diff --git a/op-mode-definitions/monitor-log.xml.in b/op-mode-definitions/monitor-log.xml.in
index df17371cc..f01c715cb 100644
--- a/op-mode-definitions/monitor-log.xml.in
+++ b/op-mode-definitions/monitor-log.xml.in
@@ -1,360 +1,366 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="monitor">
<properties>
<help>Monitor system information</help>
</properties>
<children>
<node name="log">
<properties>
<help>Monitor last lines of messages file</help>
</properties>
<command>SYSTEMD_LOG_COLOR=false journalctl --no-hostname --follow --boot</command>
<children>
<node name="color">
<properties>
<help>Output log in a colored fashion</help>
</properties>
<command>SYSTEMD_LOG_COLOR=false grc journalctl --no-hostname --follow --boot</command>
</node>
<node name="ids">
<properties>
<help>Monitor Intrusion Detection System log</help>
</properties>
<children>
<leafNode name="ddos-protection">
<properties>
<help>Monitor last lines of DDOS protection</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit fastnetmon.service</command>
</leafNode>
</children>
</node>
+ <leafNode name="certbot">
+ <properties>
+ <help>Monitor last lines of certbot log</help>
+ </properties>
+ <command>if sudo test -f /var/log/letsencrypt/letsencrypt.log; then sudo tail --follow=name /var/log/letsencrypt/letsencrypt.log; else echo "Cerbot log does not exist"; fi</command>
+ </leafNode>
<leafNode name="conntrack-sync">
<properties>
<help>Monitor last lines of conntrack-sync log</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit conntrackd.service</command>
</leafNode>
<leafNode name="console-server">
<properties>
<help>Monitor last lines of console server log</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit conserver-server.service</command>
</leafNode>
<node name="dhcp">
<properties>
<help>Monitor last lines of Dynamic Host Control Protocol log</help>
</properties>
<children>
<node name="server">
<properties>
<help>Monitor last lines of DHCP server log</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server.service</command>
</node>
<node name="client">
<properties>
<help>Monitor last lines of DHCP client log</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit "dhclient@*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show DHCP client log on specific interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces --broadcast</script>
</completionHelp>
</properties>
<command>journalctl --no-hostname --follow --boot --unit "dhclient@$6.service"</command>
</tagNode>
</children>
</node>
</children>
</node>
<node name="dhcpv6">
<properties>
<help>Monitor last lines of Dynamic Host Control Protocol IPv6 log</help>
</properties>
<children>
<node name="server">
<properties>
<help>Monitor last lines of DHCPv6 server log</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit isc-dhcp-server6.service</command>
</node>
<node name="client">
<properties>
<help>Monitor last lines of DHCPv6 client log</help>
</properties>
<command>journalctl --no-hostname --follow --boot --unit "dhcp6c@*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show DHCPv6 client log on specific interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<command>journalctl --no-hostname --follow --boot --unit "dhcp6c@$6.service"</command>
</tagNode>
</children>
</node>
</children>
</node>
<leafNode name="flow-accounting">
<properties>
<help>Monitor last lines of flow-accounting log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit uacctd.service</command>
</leafNode>
<leafNode name="ipoe-server">
<properties>
<help>Monitor last lines of IP over Ethernet server log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit accel-ppp@ipoe.service</command>
</leafNode>
<leafNode name="kernel">
<properties>
<help>Monitor last lines of Linux Kernel log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --dmesg</command>
</leafNode>
<leafNode name="ndp-proxy">
<properties>
<help>Monitor last lines of Neighbor Discovery Protocol (NDP) Proxy</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit ndppd.service</command>
</leafNode>
<leafNode name="nhrp">
<properties>
<help>Monitor last lines of Next Hop Resolution Protocol log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit opennhrp.service</command>
</leafNode>
<leafNode name="ntp">
<properties>
<help>Monitor last lines of Network Time Protocol log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit chrony.service</command>
</leafNode>
<node name="openvpn">
<properties>
<help>Monitor last lines of OpenVPN log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit openvpn@*.service</command>
<children>
<tagNode name="interface">
<properties>
