diff options
Diffstat (limited to 'docs/configuration/system')
| -rw-r--r-- | docs/configuration/system/ip.rst | 14 | ||||
| -rw-r--r-- | docs/configuration/system/login.rst | 19 | ||||
| -rw-r--r-- | docs/configuration/system/option.rst | 15 | ||||
| -rw-r--r-- | docs/configuration/system/syslog.rst | 121 |
4 files changed, 102 insertions, 67 deletions
diff --git a/docs/configuration/system/ip.rst b/docs/configuration/system/ip.rst index a422388f..27b0870c 100644 --- a/docs/configuration/system/ip.rst +++ b/docs/configuration/system/ip.rst @@ -27,6 +27,20 @@ System configuration commands Use this command to use Layer 4 information for IPv4 ECMP hashing. +.. cfgcmd:: set system ip import-table <table-id> + + Use this command to immport the table, by given table id, into the main RIB. + +.. cfgcmd:: set system ip import-table <table-id> distance <distance> + + Use this command to override the default distance when importing routers + from the alternate table. + +.. cfgcmd:: set system ip import-table <table-id> route-map <route-map> + + Use this command to filter routes that are imported into the main table + from alternate table using route-map. + Zebra/Kernel route filtering ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index 452981a9..1c4e041d 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -34,6 +34,13 @@ Local Setup encrypted password for given username. This is useful for transferring a hashed password from system to system. +.. cfgcmd:: set system login user <name> authentication principal <principal> + + When using SSH certificate based authentication, define which principals are + alled to use this account. + + If unset, the principal will be set to the login name of the user bz default. + .. cfgcmd:: set system login user <name> disable Disable (lock) account. User will not be able to log in. @@ -319,28 +326,28 @@ TACACS is defined in :rfc:`8907`. Configuration ------------- -.. cfgcmd:: set system login tacas server <address> key <secret> +.. cfgcmd:: set system login tacacs server <address> key <secret> Specify the IP `<address>` of the TACACS server user with the pre-shared-secret given in `<secret>`. Multiple servers can be specified. -.. cfgcmd:: set system login tacas server <address> port <port> +.. cfgcmd:: set system login tacacs server <address> port <port> Configure the discrete port under which the TACACS server can be reached. This defaults to 49. -.. cfgcmd:: set system login tacas server <address> disable +.. cfgcmd:: set system login tacacs server <address> disable Temporary disable this TACACS server. It won't be queried. -.. cfgcmd:: set system login tacas server <address> timeout <timeout> +.. cfgcmd:: set system login tacacs server <address> timeout <timeout> Setup the `<timeout>` in seconds when querying the TACACS server. -.. cfgcmd:: set system login tacas source-address <address> +.. cfgcmd:: set system login tacacs source-address <address> TACACS servers could be hardened by only allowing certain IP addresses to connect. As of this the source address of each TACACS query can be @@ -350,7 +357,7 @@ Configuration interface address pointing towards the server - making it error prone on e.g. OSPF networks when a link fails and a backup route is taken. -.. cfgcmd:: set system login tacas vrf <name> +.. cfgcmd:: set system login tacacs vrf <name> Source all connections to the TACACS servers from given VRF `<name>`. diff --git a/docs/configuration/system/option.rst b/docs/configuration/system/option.rst index b5ebaaee..a13e38a8 100644 --- a/docs/configuration/system/option.rst +++ b/docs/configuration/system/option.rst @@ -18,6 +18,16 @@ General Automatically reboot system on kernel panic after 60 seconds. +.. cfgcmd:: set system option reboot-on-upgrade-failure <timeout> + + Automatically reboot after `timeout` minutes into the previous running + image, that was used to perform the image upgrade. + + Reboot `timeout` is configurable in minutes. This gives the user the change + to log into the system and perform some analysis before automatic rebooting. + + Automatic reboot can be cancelled after login using: :opcmd:`reboot cancel` + .. cfgcmd:: set system option startup-beep Play an audible beep to the system speaker when system is ready. @@ -72,6 +82,11 @@ Kernel .. seealso:: https://docs.kernel.org/admin-guide/pm/amd-pstate.html +.. cfgcmd:: set system option kernel quiet + + Suppress most kernel messages during boot. This is useful for systems with + embedded serial console interfaces to speed up the boot process. + *********** HTTP client *********** diff --git a/docs/configuration/system/syslog.rst b/docs/configuration/system/syslog.rst index ae1b9273..d266131d 100644 --- a/docs/configuration/system/syslog.rst +++ b/docs/configuration/system/syslog.rst @@ -17,56 +17,51 @@ Syslog supports logging to multiple targets, those targets could be a plain file on your VyOS installation itself, a serial console or a remote syslog server which is reached via :abbr:`IP (Internet Protocol)` UDP/TCP. -Global ------- +Global Settings +--------------- -.. cfgcmd:: system syslog global marker interval <number> +.. cfgcmd:: set system syslog marker interval <number> -Interval (in seconds) for sending mark messages to the syslog input to -indicate that the logging system is functioning. + Interval (in seconds) for sending mark messages to the syslog input to + indicate that the logging system is functioning. -.. cfgcmd:: system syslog global preserve-fqdn + This defaults to 1200 seconds. -If set, the domain part of the hostname is always sent, -even within the same domain as the receiving system. +.. cfgcmd:: set system syslog marker disable -.. cfgcmd:: system rsyslog global facility <keyword> level <keyword> + Disable periodic injection of mark messages. -Filter syslog messages based on facility and level. +.. cfgcmd:: set system