lucaspalomodevelop/opnsense-core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/opnsense-core.git synced 2026-03-13 00:07:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Syslog - remove clog support

Browse Source 
remove all remnants from syslogd and circular log support excluding support from the log readers. When a user upgrades and was using clog, the old files remain and are still readable from the ui, new entries are generated into our syslog-ng directory structure.

for https://github.com/opnsense/core/issues/5337
This commit is contained in:
Ad Schellevis 2021-11-05 21:17:35 +01:00
parent 4aba8cae5d
commit b3e3391943
11 changed files with 21 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@ -184,7 +184,6 @@ CORE_DEPENDS?= ca_root_nss \
strongswan \
sudo \
syslog-ng \
syslogd \
unbound \
wpa_supplicant \
zip \

1
plist
View File

@ -979,7 +979,6 @@
/usr/local/opnsense/service/templates/OPNsense/Syslog/sources/001-local.conf
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-config-events.conf
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy.conf
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-local.conf
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng-lockout.conf
/usr/local/opnsense/service/templates/OPNsense/Syslog/syslog-ng.conf

4
src/etc/config.xml.sample
View File

@ -306,10 +306,6 @@
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<syslog>
<disable_clog>1</disable_clog>
<reverse/>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>

4
src/etc/inc/plugins.inc
View File

@ -133,6 +133,10 @@ function plugins_cron()
return $jobs;
}
/**
* list of known applications for syslog-ng to use
* Only to be used to register syslog-ng custom destinations (facility is program in syslog-ng's context)
*/
function plugins_syslog()
{
$syslogs = array();

13
src/etc/inc/plugins.inc.d/core.inc
View File

@ -105,19 +105,6 @@ function core_services()
'name' => 'cron',
);
if (empty($config['syslog']['disable_clog'])) {
$services[] = array(
'description' => gettext('Legacy Syslog Daemon'),
'php' => array(
"stop" => array('system_syslogd_stop'),
"start" => array('system_syslogd_start'),
"restart" => array('system_syslogd_start')
),
'pidfile' => '/var/run/syslog.pid',
'name' => 'syslogd',
);
}
$services[] = array(
'description' => gettext('Syslog-ng Daemon'),
'php' => array(