<help>Monitor last lines of specific OpenVPN interface log</help>
<completionHelp>
<path>interfaces openvpn</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --unit openvpn@$5.service</command>
</tagNode>
</children>
</node>
<node name="pppoe">
<properties>
<help>Monitor last lines of PPPoE interface log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit "ppp@pppoe*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Monitor last lines of PPPoE log for specific interface</help>
<completionHelp>
<path>interfaces pppoe</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --follow --unit "ppp@$5.service"</command>
</tagNode>
</children>
</node>
<leafNode name="pppoe-server">
<properties>
<help>Monitor last lines of PPPoE server log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit accel-ppp@pppoe.service</command>
</leafNode>
<node name="protocol">
<properties>
<help>Monitor routing protocol logs</help>
</properties>
<children>
<leafNode name="ospf">
<properties>
<help>Monitor log for OSPF</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/ospfd</command>
</leafNode>
<leafNode name="ospfv3">
<properties>
<help>Monitor log for OSPF for IPv6</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/ospf6d</command>
</leafNode>
<leafNode name="bgp">
<properties>
<help>Monitor log for BGP</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/bgpd</command>
</leafNode>
<leafNode name="rip">
<properties>
<help>Monitor log for RIP</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/ripd</command>
</leafNode>
<leafNode name="ripng">
<properties>
<help>Monitor log for RIPng</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/ripngd</command>
</leafNode>
<leafNode name="static">
<properties>
<help>Monitor log for static route</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/staticd</command>
</leafNode>
<leafNode name="multicast">
<properties>
<help>Monitor log for Multicast protocol</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/pimd</command>
</leafNode>
<leafNode name="isis">
<properties>
<help>Monitor log for ISIS</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/isisd</command>
</leafNode>
<leafNode name="nhrp">
<properties>
<help>Monitor log for NHRP</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/nhrpd</command>
</leafNode>
<leafNode name="bfd">
<properties>
<help>Monitor log for BFD</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/bfdd</command>
</leafNode>
<leafNode name="mpls">
<properties>
<help>Monitor log for MPLS</help>
</properties>
<command>journalctl --follow --no-hostname --boot /usr/lib/frr/ldpd</command>
</leafNode>
</children>
</node>
<node name="macsec">
<properties>
<help>Monitor last lines of MACsec</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit "wpa_supplicant-macsec@*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Monitor last lines of specific MACsec interface</help>
<completionHelp>
<path>interfaces macsec</path>
</completionHelp>
</properties>
<command>SRC=$(cli-shell-api returnValue interfaces macsec "$5" source-interface); journalctl --no-hostname --boot --follow --unit "wpa_supplicant-macsec@$SRC.service"</command>
</tagNode>
</children>
</node>
<leafNode name="router-advert">
<properties>
<help>Monitor last lines of Router Advertisement Daemon log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit radvd.service</command>
</leafNode>
<leafNode name="snmp">
<properties>
<help>Monitor last lines of Simple Network Monitoring Protocol log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit snmpd.service</command>
</leafNode>
<node name="ssh">
<properties>
<help>Monitor last lines of Secure Shell log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit ssh.service</command>
<children>
<node name="dynamic-protection">
<properties>
<help>Monitor last lines of SSH guard log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit sshguard.service</command>
</node>
</children>
</node>
<leafNode name="vpn">
<properties>
<help>Monitor last lines of ALL Virtual Private Network services</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command>
</leafNode>
<leafNode name="ipsec">
<properties>
<help>Monitor last lines of IPsec log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit strongswan.service</command>
</leafNode>
<leafNode name="l2tp">
<properties>
<help>Monitor last lines of L2TP log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit accel-ppp@l2tp.service</command>
</leafNode>
<leafNode name="openconnect">
<properties>
<help>Monitor last lines of OpenConnect log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit ocserv.service</command>
</leafNode>
