Page MenuHomeVyOS Platform
Create Task
Maniphest T2938

Adding remote Syslog RFC5424 compatibility
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Hi,

I was looking in to getting remote syslog logging working with Loki (from the guys from GrafanaLabs). However, their collector (promtail) only supports RFC5424 with octet counted messages.
After some digging, I have found that vyos defaults to RFC3164 format via rSyslog's "omfwd".

I have the correct syntax now for the config that is generated by 'syslog.py' which is working with Loki, and should be working for Telegraf (influx) too.

The following config creates:

syslog {
    host 10.10.10.10 {
        facility all {
            level all
            protocol tcp
        }
        port 1514
    }
}
[email protected]:/etc/rsyslog.d$ cat vyos-rsyslog.conf 
## generated by syslog.py ##

## remote logging
*.* @@10.10.10.10:1514

Howver, to get this working. The following config is required;

[email protected]:/etc/rsyslog.d$ cat vyos-rsyslog.conf 
## generated by syslog.py ##

## remote logging
*.* @@(o)10.10.10.10:1514;RSYSLOG_SyslogProtocol23Format

I myself am unfamiliar with the vbash, and the structure of vyos's scripts. But if i know where and how, i could even add some commands that adds this as an option.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

D0peX created this task.Sep 30 2020, 12:26 AM
D0peX updated the task description. (Show Details)Sep 30 2020, 9:10 AM
pasik added a subscriber: pasik.Sep 30 2020, 6:03 PM
Viacheslav added a subscriber: Viacheslav.Oct 5 2020, 10:08 AM

How to name this function?

set system syslog host 10.0.3.2 forward
set system syslog host 10.0.3.2 omfw
set system syslog host 10.0.3.2 mode-omfw
set system syslog host 10.0.3.2 mode-forward

Your suggestions?

D0peX added a comment.Oct 12 2020, 7:35 PM

I'd suggest:
set system syslog host 10.0.3.2 format 5424 - description stating this uses RFC5424 style format
set system syslog host 10.0.3.2 format ocetet-counted - description stating messages are octet counted

But i'm unkown with Vyos's naming conventions/tree styling guideline - if there is any.

Viacheslav added a comment.Oct 16 2020, 12:56 PM

PR https://github.com/vyos/vyos-1x/pull/573

Adding new option "format" for syslog

[email protected]# set system syslog host 100.64.0.5 format 
Possible completions:
   octet-counted
                Allows for the transmission of all characters inside a syslog message
set system syslog host 100.64.0.5 facility all level 'all'
set system syslog host 100.64.0.5 facility all protocol 'tcp'
set system syslog host 100.64.0.5 format octet-counted
set system syslog host 100.64.0.5 port '1514'
commit

Check config

[email protected]# sudo cat /etc/rsyslog.d/vyos-rsyslog.conf 
## generated by syslog.py ##
## file based logging
$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog
*.info;local7.debug :omfile:$global
## remote logging
*.* @@100.64.0.5:1514;RSYSLOG_SyslogProtocol23Format
[edit]
[email protected]#
Viacheslav claimed this task.Oct 16 2020, 1:14 PM
D0peX added a comment.Oct 16 2020, 2:06 PM

Thank you Viacheslav

RSYSLOG_SyslogProtocol23Format sets the format of syslog message conform RFC5424.
The (o) sets option octet counted for the syslog message.

Your commit sets octet-counted, but is actually changing syslog message type.
octet-counted should add:

## remote logging
*.* @@(o)10.10.10.10:1514

Notice the (o).

format 5424 should add:
RSYSLOG_SyslogProtocol23Format

Viacheslav added a comment.EditedOct 16 2020, 2:28 PM

@D0peX That's correct? I updated pr

[email protected]# sudo cat /etc/rsyslog.d/vyos-rsyslog.conf 
## generated by syslog.py ##
## file based logging
$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog
*.info;local7.debug :omfile:$global
## remote logging
*.* @@(o)100.64.0.5:1514;RSYSLOG_SyslogProtocol23Format
[edit]
[email protected]#
Viacheslav added a comment.Oct 19 2020, 11:19 AM

@D0peX Can you check the latest rolling?

Viacheslav closed this task as Resolved.Oct 27 2020, 5:57 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Nov 23 2020, 3:27 PM
erkin set Issue type to Feature (new functionality).Aug 29 2021, 12:49 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:27 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.