Our syslog server (Graylog, using the default UDP Syslog Input) requires specific timestamp format. I've needed to edit the /etc/rsyslog.d/vyos-rsyslog.conf to include this feature. I'm not sure if this manual change will persist through reboots or upgrades. I'd like this to be exposed in the CLI or config as an optional setting. I'm not sure what is the best way to implement this.
Typical syslog config:
set system syslog host x.x.x.x facility all level 'all' set system syslog host x.x.x.x facility all protocol 'udp' set system syslog host x.x.x.x port '514'
Manual Change:
Adding RSYSLOG_SyslogProtocol23Format to the last line. (Reference Link)
admin@vyos:~$ cat /etc/rsyslog.d/vyos-rsyslog.conf ## generated by syslog.py ## ## file based logging $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog *.notice;local7.debug :omfile:$global ## remote logging *.* @x.x.x.x:514;RSYSLOG_SyslogProtocol23Format
Then restarting the service:
sudo systemctl stop syslog.service sudo systemctl restart syslog.service
Currently Running:
Version: VyOS 1.3.0-rc6 Release Train: equuleus Built by: Sentrium S.L. Built on: Sun 22 Aug 2021 15:37 UTC Build UUID: 965518de-857d-4e61-ab09-381aadf24eb1 Build Commit ID: 75b37b28b2e9ab Architecture: x86_64 Boot via: installed image System type: bare metal