<leafNode name="pptp">
<properties>
<help>Monitor last lines of PPTP log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit accel-ppp@pptp.service</command>
</leafNode>
<leafNode name="sstp">
<properties>
<help>Monitor last lines of Secure Socket Tunneling Protocol server</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit accel-ppp@sstp.service</command>
</leafNode>
<node name="sstpc">
<properties>
<help>Monitor last lines of Secure Socket Tunneling Protocol client</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit "ppp@sstpc*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Monitor last lines of SSTP client log for specific interface</help>
<completionHelp>
<path>interfaces sstpc</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --follow --unit "ppp@$5.service"</command>
</tagNode>
</children>
</node>
<leafNode name="vrrp">
<properties>
<help>Monitor last lines of Virtual Router Redundancy Protocol log</help>
</properties>
<command>journalctl --no-hostname --boot --follow --unit keepalived.service</command>
</leafNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in
index ca0eb3687..4b8d9c47a 100644
--- a/op-mode-definitions/pki.xml.in
+++ b/op-mode-definitions/pki.xml.in
@@ -1,577 +1,587 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="generate">
<children>
<node name="pki">
<properties>
<help>Generate PKI certificates and keys</help>
</properties>
<children>
<node name="ca">
<properties>
<help>Generate CA certificate</help>
</properties>
<children>
<tagNode name="sign">
<properties>
<help>Sign generated CA certificate with another specified CA certificate</help>
<completionHelp>
<path>pki ca</path>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated CA certificate into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated CA certificate into running configuration</help>
<completionHelp>
<list><certificate name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" --sign "$5"</command>
</tagNode>
<tagNode name="file">
<properties>
<help>Write generated CA certificate into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated CA certificate into running configuration</help>
<completionHelp>
<list><CA name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ca "noname"</command>
</node>
<node name="certificate">
<properties>
<help>Generate certificate request</help>
</properties>
<children>
<node name="self-signed">
<properties>
<help>Generate self-signed certificate</help>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated self-signed certificate into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated self-signed certificate into running configuration</help>
<completionHelp>
<list><certificate name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign</command>
</node>
<tagNode name="sign">
<properties>
<help>Sign generated certificate with specified CA certificate</help>
<completionHelp>
<path>pki ca</path>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated signed certificate into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated signed certificate into running configuration</help>
<completionHelp>
<list><certificate name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5"</command>
</tagNode>
<tagNode name="file">
<properties>
<help>Write generated certificate request and key into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated certificate private key into running configuration</help>
<completionHelp>
<list><certificate name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname"</command>
</node>
<tagNode name="crl">
<properties>
<help>Generate CRL for specified CA certificate</help>
<completionHelp>
<path>pki ca</path>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated CRL into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --file</command>
</tagNode>
<leafNode name="install">
<properties>
<help>Commands for installing generated CRL into running configuration</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install</command>
</leafNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4"</command>
</tagNode>
<node name="dh">
<properties>
<help>Generate DH parameters</help>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated DH parameters into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated DH parameters into running configuration</help>
<completionHelp>
<list><DH name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --dh "noname"</command>
</node>
<node name="key-pair">
<properties>
<help>Generate a key pair</help>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated key pair into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated key pair into running configuration</help>
