When configuring Syslog to forward logs to a LAN device and use the below command, the syslog process crashes and errors and mentions the 'all' specifier is not recognised.
Command
set system syslog host 192.168.11.87 facility all level all
System Process Status when using 'all'
daniel.bertram@csg20.tcw.man:~$ sudo systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
Drop-In: /run/systemd/system/rsyslog.service.d
└─override.conf
Active: active (running) since Wed 2025-01-22 10:44:19 GMT; 2min 48s agoTriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 1380142 (rsyslogd)
Tasks: 5 (limit: 2345)
Memory: 3.0M
CPU: 46ms
CGroup: /system.slice/rsyslog.service
└─1380142 /usr/sbin/rsyslogd -n -iNONEJan 22 10:44:19 csg20.tcw.man systemd[1]: Starting rsyslog.service - System Logging Service...
Jan 22 10:44:19 csg20.tcw.man rsyslogd[1380142]: unknown priority name "all" [v8.2302.0]
Jan 22 10:44:19 csg20.tcw.man rsyslogd[1380142]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2302.0]
Jan 22 10:44:19 csg20.tcw.man systemd[1]: Started rsyslog.service - System Logging Service.
Jan 22 10:44:19 csg20.tcw.man rsyslogd[1380142]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="1380142" x-info="https://www.rsyslog.com"] start
OS Logs when 'all' is configured
Jan 22 10:44:19 csg20.tcw.man rsyslogd[1380142]: unknown priority name "all" [v8.2302.0]
Jan 22 10:44:19 csg20.tcw.man rsyslogd[1380142]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2302.0]
Jan 22 10:44:19 csg20.tcw.man systemd[1]: Started rsyslog.service - System Logging Service.
Jan 22 10:44:19 csg20.tcw.man rsyslogd[1380142]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="1380142" x-info="https://www.rsyslog.com"] start
Jan 22 10:48:46 csg20.tcw.man rsyslogd[1380142]: child process (pid 1380236) exited with status 1 [v8.2302.0]
As soon as we change this to debug this then starts the process correctly and starts sending logs to the device
System Process Status when using debug
daniel.bertram@csg20.tcw.man:~$ sudo systemctl status rsyslog
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
Drop-In: /run/systemd/system/rsyslog.service.d
└─override.conf
Active: active (running) since Wed 2025-01-22 10:53:03 GMT; 5s agoTriggeredBy: ● syslog.socket
Docs: man:rsyslogd(8)
man:rsyslog.conf(5)
https://www.rsyslog.com/doc/
Main PID: 1380836 (rsyslogd)
Tasks: 5 (limit: 2345)
Memory: 924.0K
CPU: 3ms
CGroup: /system.slice/rsyslog.service
└─1380836 /usr/sbin/rsyslogd -n -iNONEJan 22 10:53:03 csg20.tcw.man systemd[1]: Starting rsyslog.service - System Logging Service...
Jan 22 10:53:03 csg20.tcw.man systemd[1]: Started rsyslog.service - System Logging Service.
Jan 22 10:53:03 csg20.tcw.man rsyslogd[1380836]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2302.0]
Jan 22 10:53:03 csg20.tcw.man rsyslogd[1380836]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="1380836" x-info="https://www.rsyslog.com"] start
The OS shows autocomplete for the 'all' option, however this appears to be where the issue lies as 'all' is not a common standard used in syslog and thus the syslog process crashes due to not receiving an expected log filter.
daniel.bertram@csg20.tcw.man# set system syslog host 192.168.11.87 facility all level
Possible completions:
emerg Emergency messages alert Urgent messages crit Critical messages err Error messages (default) warning Warning messages notice Messages for further investigation info Informational messages debug Debug messages all Log everything
[edit]
daniel.bertram@csg20.tcw.man# set system syslog host 192.168.11.87 facility all level
Can you look into this and confirm if this is a bug and if this has been fixed in any later versions?