diff --git a/packages/ns-plug/Makefile b/packages/ns-plug/Makefile index ba2e609d6..45cb2ae68 100644 --- a/packages/ns-plug/Makefile +++ b/packages/ns-plug/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ns-plug -PKG_VERSION:=1.0.1 +PKG_VERSION:=1.0.2 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/ns-plug-$(PKG_VERSION) @@ -43,6 +43,7 @@ if [ -z "$${IPKG_INSTROOT}" ]; then /usr/libexec/ns-plug/40_ns-plug_automatic_updates /etc/init.d/cron restart /usr/libexec/ns-plug/40_ns-plug_mwan_hooks + /etc/init.d/ns-plug restart fi exit 0 endef @@ -103,6 +104,7 @@ define Package/ns-plug/install $(INSTALL_BIN) ./files/send-mwan-alert $(1)/usr/libexec/mwan-hooks $(INSTALL_BIN) ./files/backup-encryption-alert $(1)/usr/libexec $(INSTALL_BIN) ./files/mwan-hooks $(1)/usr/libexec/ns-plug + $(INSTALL_BIN) ./files/ns-plug-rsyslog-fixup.uci-default $(1)/etc/uci-defaults/rsyslog-fixup endef $(eval $(call BuildPackage,ns-plug)) diff --git a/packages/ns-plug/files/ns-plug b/packages/ns-plug/files/ns-plug index 620e6619c..11b7337f5 100755 --- a/packages/ns-plug/files/ns-plug +++ b/packages/ns-plug/files/ns-plug @@ -11,6 +11,7 @@ UCI_CONF="ns-plug" CONFIG_FILE="/usr/share/ns-plug/client.conf" +RSYSLOG_CONF="/var/etc/rsyslog.ns-plug.conf" source /etc/os-release server=$(uci -q get ${UCI_CONF}.config.server) @@ -145,18 +146,43 @@ else echo "mtu-test" >> ${CONFIG_FILE} fi -# Configure rsyslog to send to promtail -uci set rsyslog.promtail=forwarder -uci set rsyslog.promtail.source=*.* -uci set rsyslog.promtail.protocol=tcp -uci set rsyslog.promtail.port="$(echo "$response" | jq -r .data.promtail_port)" -uci set rsyslog.promtail.rfc=5424 -uci set rsyslog.promtail.target="$(echo "$response" | jq -r .data.promtail_address)" -uci commit rsyslog -# Use FQDN when sending logs #733 -grep -qF '$PreserveFQDN on' /etc/rsyslog.conf || echo '$PreserveFQDN on' >> /etc/rsyslog.conf +## Configure rsyslog to send to promtail +cat < ${RSYSLOG_CONF} +# Rsyslog configuration for NethSecurity controller logging +\$PreserveFQDN on + +ruleset(name="forward") { + *.* action( + type="omfwd" + target="$(echo "$response" | jq -r .data.promtail_address)" + port="$(echo "$response" | jq -r .data.promtail_port)" + protocol="tcp" + TCP_Framing="octet-counted" + Template="RSYSLOG_SyslogProtocol23Format" + + KeepAlive="on" + KeepAlive.Probes="3" + KeepAlive.Time="60" + KeepAlive.Interval="20" + + action.resumeRetryCount="-1" + + queue.type="linkedList" + queue.size="1000" + queue.timeoutEnqueue="0" + ) +} + +*.* call forward +EOF +# check if uci rsyslog.syslog.includes has ${RSYSLOG_CONF}, if not add it +if ! uci -q get rsyslog.syslog.includes | grep -qF "${RSYSLOG_CONF}"; then + uci add_list rsyslog.syslog.includes="${RSYSLOG_CONF}" + uci commit rsyslog + reload_config +fi /etc/init.d/rsyslog restart -sleep 5 # wait for rsyslog +sleep 5 # Send data to controller every 15 minutes, only if subscription is enabled if [ ! -z "$subscription_type" ]; then diff --git a/packages/ns-plug/files/ns-plug-rsyslog-fixup.uci-default b/packages/ns-plug/files/ns-plug-rsyslog-fixup.uci-default new file mode 100644 index 000000000..e0f117496 --- /dev/null +++ b/packages/ns-plug/files/ns-plug-rsyslog-fixup.uci-default @@ -0,0 +1,15 @@ +#!/bin/sh + +# +# Copyright (C) 2026 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-2.0-only +# + +# if $PreserveFQDN on is in /etc/rsyslog.conf, we have to migrate to new config +if grep -q '^\$PreserveFQDN on' /etc/rsyslog.conf; then + sed -i '/^\$PreserveFQDN on/d' /etc/rsyslog.conf + if [ "$(uci -q get rsyslog.promtail)" = "forwarder" ]; then + uci delete rsyslog.promtail + uci commit rsyslog + fi +fi diff --git a/packages/rsyslog/Makefile b/packages/rsyslog/Makefile index d27778f31..57ea75236 100644 --- a/packages/rsyslog/Makefile +++ b/packages/rsyslog/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rsyslog PKG_VERSION:=8.2110.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:= \ diff --git a/packages/rsyslog/files/rsyslog.init b/packages/rsyslog/files/rsyslog.init index cc89e0024..8ec71e502 100644 --- a/packages/rsyslog/files/rsyslog.init +++ b/packages/rsyslog/files/rsyslog.init @@ -15,6 +15,7 @@ UCI_CONF="rsyslog" CONFIG_FILE="/var/etc/rsyslog.conf" BASE_CONFIG_FILE="/etc/rsyslog.conf" +includes="" modules="" selectors="" forwarders="" @@ -56,12 +57,17 @@ handle_forwarder() { fi } +handle_include() { + local file="$1" + includes="${includes}include(file=\"${file}\" mode=\"optional\")\n" +} expand_config() { local input_t="" local input_u="" config_load "${UCI_CONF}" + config_list_foreach syslog includes handle_include config_list_foreach syslog modules handle_module config_get_bool tcp_input syslog tcp_input if [ "${tcp_input}" -eq 1 ]; then @@ -93,6 +99,7 @@ expand_config() { echo "\$ActionFileDefaultTemplate ${template}" >> ${CONFIG_FILE} echo -e "${selectors}" >> ${CONFIG_FILE} echo -e "${forwarders}" >> ${CONFIG_FILE} + echo -e "${includes}" >> ${CONFIG_FILE} } handle_module() {