syslog preserve-fqdn + If set, the domain part of the hostname is always sent, even within the same + domain as the receiving system. -Console -------- - -.. cfgcmd:: set system syslog console facility <keyword> level <keyword> +.. cfgcmd:: set system syslog source-address <address> - Log syslog messages to ``/dev/console``, for an explanation on - :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords - see tables below. + Source IP address used to initiate connection when sending log data to a + remote host. -.. _custom-file: +Local Logging +------------- -Custom File ------------ +Enable logging to a local target (``/var/log/messages``) on the system. -.. cfgcmd:: set system syslog file <filename> facility <keyword> level <keyword> +.. cfgcmd:: system rsyslog local facility <keyword> level <keyword> - Log syslog messages to file specified via `<filename>`, for an explanation on - :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords - see tables below. + Filter syslog messages based on facility and level. -.. cfgcmd:: set system syslog file <filename> archive size <size> +.. _syslog_console: - Syslog will write `<size>` kilobytes into the file specified by `<filename>`. - After this limit has been reached, the custom file is "rotated" by logrotate - and a new custom file is created. +Console +------- -.. cfgcmd:: set system syslog file <filename> archive file <number> +.. cfgcmd:: set system syslog console facility <keyword> level <keyword> - Syslog uses logrotate to rotate logfiles after a number of gives bytes. - We keep as many as `<number>` rotated file before they are deleted on the - system. + Log syslog messages to ``/dev/console``, for an explanation on + :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords + see tables below. +.. _syslog_remote: Remote Host ----------- @@ -76,37 +71,54 @@ can be configured in parallel to a custom file or console logging. You can log to multiple hosts at the same time, using either TCP or UDP. The default is sending the messages via port 514/UDP. - -.. cfgcmd:: set system syslog host <address> facility <keyword> level <keyword> +.. cfgcmd:: set system syslog remote <address> facility <keyword> level <keyword> Log syslog messages to remote host specified by `<address>`. The address can be specified by either FQDN or IP address. For an explanation on :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords see tables below. - -.. cfgcmd:: set system syslog host <address> facility <keyword> protocol - <udp|tcp> +.. cfgcmd:: set system syslog remote <address> protocol <udp|tcp> Configure protocol used for communication to remote syslog host. This can be either UDP or TCP. +.. cfgcmd:: set system syslog remote <address> port <port> -.. cfgcmd:: set system syslog vrf <name> + Configure the TCP or UDP port to connect to on the remote syslog host. + By default, the standard port 514 is used. - Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance. +.. cfgcmd:: set system syslog remote <address> format include-timezone + Send syslog messages in the :rfc:`5424` format, rather than the + default :rfc:`3164` (BSD syslog) format. -Local User Account ------------------- + .. note:: + The :rfc:`5424` format utilises an :rfc:`3339` / ISO 8601 formatted + timestamp, including the system timezone. -.. cfgcmd:: set system syslog user <username> facility <keyword> level <keyword> + Examples of the two syslog message formats: - If logging to a local user account is configured, all defined log messages - are display on the console if the local user is logged in, if the user is not - logged in, no messages are being displayed. For an explanation on - :ref:`syslog_facilities` keywords and :ref:`syslog_severity_level` keywords - see tables below. + :rfc:`3164` format: <34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8 + + :rfc:`5424` format: <34>1 2003-10-11T22:14:15.003-07:00 mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8 + +.. cfgcmd:: set system syslog remote <address> format octet-counted + + Allows for the transmission of multi-line messages, without them being split + across separate syslog messages. This only applies for the TCP protocol + (this setting is ignored for UDP protocol). Ensure the receiving system is + compatible before enabling this. + +.. cfgcmd:: set system syslog remote <address> vrf <name> + + Specify name of the :abbr:`VRF (Virtual Routing and Forwarding)` instance + used when forwarding logs to remote syslog server. + +.. cfgcmd:: set system syslog remote <address> source-address <address> + + Define IPv4 or IPv6 source address used when forwarding logs to remote + syslog server. .. _syslog_facilities: @@ -171,7 +183,7 @@ Facilities can be adjusted to meet the needs of the user: +----------+----------+----------------------------------------------------+ | 21 | local5 | local use 5 (local5) | +----------+----------+----------------------------------------------------+ -| 22 | local6 | use 6 (local6) | +| 22 | local6 | local use 6 (local6) | +----------+----------+----------------------------------------------------+ | 23 | local7 | local use 7 (local7) | +----------+----------+----------------------------------------------------+ @@ -253,16 +265,3 @@ displayed. .. hint:: Use ``show log | strip-private`` if you want to hide private data when sharing your logs. - -Delete Logs -=========== - -.. opcmd:: delete log file <text> - -Deletes the specified user-defined file <text> in the /var/log/user directory - -Note that deleting the log file does not stop the system from logging events. -If you use this command while the system is logging events, old log events -will be deleted, but events after the delete operation will be recorded in -the new file. To delete the file altogether, first delete logging to the -file using system syslog :ref:`custom-file` command, and then delete the file. |