------------
+   .. note::
+      The :rfc:`5424` format utilises an :rfc:`3339` / ISO 8601 formatted
+      timestamp, including the system timezone.
 
-.. cfgcmd:: set system syslog user <username> facility <keyword> level <keyword>
+      Examples of the two syslog message formats:
 
-   If logging to a local user account is configured, all defined log messages
-   are display on the console if the local user is logged in, if the user is not
-   logged in, no messages are being displayed. For an explanation on
-   :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords
-   see tables below.
+      :rfc:`3164` format: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8
+
+      :rfc:`5424` format: <34>1 2003-10-11T22:14:15.003-07:00 mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8
+
+.. cfgcmd:: set system syslog remote <address> format octet-counted
+
+   Allows for the transmission of multi-line messages, without them being split
+   across separate syslog messages. This only applies for the TCP protocol
+   (this setting is ignored for UDP protocol). Ensure the receiving system is
+   compatible before enabling this.
+
+.. cfgcmd:: set system syslog remote <address> vrf <name>
+
+   Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance
+   used when forwarding logs to remote syslog server.
+
+.. cfgcmd:: set system syslog remote <address> source-address <address>
+
+   Define IPv4 or IPv6 source address used when forwarding logs to remote
+   syslog server.
 
 .. _syslog_facilities:
 
@@ -171,7 +183,7 @@ Facilities can be adjusted to meet the needs of the user:
 +----------+----------+----------------------------------------------------+
 | 21       | local5   | local use 5 (local5)                               |
 +----------+----------+----------------------------------------------------+
-| 22       | local6   |  use 6 (local6)                                    |
+| 22       | local6   | local use 6 (local6)                               |
 +----------+----------+----------------------------------------------------+
 | 23       | local7   | local use 7 (local7)                               |
 +----------+----------+----------------------------------------------------+
@@ -253,16 +265,3 @@ displayed.
 
 .. hint:: Use ``show log | strip-private`` if you want to hide private data
    when sharing your logs.
-
-Delete Logs
-===========
-
-.. opcmd:: delete log file <text>
-
-Deletes the specified user-defined file <text> in the /var/log/user directory
-
-Note that deleting the log file does not stop the system from logging events.
-If you use this command while the system is logging events, old log events
-will be deleted, but events after the delete operation will be recorded in
-the new file. To delete the file altogether, first delete logging to the
-file using system syslog :ref:`custom-file` command, and then delete the file.