<completionHelp>
<list><key name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname"</command>
</node>
<node name="openvpn">
<properties>
<help>Generate OpenVPN keys</help>
</properties>
<children>
<node name="shared-secret">
<properties>
<help>Generate OpenVPN shared secret key</help>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated OpenVPN shared secret key into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated OpenVPN shared secret key into running configuration</help>
<completionHelp>
<list><key name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname"</command>
</node>
</children>
</node>
<node name="ssh-key">
<properties>
<help>Generate SSH key</help>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Write generated SSH keys into the specified filename</help>
<completionHelp>
<list><filename></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --file</command>
</tagNode>
<tagNode name="install">
<properties>
<help>Commands for installing generated SSH key into running configuration</help>
<completionHelp>
<list><key name></list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install</command>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname"</command>
</node>
<node name="wireguard">
<properties>
<help>Generate WireGuard keys</help>
</properties>
<children>
<node name="key-pair">
<properties>
<help>Generate WireGuard public/private key-pair</help>
</properties>
<children>
<node name="install">
<properties>
<help>Generate CLI commands to install WireGuard key to configuration</help>
</properties>
<children>
<tagNode name="interface">
<properties>
<help>WireGuard Interface used in install command</help>
<completionHelp>
<path>interfaces wireguard</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key --interface "$7" --install</command>
</tagNode>
</children>
</node>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key</command>
</node>
<node name="preshared-key">
<properties>
<help>Generate WireGuard pre-shared key</help>
</properties>
<children>
<node name="install">
<properties>
<help>Generate CLI commands to install WireGuard key to configuration</help>
</properties>
<children>
<tagNode name="interface">
<properties>
<help>WireGuard Interface used in install command</help>
<completionHelp>
<path>interfaces wireguard</path>
</completionHelp>
</properties>
<children>
<tagNode name="peer">
<properties>
<help>Interface used for install command</help>
<completionHelp>
<path>interfaces wireguard ${COMP_WORDS[COMP_CWORD-2]} peer</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk --interface "$7" --peer "$9" --install</command>
</tagNode>
</children>
</tagNode>
</children>
</node>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk</command>
</node>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="import">
<properties>
<help>Import an object</help>
</properties>
<children>
<node name="pki">
<properties>
<help>Import file into PKI configuration</help>
</properties>
<children>
<tagNode name="ca">
<properties>
<help>Import CA certificate into PKI</help>
<completionHelp>
<list><name></list>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Path to CA certificate file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --filename "$6"</command>
</tagNode>
<tagNode name="key-file">
<properties>
<help>Path to private key file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --key-filename "$6"</command>
</tagNode>
</children>
</tagNode>
<tagNode name="certificate">
<properties>
<help>Import certificate into PKI</help>
<completionHelp>
<list><name></list>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Path to certificate file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --filename "$6"</command>
</tagNode>
<tagNode name="key-file">
<properties>
<help>Path to private key file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --key-filename "$6"</command>
</tagNode>
</children>
</tagNode>
<tagNode name="crl">
<properties>
<help>Import certificate revocation list into PKI</help>
<completionHelp>
<list><CA name></list>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Path to CRL file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --crl "$4" --filename "$6"</command>
</tagNode>
</children>
</tagNode>
<tagNode name="dh">
<properties>
<help>Import DH parameters into PKI</help>
<completionHelp>
<list><name></list>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Path to DH parameters file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --dh "$4" --filename "$6"</command>
</tagNode>
</children>
</tagNode>
<tagNode name="key-pair">