136
src/etc/inc/system.inc
View File

@ -610,99 +610,16 @@ function system_syslogd_start($verbose = false, $restart = false, $async = false
}
if ($async) {
configd_run('syslog restart');
if ($verbose) {
echo "done.\n";
}
return;
}
configd_run('template reload OPNsense/Syslog');
if (empty($config['syslog']['disable_clog'])) {
$syslogcfg = config_read_array('syslog');
$log_directive = '%';
$syslogd_extra = '';
$syslogconf = '';
$syslogconfs = array();
foreach (plugins_syslog() as $plugin_name => $plugin_details) {
$syslogconfs[$plugin_name] = $plugin_details;
}
$separatelogfacilities = array();
foreach ($syslogconfs as $logTopic => $logConfig) {
$syslogconf .= "!" . implode(',', $logConfig['facility']) . "\n";
$separatelogfacilities = array_merge($logConfig['facility'], $separatelogfacilities);
if (!isset($syslogcfg['disablelocallogging'])) {
$syslogconf .= "*.* {$log_directive}/var/log/{$logTopic}.log\n";
}
}
$syslogd_extra .= '-p /var/run/legacy_log -S /var/run/legacy_logpriv -k -s -s ';
asort($separatelogfacilities);
$facilitylist = implode(',', array_unique($separatelogfacilities));
$syslogconf .= "!-{$facilitylist}\n";
if (!isset($syslogcfg['disablelocallogging'])) {
/* XXX non-system local redirects look unused */
$syslogconf .= <<<EOD
local3.* {$log_directive}/var/log/vpn.log
local4.* {$log_directive}/var/log/portalauth.log
local7.* {$log_directive}/var/log/dhcpd.log
*.notice;kern.debug;lpr.info;mail.crit;daemon.none {$log_directive}/var/log/system.log
news.err;local0.none;local3.none;local4.none {$log_directive}/var/log/system.log
local7.none {$log_directive}/var/log/system.log
security.* {$log_directive}/var/log/system.log
auth.info;authpriv.info;daemon.info {$log_directive}/var/log/system.log
*.emerg *
EOD;
}
file_put_contents('/var/etc/syslog.conf', $syslogconf);
$syslogd_extra .= exec_safe('-f %s ', '/var/etc/syslog.conf');
// setup log files for all facilities including default
$default_logfile_size = !empty($syslogcfg['logfilesize']) ? $syslogcfg['logfilesize'] : '511488';
$syslog_files = array_keys($syslogconfs);
$syslog_files = array_merge($syslog_files, array('system', 'vpn'));
foreach ($syslog_files as $syslog_fn) {
$filename = "/var/log/" . basename($syslog_fn) . ".log";
if (!file_exists($filename)) {
mwexecf('/usr/local/sbin/clog -i -s %s %s', array($default_logfile_size, $filename));
}
mwexecf('chmod 0600 %s', array($filename));
}
}
// deploy certificates (separate caller in case we ever remove clog, in which case we can move all to configd)
mwexecf("/usr/local/opnsense/scripts/syslog/generate_certs");
if (!empty($config['syslog']['disable_clog'])) {
// non legacy mode
killbypid('/var/run/syslog.pid', 'TERM', true);
// Loopback in background
configd_run('syslog restart', true);
} else {
configd_run('template reload OPNsense/Syslog');
mwexecf("/usr/local/opnsense/scripts/syslog/generate_certs");
if (!$restart && isvalidpid('/var/run/syslog-ng.pid')) {
mwexecf("/usr/local/sbin/syslog-ng-ctl reload");
} else {
mwexecf("/usr/sbin/service syslog-ng restart");
}
} elseif (!$restart && isvalidpid('/var/run/syslog.pid')) {
killbypid('/var/run/syslog.pid', 'HUP');
if (isvalidpid('/var/run/syslog-ng.pid')) {
mwexecf("/usr/local/sbin/syslog-ng-ctl reload");
} else {
mwexecf("/usr/sbin/service syslog-ng restart");
}
} else {
killbypid('/var/run/syslog.pid', 'TERM', true);
mwexecf("/usr/sbin/service syslog-ng stop");
@unlink("/var/run/legacy_log");
mwexecf("/usr/local/sbin/syslogd -s -c -c -P %s {$syslogd_extra}", '/var/run/syslog.pid');
mwexecf("/usr/sbin/service syslog-ng start");
}
if ($verbose) {
@ -711,54 +628,13 @@ EOD;
}
/**
* stop syslog + syslog-ng
* stop syslog-ng
*/
function system_syslogd_stop()
{
killbypid('/var/run/syslog.pid', 'TERM', true);
mwexecf("/usr/sbin/service syslog-ng stop");
}
function system_clear_log($logfile, $restart_syslogd = true)
{
if ($restart_syslogd) {
killbyname('syslogd');
}
foreach (glob($logfile . '.*') as $rotated) {
@unlink($rotated);
}
/* preserve file ownership and permissions */
if (file_exists($logfile)) {
$handle = fopen($logfile, 'r+');
if ($handle) {
ftruncate($handle, 0);
fclose($handle);
}
}
if ($restart_syslogd) {
system_syslogd_start();
}
}
function system_clear_clog($logfile, $restart_syslogd = true)
{
if ($restart_syslogd) {
killbyname('syslogd');
}
$syslogcfg = config_read_array('syslog');
$log_size = isset($syslogcfg['logfilesize']) ? $syslogcfg['logfilesize'] : '511488';
mwexecf('/usr/local/sbin/clog -i -s %s %s', array($log_size, $logfile));
if ($restart_syslogd) {
system_syslogd_start();
}
}
/*
* get_memory()
* returns an array listing the amount of

19
src/opnsense/scripts/systemhealth/clearlog
View File

@ -59,16 +59,17 @@ if (isset($opts['m']) && isset($opts['f'])) {
}
if (is_file($filename)) {
$size = filesize($filename);
$handle = fopen($filename, "r");
fseek($handle, $size-20);
$is_clog = fread($handle,4) == 'CLOG';
fclose($handle);
if ($is_clog) {
system_clear_clog($filename);
} else {
system_clear_log($filename);
/* preserve file ownership and permissions
XXX: not sure if this is still needed, at least it's not consistent with how directories are reset now.
*/
if (file_exists($filename)) {
$handle = fopen($filename, 'r+');
if ($handle) {
ftruncate($handle, 0);
fclose($handle);
}
}
system_syslogd_start();
// XXX: should probably add some plugin hook for this.
if ($fname == 'dhcpd' && $mname == 'core') {
plugins_configure('dhcp');

1
src/opnsense/service/templates/OPNsense/Syslog/+TARGETS
View File

@ -1,7 +1,6 @@
rc.conf.d:/etc/rc.conf.d/syslog_ng
newsyslog.conf:/etc/newsyslog.conf
syslog-ng.conf:/usr/local/etc/syslog-ng.conf
syslog-ng-legacy.conf:/usr/local/etc/syslog-ng.conf.d/legacy.conf
syslog-ng-destinations.conf:/usr/local/etc/syslog-ng.conf.d/syslog-ng-destinations.conf
syslog-ng-local.conf:/usr/local/etc/syslog-ng.conf.d/syslog-ng-local.conf
syslog-ng-lockout.conf:/usr/local/etc/syslog-ng.conf.d/syslog-ng-lockout.conf

