NethServer · Tbaile · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026
diff --git a/packages/ns-plug/Makefile b/packages/ns-plug/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ns-plug
-PKG_VERSION:=1.0.1
+PKG_VERSION:=1.0.2
 PKG_RELEASE:=1
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/ns-plug-$(PKG_VERSION)
@@ -43,6 +43,7 @@ if [ -z "$${IPKG_INSTROOT}" ]; then
   /usr/libexec/ns-plug/40_ns-plug_automatic_updates
   /etc/init.d/cron restart
   /usr/libexec/ns-plug/40_ns-plug_mwan_hooks
+  /etc/init.d/ns-plug restart
 fi
 exit 0
 endef
@@ -103,6 +104,7 @@ define Package/ns-plug/install
 	$(INSTALL_BIN) ./files/send-mwan-alert $(1)/usr/libexec/mwan-hooks
 	$(INSTALL_BIN) ./files/backup-encryption-alert $(1)/usr/libexec
 	$(INSTALL_BIN) ./files/mwan-hooks $(1)/usr/libexec/ns-plug
+	$(INSTALL_BIN) ./files/ns-plug-rsyslog-fixup.uci-default $(1)/etc/uci-defaults/rsyslog-fixup
 endef
 
 $(eval $(call BuildPackage,ns-plug))
diff --git a/packages/ns-plug/files/ns-plug b/packages/ns-plug/files/ns-plug
@@ -11,6 +11,7 @@
 
 UCI_CONF="ns-plug"
 CONFIG_FILE="/usr/share/ns-plug/client.conf"
+RSYSLOG_CONF="/var/etc/rsyslog.ns-plug.conf"
 source /etc/os-release
 
 server=$(uci -q get ${UCI_CONF}.config.server)
@@ -145,18 +146,43 @@ else
     echo "mtu-test" >> ${CONFIG_FILE}
 fi
 
-# Configure rsyslog to send to promtail
-uci set rsyslog.promtail=forwarder
-uci set rsyslog.promtail.source=*.*
-uci set rsyslog.promtail.protocol=tcp
-uci set rsyslog.promtail.port="$(echo "$response" | jq -r .data.promtail_port)"
-uci set rsyslog.promtail.rfc=5424
-uci set rsyslog.promtail.target="$(echo "$response" | jq -r .data.promtail_address)"
-uci commit rsyslog
-# Use FQDN when sending logs #733
-grep -qF '$PreserveFQDN on' /etc/rsyslog.conf || echo '$PreserveFQDN on' >> /etc/rsyslog.conf
+## Configure rsyslog to send to promtail
+cat <<EOF > ${RSYSLOG_CONF}
+# Rsyslog configuration for NethSecurity controller logging
+\$PreserveFQDN on
+
+ruleset(name="forward") {
+    *.* action(
+        type="omfwd"
+        target="$(echo "$response" | jq -r .data.promtail_address)"
+        port="$(echo "$response" | jq -r .data.promtail_port)"
+        protocol="tcp"
+        TCP_Framing="octet-counted"
+        Template="RSYSLOG_SyslogProtocol23Format"
+
+        KeepAlive="on"
+        KeepAlive.Probes="3"
+        KeepAlive.Time="60"
+        KeepAlive.Interval="20"
+
+        action.resumeRetryCount="-1"
+
+        queue.type="linkedList"
+        queue.size="1000"
+        queue.timeoutEnqueue="0"
+    )
+}
+
+*.* call forward
+EOF
+# check if uci rsyslog.syslog.includes has ${RSYSLOG_CONF}, if not add it
+if ! uci -q get rsyslog.syslog.includes | grep -qF "${RSYSLOG_CONF}"; then
+    uci add_list rsyslog.syslog.includes="${RSYSLOG_CONF}"
+    uci commit rsyslog
+    reload_config
+fi
 /etc/init.d/rsyslog restart
-sleep 5 # wait for rsyslog
+sleep 5
 
 # Send data to controller every 15 minutes, only if subscription is enabled
 if [ ! -z "$subscription_type" ]; then

diff --git a/packages/ns-plug/files/ns-plug-rsyslog-fixup.uci-default b/packages/ns-plug/files/ns-plug-rsyslog-fixup.uci-default
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+#
+# Copyright (C) 2026 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+# if $PreserveFQDN on is in /etc/rsyslog.conf, we have to migrate to new config
+if grep -q '^\$PreserveFQDN on' /etc/rsyslog.conf; then
+    sed -i '/^\$PreserveFQDN on/d' /etc/rsyslog.conf
+    if [ "$(uci -q get rsyslog.promtail)" = "forwarder" ]; then
+        uci delete rsyslog.promtail
+        uci commit rsyslog
+    fi
+fi
diff --git a/packages/rsyslog/Makefile b/packages/rsyslog/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=rsyslog
 PKG_VERSION:=8.2110.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \

diff --git a/packages/rsyslog/files/rsyslog.init b/packages/rsyslog/files/rsyslog.init
@@ -15,6 +15,7 @@ UCI_CONF="rsyslog"
 CONFIG_FILE="/var/etc/rsyslog.conf"
 BASE_CONFIG_FILE="/etc/rsyslog.conf"
 
+includes=""
 modules=""
 selectors=""
 forwarders=""
@@ -56,12 +57,17 @@ handle_forwarder() {
 	fi
 }
 
+handle_include() {
+  local file="$1"
+  includes="${includes}include(file=\"${file}\" mode=\"optional\")\n"
+}
 
 expand_config() {
 	local input_t=""
 	local input_u=""
 
 	config_load "${UCI_CONF}"
+	config_list_foreach syslog includes handle_include
 	config_list_foreach syslog modules handle_module
 	config_get_bool tcp_input syslog tcp_input
 	if [ "${tcp_input}" -eq 1 ]; then
@@ -93,6 +99,7 @@ expand_config() {
 	echo "\$ActionFileDefaultTemplate ${template}" >> ${CONFIG_FILE}
 	echo -e "${selectors}" >> ${CONFIG_FILE}
 	echo -e "${forwarders}" >> ${CONFIG_FILE}
+	echo -e "${includes}" >> ${CONFIG_FILE}
 }
 
 handle_module() {