<properties>
<help>Import key pair into PKI</help>
<completionHelp>
<list><name></list>
</completionHelp>
</properties>
<children>
<tagNode name="public-file">
<properties>
<help>Path to public key file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --filename "$6"</command>
</tagNode>
<tagNode name="private-file">
<properties>
<help>Path to private key file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --key-filename "$6"</command>
</tagNode>
</children>
</tagNode>
<node name="openvpn">
<properties>
<help>Import OpenVPN keys into PKI</help>
</properties>
<children>
<tagNode name="shared-secret">
<properties>
<help>Import OpenVPN shared secret key into PKI</help>
<completionHelp>
<list><name></list>
</completionHelp>
</properties>
<children>
<tagNode name="file">
<properties>
<help>Path to shared secret key file</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action import --openvpn "$5" --filename "$7"</command>
</tagNode>
</children>
</tagNode>
</children>
</node>
</children>
</node>
</children>
</node>
<node name="show">
<children>
<node name="pki">
<properties>
<help>Show PKI x509 certificates</help>
</properties>
<children>
<leafNode name="ca">
<properties>
<help>Show x509 CA certificates</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command>
</leafNode>
<tagNode name="ca">
<properties>
<help>Show x509 CA certificate by name</help>
<completionHelp>
<path>pki ca</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4"</command>
<children>
<leafNode name="pem">
<properties>
<help>Show x509 CA certificate in PEM format</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem</command>
</leafNode>
</children>
</tagNode>
<leafNode name="certificate">
<properties>
<help>Show x509 certificates</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command>
</leafNode>
<tagNode name="certificate">
<properties>
<help>Show x509 certificate by name</help>
<completionHelp>
<path>pki certificate</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"</command>
<children>
<leafNode name="pem">
<properties>
<help>Show x509 certificate in PEM format</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --pem</command>
</leafNode>
<tagNode name="fingerprint">
<properties>
<help>Show x509 certificate fingerprint</help>
<completionHelp>
<list>sha256 sha384 sha512</list>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"</command>
</tagNode>
</children>
</tagNode>
<leafNode name="crl">
<properties>
<help>Show x509 certificate revocation lists</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "all"</command>
</leafNode>
<tagNode name="crl">
<properties>
<help>Show x509 certificate revocation lists by CA name</help>
<completionHelp>
<path>pki ca</path>
</completionHelp>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$4"</command>
<children>
<leafNode name="pem">
<properties>
<help>Show x509 certificate revocation lists by CA name in PEM format</help>
</properties>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show --crl "$4" --pem</command>
</leafNode>
</children>
</tagNode>
</children>
<command>sudo ${vyos_op_scripts_dir}/pki.py --action show</command>
</node>
</children>
</node>
+ <node name="renew">
+ <children>
+ <leafNode name="certbot">
+ <properties>
+ <help>Start manual certbot renewal</help>
+ </properties>
+ <command>sudo systemctl start certbot.service</command>
+ </leafNode>
+ </children>
+ </node>
</interfaceDefinition>
diff --git a/op-mode-definitions/show-log.xml.in b/op-mode-definitions/show-log.xml.in
index 6cd53882d..432a21b59 100644
--- a/op-mode-definitions/show-log.xml.in
+++ b/op-mode-definitions/show-log.xml.in
@@ -1,505 +1,511 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="show">
<properties>
<help>Show system information</help>
</properties>
<children>
<tagNode name="log">
<properties>
<help>Show last number of messages in master logging buffer</help>
<completionHelp>
<list><1-9999></list>
</completionHelp>
</properties>
<command>if ${vyos_validators_dir}/numeric --range 1-9999 "$3"; then journalctl --no-hostname --boot --lines "$3"; fi</command>
</tagNode>
<node name="log">
<properties>
<help>Show contents of current master logging buffer</help>
</properties>
<command>journalctl --no-hostname --boot</command>
<children>
<leafNode name="audit">
<properties>
<help>Show audit logs</help>
</properties>
<command>cat /var/log/audit/audit.log</command>
</leafNode>
<leafNode name="all">
<properties>
<help>Show contents of all master log files</help>
</properties>
<command>sudo bash -c 'eval $(lesspipe); less $_vyatta_less_options --prompt=".logm, file %i of %m., page %dt of %D" -- `printf "%s\n" /var/log/messages* | sort -nr`'</command>
