From a057c979408fc2afa080eaa32d8037eb0d97c483 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 21 Jan 2020 17:53:45 +0100 Subject: [PATCH] syslog: remove legacy remote logging. closes https://github.com/opnsense/core/issues/3540 --- .../templates/OPNsense/Syslog/+TARGETS | 1 - .../Syslog/syslog-ng-legacy-remote.conf | 101 -------- src/www/diag_logs_settings.php | 236 +----------------- 3 files changed, 3 insertions(+), 335 deletions(-) delete mode 100644 src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf diff --git a/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS b/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS index e05ba65de..47e85adee 100644 --- a/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS +++ b/src/opnsense/service/templates/OPNsense/Syslog/+TARGETS @@ -2,5 +2,4 @@ rc.conf.d:/etc/rc.conf.d/syslog_ng newsyslog.conf:/etc/newsyslog.conf syslog-ng.conf:/usr/local/etc/syslog-ng.conf syslog-ng-legacy.conf:/usr/local/etc/syslog-ng.conf.d/legacy.conf -syslog-ng-legacy-remote.conf:/usr/local/etc/syslog-ng.conf.d/legacy-remote.conf syslog-ng-destinations.conf:/usr/local/etc/syslog-ng.conf.d/syslog-ng-destinations.conf diff --git a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf deleted file mode 100644 index c9af81388..000000000 --- a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf +++ /dev/null @@ -1,101 +0,0 @@ -{% if not helpers.empty('syslog.enable') %} - -{% if syslog.ipproto == 'ipv6'%} -{% set ipprotocol = "6" %} -{% else %} -{% set ipprotocol = "4" %} -{% endif %} - -{# generate localip tag if we can find a static address #} -{% set ns = namespace() %} -{% for intf_key,intf_item in interfaces.items() %} -{% if ipprotocol == "4" %} -{% if intf_key == syslog.sourceip and intf_item.ipaddr and intf_item.ipaddr != 'dhcp' %} -{% set ns.localiptag = 'localip(' ~ intf_item.ipaddr ~ ')' %} -{% endif %} -{% else %} -{% if intf_key == syslog.sourceip and intf_item.ipaddrv6 and intf_item.ipaddrv6.count(':') > 0 %} -{% set ns.localiptag = 'localip(' ~ intf_item.ipaddrv6 ~ ')' %} -{% endif %} -{% endif %} -{% endfor %} - - -destination d_legacy_remote { - -{% for server in ['remoteserver', 'remoteserver2', 'remoteserver3'] %} -{% if not helpers.empty('syslog.' + server) %} -network("{{syslog[server].split(':')[0]}}" transport("udp") port({{syslog[server].split(':')[1]|default('514')}}) ip-protocol({{ipprotocol}}) {{ns.localiptag}}); -{% endif %} -{% endfor %} - -}; - -{% if not helpers.empty('syslog.logall') %} -### ALL #### -log { - source(s_all); - destination(d_legacy_remote); -}; - -{% else %} - - -# section filters -filter f_remote_system { - not facility(daemon, local0, local1, local2, local3, local4, local5, local6, local7, user); -}; -filter f_remote_filter { - program(filterlog); -}; -filter f_remote_dhcp { - program("dhcrelay") or - program("dhcpd"); -}; -filter f_remote_dns { - program("unbound") or - program("dnsmasq"); -}; -filter f_remote_mail { - program("postfix"); -}; -filter f_remote_portalauth { - program("captiveportal"); -}; -filter f_remote_vpn { - program("l2tps") or - program("poes") or - program("pptps") or - program("charon") or - program("openvpn") or - program("tinc*"); -}; -filter f_remote_ids { - program("suricata"); -}; -filter f_remote_apinger { - program("dpinger"); -}; -filter f_remote_relayd { - program("haproxy") or - program("relayd"); -}; -filter f_remote_hostapd { - program("hostapd"); -}; - -{% for section in ['system', 'filter', 'dhcp', 'dns', 'mail', 'portalauth', 'vpn', 'ids', 'apinger', 'relayd', 'hostapd'] %} -{% if not helpers.empty('syslog.'+section) %} -### log section {{section}} #### -log { - source(s_all); - filter(f_remote_{{section}}); - destination(d_legacy_remote); -}; -{% endif %} -{% endfor %} - - -{% endif %} - -{% endif %} diff --git a/src/www/diag_logs_settings.php b/src/www/diag_logs_settings.php index 245a05f74..a6d97595c 100644 --- a/src/www/diag_logs_settings.php +++ b/src/www/diag_logs_settings.php @@ -91,31 +91,13 @@ function is_valid_syslog_server($target) { if ($_SERVER['REQUEST_METHOD'] === 'GET') { $pconfig = array(); $pconfig['reverse'] = isset($config['syslog']['reverse']); - $pconfig['remoteserver'] = !empty($config['syslog']['remoteserver']) ? $config['syslog']['remoteserver'] : null; - $pconfig['remoteserver2'] = !empty($config['syslog']['remoteserver2']) ? $config['syslog']['remoteserver2'] : null; - $pconfig['remoteserver3'] = !empty($config['syslog']['remoteserver3']) ? $config['syslog']['remoteserver3'] : null; - $pconfig['sourceip'] = !empty($config['syslog']['sourceip']) ? $config['syslog']['sourceip'] : null; - $pconfig['ipproto'] = !empty($config['syslog']['ipproto']) ? $config['syslog']['ipproto'] : null; - $pconfig['filter'] = isset($config['syslog']['filter']); - $pconfig['dhcp'] = isset($config['syslog']['dhcp']); - $pconfig['portalauth'] = isset($config['syslog']['portalauth']); - $pconfig['mail'] = isset($config['syslog']['mail']); - $pconfig['vpn'] = isset($config['syslog']['vpn']); - $pconfig['ids'] = isset($config['syslog']['ids']); - $pconfig['dns'] = isset($config['syslog']['dns']); - $pconfig['apinger'] = isset($config['syslog']['apinger']); - $pconfig['relayd'] = isset($config['syslog']['relayd']); - $pconfig['hostapd'] = isset($config['syslog']['hostapd']); - $pconfig['logall'] = isset($config['syslog']['logall']); - $pconfig['system'] = isset($config['syslog']['system']); - $pconfig['enable'] = isset($config['syslog']['enable']); + $pconfig['logfilesize'] = !empty($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : null; $pconfig['logdefaultblock'] = empty($config['syslog']['nologdefaultblock']); $pconfig['logdefaultpass'] = empty($config['syslog']['nologdefaultpass']); $pconfig['logbogons'] = empty($config['syslog']['nologbogons']); $pconfig['logprivatenets'] = empty($config['syslog']['nologprivatenets']); $pconfig['loglighttpd'] = empty($config['syslog']['nologlighttpd']); $pconfig['disablelocallogging'] = isset($config['syslog']['disablelocallogging']); - $pconfig['logfilesize'] = !empty($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : null; } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!empty($_POST['action']) && $_POST['action'] == "resetlogs") { clear_all_log_files(); @@ -126,16 +108,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { $pconfig = $_POST; /* input validation */ - if (!empty($pconfig['enable']) && !is_valid_syslog_server($pconfig['remoteserver'])) { - $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #1."); - } - if (!empty($pconfig['enable']) && !empty($pconfig['remoteserver2']) && !is_valid_syslog_server($pconfig['remoteserver2'])) { - $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #2."); - } - if (!empty($pconfig['enable']) && !empty($pconfig['remoteserver3']) && !is_valid_syslog_server($_POST['remoteserver3'])) { - $input_errors[] = gettext("A valid IP address/hostname or IP/hostname:port must be specified for remote syslog server #3."); - } - if (!empty($pconfig['logfilesize']) && (strlen($pconfig['logfilesize']) > 0)) { if (!is_numeric($pconfig['logfilesize']) || ($pconfig['logfilesize'] < 5120)) { $input_errors[] = gettext("Log file size must be a positive integer greater than 5120."); @@ -148,25 +120,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') { } elseif (isset($config['syslog']['logfilesize'])) { unset($config['syslog']['logfilesize']); } - $config['syslog']['remoteserver'] = $pconfig['remoteserver']; - $config['syslog']['remoteserver2'] = $pconfig['remoteserver2']; - $config['syslog']['remoteserver3'] = $pconfig['remoteserver3']; - $config['syslog']['sourceip'] = $pconfig['sourceip']; - $config['syslog']['ipproto'] = $pconfig['ipproto']; - $config['syslog']['filter'] = !empty($pconfig['filter']); - $config['syslog']['dhcp'] = !empty($pconfig['dhcp']); - $config['syslog']['portalauth'] = !empty($pconfig['portalauth']); - $config['syslog']['mail'] = !empty($pconfig['mail']); - $config['syslog']['vpn'] = !empty($pconfig['vpn']); - $config['syslog']['ids'] = !empty($pconfig['ids']); - $config['syslog']['dns'] = !empty($pconfig['dns']); - $config['syslog']['apinger'] = !empty($pconfig['apinger']); - $config['syslog']['relayd'] = !empty($pconfig['relayd']); - $config['syslog']['hostapd'] = !empty($pconfig['hostapd']); - $config['syslog']['logall'] = !empty($pconfig['logall']); - $config['syslog']['system'] = !empty($pconfig['system']); $config['syslog']['disablelocallogging'] = !empty($pconfig['disablelocallogging']); - $config['syslog']['enable'] = !empty($pconfig['enable']); $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); $oldnologbogons = isset($config['syslog']['nologbogons']); @@ -210,85 +164,7 @@ include("head.inc");