diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 97e0ee0b7..effc2ea14 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -1,78 +1,76 @@
### Autogenerated by system_syslog.py ###
{% if global.marker is vyos_defined %}
$ModLoad immark
{% if global.marker.interval is vyos_defined %}
$MarkMessagePeriod {{ global.marker.interval }}
{% endif %}
{% endif %}
{% if global.preserve_fqdn is vyos_defined %}
$PreserveFQDN on
{% endif %}
# We always log to /var/log/messages
$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }}
{% if global.facility is vyos_defined %}
{% set tmp = [] %}
{% for facility, facility_options in global.facility.items() %}
{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
{% endfor %}
{{ tmp | join(';') }} :omfile:$global
{% endif %}
{% if file is vyos_defined %}
# File based configuration section
{% for file_name, file_options in file.items() %}
{% set tmp = [] %}
$outchannel {{ file_name }},/var/log/user/{{ file_name }},{{ file_options.archive.size }},/usr/sbin/logrotate {{ logrotate }}
{% if file_options.facility is vyos_defined %}
{% for facility, facility_options in file_options.facility.items() %}
{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
{% endfor %}
{% endif %}
{{ tmp | join(';') }} :omfile:${{ file }}
{% endfor %}
{% endif %}
{% if console.facility is vyos_defined %}
# Console logging
{% set tmp = [] %}
{% for facility, facility_options in console.facility.items() %}
{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
{% endfor %}
{{ tmp | join(';') }} /dev/console
{% endif %}
{% if host is vyos_defined %}
# Remote logging
{% for host_name, host_options in host.items() %}
{% set tmp = [] %}
{% if host_options.facility is vyos_defined %}
{% for facility, facility_options in host_options.facility.items() %}
{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
{% endfor %}
{% endif %}
{% if host_options.protocol is vyos_defined('tcp') %}
{% if host_options.format.octet_counted is vyos_defined %}
-{{ tmp | join(';') }} @@(o){{ host_name | bracketize_ipv6 }}:{{ host_options.port }};RSYSLOG_SyslogProtocol23Format
-{% else %}
-{{ tmp | join(';') }} @@{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}
+{{ tmp | join(';') }} @@{{ '(o)' if host_options.format.octet_counted is vyos_defined }}{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.include_timezone is vyos_defined }}
{% endif %}
{% else %}
-{{ tmp | join(';') }} @{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.octet_counted is vyos_defined }}
+{{ tmp | join(';') }} @{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.include_timezone is vyos_defined }}
{% endif %}
{% endfor %}
{% endif %}
{% if user is defined and user is not none %}
# Log to user terminal
{% for username, user_options in user.items() %}
{% set tmp = [] %}
{% if user_options.facility is vyos_defined %}
{% for facility, facility_options in user_options.facility.items() %}
{% set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
{% endfor %}
{% endif %}
{{ tmp | join(';') }} :omusrmsg:{{ username }}
{% endfor %}
{% endif %}
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 3343e2c59..0a9a00572 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -1,155 +1,161 @@
<?xml version="1.0"?>
<interfaceDefinition>
<node name="system">
<children>
<node name="syslog" owner="${vyos_conf_scripts_dir}/system_syslog.py">
<properties>
<help>System logging</help>
<priority>400</priority>
</properties>
<children>
<tagNode name="user">
<properties>
<help>Logging to specific terminal of given user</help>
<completionHelp>
<path>system login user</path>
</completionHelp>
<valueHelp>
<format>txt</format>
<description>Local user account</description>
</valueHelp>
<constraint>
#include <include/constraint/login-username.xml.i>
</constraint>
<constraintErrorMessage>illegal characters in user</constraintErrorMessage>
</properties>
<children>
#include <include/syslog-facility.xml.i>
</children>
</tagNode>
<tagNode name="host">
<properties>
<help>Logging to remote host</help>
<constraint>
<validator name="ip-address"/>
<validator name="fqdn"/>
</constraint>
<constraintErrorMessage>Invalid host (FQDN or IP address)</constraintErrorMessage>
<valueHelp>
<format>ipv4</format>
<description>Remote syslog server IPv4 address</description>
</valueHelp>
<valueHelp>
<format>ipv6</format>
<description>Remote syslog server IPv6 address</description>
</valueHelp>
<valueHelp>
<format>hostname</format>
<description>Remote syslog server FQDN</description>
</valueHelp>
</properties>
<children>
#include <include/port-number.xml.i>
<leafNode name="port">
<defaultValue>514</defaultValue>
</leafNode>
#include <include/protocol-tcp-udp.xml.i>
#include <include/syslog-facility.xml.i>
<node name="format">
<properties>
<help>Logging format</help>
</properties>
<children>
<leafNode name="octet-counted">
<properties>