</leafNode>
<leafNode name="authorization">
<properties>
<help>Show listing of authorization attempts</help>
</properties>
<command>journalctl --no-hostname --boot --quiet SYSLOG_FACILITY=10 SYSLOG_FACILITY=4</command>
</leafNode>
+ <leafNode name="certbot">
+ <properties>
+ <help>Show log for certbot</help>
+ </properties>
+ <command>if sudo test -f /var/log/letsencrypt/letsencrypt.log; then sudo cat /var/log/letsencrypt/letsencrypt.log; else echo "Cerbot log does not exist"; fi</command>
+ </leafNode>
<leafNode name="cluster">
<properties>
<help>Show log for Cluster</help>
</properties>
<command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e heartbeat -e cl_status -e mach_down -e ha_log</command>
</leafNode>
<leafNode name="conntrack-sync">
<properties>
<help>Show log for Conntrack-sync</help>
</properties>
<command>journalctl --no-hostname --boot --unit conntrackd.service</command>
</leafNode>
<leafNode name="console-server">
<properties>
<help>Show log for console server</help>
</properties>
<command>journalctl --no-hostname --boot --unit conserver-server.service</command>
</leafNode>
<node name="ids">
<properties>
<help>Show log for for Intrusion Detection System</help>
</properties>
<children>
<leafNode name="ddos-protection">
<properties>
<help>Show log for DDOS protection</help>
</properties>
<command>journalctl --no-hostname --boot --unit fastnetmon.service</command>
</leafNode>
</children>
</node>
<node name="dhcp">
<properties>
<help>Show log for Dynamic Host Control Protocol (DHCP)</help>
</properties>
<children>
<node name="server">
<properties>
<help>Show log for DHCP server</help>
</properties>
<command>journalctl --no-hostname --boot --unit isc-dhcp-server.service</command>
</node>
<node name="client">
<properties>
<help>Show DHCP client logs</help>
</properties>
<command>journalctl --no-hostname --boot --unit "dhclient@*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show DHCP client log on specific interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces --broadcast</script>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --unit "dhclient@$6.service"</command>
</tagNode>
</children>
</node>
</children>
</node>
<node name="dhcpv6">
<properties>
<help>Show log for Dynamic Host Control Protocol IPv6 (DHCPv6)</help>
</properties>
<children>
<node name="server">
<properties>
<help>Show log for DHCPv6 server</help>
</properties>
<command>journalctl --no-hostname --boot --unit isc-dhcp-server6.service</command>
</node>
<node name="client">
<properties>
<help>Show DHCPv6 client logs</help>
</properties>
<command>journalctl --no-hostname --boot --unit "dhcp6c@*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show DHCPv6 client log on specific interface</help>
<completionHelp>
<script>${vyos_completion_dir}/list_interfaces</script>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --unit "dhcp6c@$6.service"</command>
</tagNode>
</children>
</node>
</children>
</node>
<node name="firewall">
<properties>
<help>Show log for Firewall</help>
</properties>
<children>
<tagNode name="ipv6-name">
<properties>
<help>Show log for a specified firewall (IPv6)</help>
<completionHelp>
<path>firewall ipv6-name</path>
</completionHelp>
</properties>
<command>cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]"</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall ipv6-name ${COMP_WORDS[4]} rule</path>
</completionHelp>
</properties>
<command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | grep -e "\[$5-$7-[ADR]\]"</command>
</tagNode>
</children>
</tagNode>
<tagNode name="name">
<properties>
<help>Show log for a specified firewall (IPv4)</help>
<completionHelp>
<path>firewall name</path>
</completionHelp>
</properties>
<command>cat $(printf "%s\n" /var/log/messages* | sort -nr ) | egrep "\[$5-([0-9]+|default)-[ADR]\]"</command>
<children>
<tagNode name="rule">
<properties>
<help>Show log for a rule in the specified firewall</help>
<completionHelp>
<path>firewall name ${COMP_WORDS[4]} rule</path>
</completionHelp>
</properties>
<command>cat $(printf "%s\n" /var/log/messages* | sort -nr) | egrep "\[$5-$7-[ADR]\]"</command>
</tagNode>
</children>
</tagNode>
</children>
</node>
<leafNode name="flow-accounting">
<properties>
<help>Show log for flow-accounting</help>
</properties>
<command>journalctl --no-hostname --boot --unit uacctd.service</command>
</leafNode>
<leafNode name="https">
<properties>
<help>Show log for HTTPs</help>
</properties>
<command>journalctl --no-hostname --boot --unit nginx.service</command>
</leafNode>
<tagNode name="image">
<properties>
<help>Show contents of master log file for image</help>
<completionHelp>
<script>compgen -f /lib/live/mount/persistence/boot/ | grep -v grub | sed -e s@/lib/live/mount/persistence/boot/@@</script>
</completionHelp>
</properties>
<command>less $_vyatta_less_options --prompt=".log, page %dt of %D" -- /lib/live/mount/persistence/boot/$4/rw/var/log/messages</command>
<children>
<leafNode name="all">
<properties>
<help>Show contents of all master log files for image</help>
</properties>
<command>eval $(lesspipe); less $_vyatta_less_options --prompt=".log?m, file %i of %m., page %dt of %D" -- `printf "%s\n" /lib/live/mount/persistence/boot/$4/rw/var/log/messages* | sort -nr`</command>
</leafNode>
<leafNode name="authorization">
<properties>
<help>Show listing of authorization attempts for image</help>
</properties>
<command>less $_vyatta_less_options --prompt=".log, page %dt of %D" -- /lib/live/mount/persistence/boot/$4/rw/var/log/auth.log</command>
</leafNode>
<tagNode name="tail">
<properties>
<help>Show last changes to messages</help>
<completionHelp>
<list><NUMBER></list>
</completionHelp>
</properties>
<command>tail -n "$6" /lib/live/mount/persistence/boot/$4/rw/var/log/messages | ${VYATTA_PAGER:-cat}</command>
</tagNode>
</children>
</tagNode>
<leafNode name="ipoe-server">
<properties>
<help>Show log for IPoE server</help>
</properties>
<command>journalctl --no-hostname --boot --unit accel-ppp@ipoe.service</command>
</leafNode>
<leafNode name="kernel">
<properties>
<help>Show log for Linux Kernel</help>
</properties>
<command>journalctl --no-hostname --boot --dmesg</command>
</leafNode>
<leafNode name="lldp">
<properties>
<help>Show log for Link Layer Discovery Protocol (LLDP)</help>
</properties>
<command>journalctl --no-hostname --boot --unit lldpd.service</command>
</leafNode>
<leafNode name="nat">
<properties>
<help>Show log for Network Address Translation (NAT)</help>
</properties>
<command>egrep -i "kernel:.*\[NAT-[A-Z]{3,}-[0-9]+(-MASQ)?\]" $(find /var/log -maxdepth 1 -type f -name messages\* | sort -t. -k2nr)</command>
</leafNode>
<leafNode name="ndp-proxy">
<properties>
<help>Show log for Neighbor Discovery Protocol (NDP) Proxy</help>
</properties>
<command>journalctl --no-hostname --boot --unit ndppd.service</command>
</leafNode>
<leafNode name="nhrp">
<properties>
<help>Show log for Next Hop Resolution Protocol (NHRP)</help>
</properties>
<command>journalctl --no-hostname --boot --unit opennhrp.service</command>
</leafNode>
<leafNode name="ntp">
<properties>
<help>Show log for Network Time Protocol (NTP)</help>
</properties>
<command>journalctl --no-hostname --boot --unit chrony.service</command>
</leafNode>
<node name="macsec">
<properties>
<help>Show log for MACsec</help>
</properties>
<command>journalctl --no-hostname --boot --unit "wpa_supplicant-macsec@*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show MACsec log on specific interface</help>
<completionHelp>
<path>interfaces macsec</path>
</completionHelp>
</properties>
<command>SRC=$(cli-shell-api returnValue interfaces macsec "$5" source-interface); journalctl --no-hostname --boot --unit "wpa_supplicant-macsec@$SRC.service"</command>
</tagNode>
</children>
</node>
<node name="openvpn">
<properties>
<help>Show log for OpenVPN</help>
</properties>
<command>journalctl --no-hostname --boot --unit openvpn@*.service</command>
<children>
<tagNode name="interface">
<properties>
<help>Show OpenVPN log on specific interface</help>
<completionHelp>
<path>interfaces openvpn</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --unit openvpn@$5.service</command>
</tagNode>
</children>
</node>
<node name="pppoe">
<properties>
<help>Show log for PPPoE interface</help>
</properties>
<command>journalctl --no-hostname --boot --unit "ppp@pppoe*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show PPPoE log on specific interface</help>
<completionHelp>
<path>interfaces pppoe</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --unit "ppp@$5.service"</command>
</tagNode>
</children>
</node>
<leafNode name="pppoe-server">
<properties>
<help>Show log for PPPoE server</help>
</properties>
<command>journalctl --no-hostname --boot --unit accel-ppp@pppoe.service</command>
</leafNode>
<node name="protocol">
<properties>
<help>Show log for Routing Protocol</help>
</properties>
<children>
<leafNode name="ospf">
<properties>
<help>Show log for OSPF</help>
</properties>
<command>journalctl --boot /usr/lib/frr/ospfd</command>
</leafNode>
<leafNode name="ospfv3">
<properties>
<help>Show log for OSPF for IPv6</help>
</properties>
<command>journalctl --boot /usr/lib/frr/ospf6d</command>
</leafNode>
<leafNode name="bgp">