<help>Allows for the transmission of all characters inside a syslog message</help>
<valueless/>
</properties>
</leafNode>
+ <leafNode name="include-timezone">
+ <properties>
+ <help>Include system timezone in syslog message</help>
+ <valueless/>
+ </properties>
+ </leafNode>
</children>
</node>
</children>
</tagNode>
<node name="global">
<properties>
<help>Logging to system standard location</help>
</properties>
<children>
#include <include/syslog-facility.xml.i>
<node name="marker">
<properties>
<help>mark messages sent to syslog</help>
</properties>
<children>
<leafNode name="interval">
<properties>
<help>time interval how often a mark message is being sent in seconds</help>
<constraint>
<validator name="numeric" argument="--positive"/>
</constraint>
</properties>
<defaultValue>1200</defaultValue>
</leafNode>
</children>
</node>
<leafNode name="preserve-fqdn">
<properties>
<help>uses FQDN for logging</help>
<valueless/>
</properties>
</leafNode>
</children>
</node>
<tagNode name="file">
<properties>
<help>Logging to a file</help>
<constraint>
<regex>[a-zA-Z0-9\-_.]{1,255}</regex>
</constraint>
<constraintErrorMessage>illegal characters in filename or filename longer than 255 characters</constraintErrorMessage>
</properties>
<children>
<node name="archive">
<properties>
<help>Log file size and rotation characteristics</help>
</properties>
<children>
<leafNode name="file">
<properties>
<help>Number of saved files</help>
<constraint>
<regex>[0-9]+</regex>
</constraint>
<constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
</properties>
<defaultValue>5</defaultValue>
</leafNode>
<leafNode name="size">
<properties>
<help>Size of log files in kbytes</help>
<constraint>
<regex>[0-9]+</regex>
</constraint>
<constraintErrorMessage>illegal characters in size</constraintErrorMessage>
</properties>
<defaultValue>256</defaultValue>
</leafNode>
</children>
</node>
#include <include/syslog-facility.xml.i>
</children>
</tagNode>
<node name="console">
<properties>
<help>logging to serial console</help>
</properties>
<children>
#include <include/syslog-facility.xml.i>
</children>
</node>
#include <include/interface/vrf.xml.i>
</children>
</node>
</children>
</node>
</interfaceDefinition>
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index 07fbb0734..2497c5bb6 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -1,103 +1,110 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2018-2023 VyOS maintainers and contributors
+# Copyright (C) 2018-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
from sys import exit
+from vyos.base import Warning
from vyos.config import Config
from vyos.configdict import is_node_changed
from vyos.configverify import verify_vrf
from vyos.utils.process import call
from vyos.template import render
from vyos import ConfigError
from vyos import airbag
airbag.enable()
rsyslog_conf = '/etc/rsyslog.d/00-vyos.conf'
logrotate_conf = '/etc/logrotate.d/vyos-rsyslog'
systemd_override = r'/run/systemd/system/rsyslog.service.d/override.conf'
def get_config(config=None):
if config:
conf = config
else:
conf = Config()
base = ['system', 'syslog']
if not conf.exists(base):
return None
syslog = conf.get_config_dict(base, key_mangling=('-', '_'),
get_first_key=True, no_tag_node_value_mangle=True)
syslog.update({ 'logrotate' : logrotate_conf })
tmp = is_node_changed(conf, base + ['vrf'])
if tmp: syslog.update({'restart_required': {}})
syslog = conf.merge_defaults(syslog, recursive=True)
if syslog.from_defaults(['global']):
del syslog['global']
return syslog
def verify(syslog):
if not syslog:
return None
+ if 'host' in syslog:
+ for host, host_options in syslog['host'].items():
+ if 'protocol' in host_options and host_options['protocol'] == 'udp':
+ if 'format' in host_options and 'octet_counted' in host_options['format']:
+ Warning(f'Syslog UDP transport for "{host}" should not use octet-counted format!')
+
verify_vrf(syslog)
def generate(syslog):
if not syslog:
if os.path.exists(rsyslog_conf):
os.unlink(rsyslog_conf)
if os.path.exists(logrotate_conf):
os.unlink(logrotate_conf)
return None
render(rsyslog_conf, 'rsyslog/rsyslog.conf.j2', syslog)
render(systemd_override, 'rsyslog/override.conf.j2', syslog)
render(logrotate_conf, 'rsyslog/logrotate.j2', syslog)
# Reload systemd manager configuration
call('systemctl daemon-reload')
return None
def apply(syslog):
systemd_socket = 'syslog.socket'
systemd_service = 'syslog.service'
if not syslog:
call(f'systemctl stop {systemd_service} {systemd_socket}')
return None
# we need to restart the service if e.g. the VRF name changed
systemd_action = 'reload-or-restart'
if 'restart_required' in syslog:
systemd_action = 'restart'
call(f'systemctl {systemd_action} {systemd_service}')
return None
if __name__ == '__main__':
try:
c = get_config()
verify(c)
generate(c)
apply(c)
except ConfigError as e:
print(e)
exit(1)