<properties>
<help>Show log for BGP</help>
</properties>
<command>journalctl --boot /usr/lib/frr/bgpd</command>
</leafNode>
<leafNode name="rip">
<properties>
<help>Show log for RIP</help>
</properties>
<command>journalctl --boot /usr/lib/frr/ripd</command>
</leafNode>
<leafNode name="ripng">
<properties>
<help>Show log for RIPng</help>
</properties>
<command>journalctl --boot /usr/lib/frr/ripngd</command>
</leafNode>
<leafNode name="static">
<properties>
<help>Show log for static route</help>
</properties>
<command>journalctl --boot /usr/lib/frr/staticd</command>
</leafNode>
<leafNode name="multicast">
<properties>
<help>Show log for Multicast protocol</help>
</properties>
<command>journalctl --boot /usr/lib/frr/pimd</command>
</leafNode>
<leafNode name="isis">
<properties>
<help>Show log for ISIS</help>
</properties>
<command>journalctl --boot /usr/lib/frr/isisd</command>
</leafNode>
<leafNode name="nhrp">
<properties>
<help>Show log for NHRP</help>
</properties>
<command>journalctl --boot /usr/lib/frr/nhrpd</command>
</leafNode>
<leafNode name="bfd">
<properties>
<help>Show log for BFD</help>
</properties>
<command>journalctl --boot /usr/lib/frr/bfdd</command>
</leafNode>
<leafNode name="mpls">
<properties>
<help>Show log for MPLS</help>
</properties>
<command>journalctl --boot /usr/lib/frr/ldpd</command>
</leafNode>
</children>
</node>
<leafNode name="router-advert">
<properties>
<help>Show log for Router Advertisement Daemon (radvd)</help>
</properties>
<command>journalctl --no-hostname --boot --unit radvd.service</command>
</leafNode>
<leafNode name="snmp">
<properties>
<help>Show log for Simple Network Monitoring Protocol (SNMP)</help>
</properties>
<command>journalctl --no-hostname --boot --unit snmpd.service</command>
</leafNode>
<node name="ssh">
<properties>
<help>Show log for Secure Shell (SSH)</help>
</properties>
<command>journalctl --no-hostname --boot --unit ssh.service</command>
<children>
<node name="dynamic-protection">
<properties>
<help>Show SSH guard log</help>
</properties>
<command>journalctl --no-hostname --boot --unit sshguard.service</command>
</node>
</children>
</node>
<tagNode name="tail">
<properties>
<help>Show last n changes to messages</help>
<completionHelp>
<list><NUMBER></list>
</completionHelp>
</properties>
<command>tail -n "$4" /var/log/messages | ${VYATTA_PAGER:-cat}</command>
</tagNode>
<node name="tail">
<properties>
<help>Show last 10 lines of /var/log/messages file</help>
</properties>
<command>tail -n 10 /var/log/messages</command>
</node>
<leafNode name="vpn">
<properties>
<help>Monitor last lines of ALL Virtual Private Network services</help>
</properties>
<command>journalctl --no-hostname --boot --unit strongswan.service --unit accel-ppp@*.service --unit ocserv.service</command>
</leafNode>
<leafNode name="ipsec">
<properties>
<help>Show log for IPsec</help>
</properties>
<command>journalctl --no-hostname --boot --unit strongswan.service</command>
</leafNode>
<leafNode name="l2tp">
<properties>
<help>Show log for L2TP</help>
</properties>
<command>journalctl --no-hostname --boot --unit accel-ppp@l2tp.service</command>
</leafNode>
<leafNode name="openconnect">
<properties>
<help>Show log for OpenConnect</help>
</properties>
<command>journalctl --no-hostname --boot --unit ocserv.service</command>
</leafNode>
<leafNode name="pptp">
<properties>
<help>Show log for PPTP</help>
</properties>
<command>journalctl --no-hostname --boot --unit accel-ppp@pptp.service</command>
</leafNode>
<leafNode name="sstp">
<properties>
<help>Show log for Secure Socket Tunneling Protocol (SSTP) server</help>
</properties>
<command>journalctl --no-hostname --boot --unit accel-ppp@sstp.service</command>
</leafNode>
<node name="sstpc">
<properties>
<help>Show log for Secure Socket Tunneling Protocol (SSTP) client</help>
</properties>
<command>journalctl --no-hostname --boot --unit "ppp@sstpc*.service"</command>
<children>
<tagNode name="interface">
<properties>
<help>Show SSTP client log on specific interface</help>
<completionHelp>
<path>interfaces sstpc</path>
</completionHelp>
</properties>
<command>journalctl --no-hostname --boot --unit "ppp@$5.service"</command>
</tagNode>
</children>
</node>
<leafNode name="vrrp">
<properties>
<help>Show log for Virtual Router Redundancy Protocol (VRRP)</help>
</properties>
<command>journalctl --no-hostname --boot --unit keepalived.service</command>
</leafNode>
<leafNode name="webproxy">
<properties>
<help>Show log for Webproxy</help>
</properties>
<command>journalctl --no-hostname --boot --unit squid.service</command>
</leafNode>
</children>
</node>
</children>
</node>
</interfaceDefinition>