16
src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy.conf
View File

@ -1,16 +0,0 @@
#
# OPNsense legacy log target
# send all received local events to platform standard syslogd
#
{% if helpers.empty('syslog.disable_clog') %}
destination legacy_dst {
unix-dgram("/var/run/legacy_log" flags(syslog-protocol));
};
log {
source(s_all);
destination(legacy_dst);
};
{% endif %}

2
src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-local.conf
View File

@ -1,4 +1,4 @@
{% if not helpers.empty('syslog.disable_clog') and helpers.empty('syslog.disablelocallogging') %}
{% if helpers.empty('syslog.disablelocallogging') %}
{% set all_filters = [] %}
{% for sfilename in helpers.glob("OPNsense/Syslog/local/*.conf") %}{%
include sfilename without context

47
src/www/diag_logs_settings.php
View File

@ -58,8 +58,6 @@ function is_valid_syslog_server($target) {
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['disable_clog'] = isset($config['syslog']['disable_clog']);
$pconfig['logfilesize'] = !empty($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : null;
$pconfig['preservelogs'] = !empty($config['syslog']['preservelogs']) ? $config['syslog']['preservelogs'] : null;
$pconfig['logdefaultblock'] = empty($config['syslog']['nologdefaultblock']);
$pconfig['logdefaultpass'] = empty($config['syslog']['nologdefaultpass']);
@ -78,11 +76,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = $_POST;
/* input validation */
if (!empty($pconfig['logfilesize']) && (strlen($pconfig['logfilesize']) > 0)) {
if (!is_numeric($pconfig['logfilesize']) || ($pconfig['logfilesize'] < 5120)) {
$input_errors[] = gettext("Log file size must be a positive integer greater than 5120.");
}
}
if (!empty($pconfig['preservelogs']) && (strlen($pconfig['preservelogs']) > 0)) {
if (!is_numeric($pconfig['preservelogs'])) {
$input_errors[] = gettext("Preserve logs must be a positive integer value.");
@ -93,12 +86,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (empty($config['syslog'])) {
$config['syslog'] = array();
}
$config['syslog']['disable_clog'] = !empty($pconfig['disable_clog']);
if (isset($_POST['logfilesize']) && (strlen($pconfig['logfilesize']) > 0)) {
$config['syslog']['logfilesize'] = (int)$pconfig['logfilesize'];
} elseif (isset($config['syslog']['logfilesize'])) {
unset($config['syslog']['logfilesize']);
}
if (isset($_POST['preservelogs']) && (strlen($pconfig['preservelogs']) > 0)) {
$config['syslog']['preservelogs'] = (int)$pconfig['preservelogs'];
} elseif (isset($config['syslog']['preservelogs'])) {
@ -171,17 +158,6 @@ $(document).ready(function() {
}]
});
});
$("#disable_clog").change(function(){
if ($(this).is(":checked")) {
$("#preservelogs").prop("disabled", false).closest("tr").removeClass("hidden");
$("#logfilesize").prop("disabled", true).closest("tr").addClass("hidden");
} else {
$("#preservelogs").prop("disabled", true).closest("tr").addClass("hidden");
$("#logfilesize").prop("disabled", false).closest("tr").removeClass("hidden");
}
});
$("#disable_clog").change();
});
//]]>
@ -212,15 +188,6 @@ $(document).ready(function() {
</td>
</tr>
<tr>
<td><a id="help_for_circular_logs" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Disable circular logs");?></td>
<td>
<input name="disable_clog" type="checkbox" id="disable_clog" value="yes" <?=!empty($pconfig['disable_clog']) ? "checked=\"checked\"" : ""; ?> />
<div class="hidden" data-for="help_for_circular_logs">
<?=gettext("Disable legacy circular logging");?>
</div>
</td>
</tr>
<tr class="hidden">
<td><a id="help_for_preservelogs" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Preserve logs (Days)') ?></td>
<td>
<input name="preservelogs" id="preservelogs" type="text" value="<?=$pconfig['preservelogs'];?>" />
@ -229,20 +196,6 @@ $(document).ready(function() {
</div>
</td>
</tr>
<tr>
<td><a id="help_for_logfilesize" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Log File Size (Bytes)') ?></td>
<td>
<input name="logfilesize" id="logfilesize" type="text" value="<?=$pconfig['logfilesize'];?>" />
<div class="hidden" data-for="help_for_logfilesize">
<?=gettext("Logs are held in constant-size circular log files. This field controls how large each log file is, and thus how many entries may exist inside the log. By default this is approximately 500KB per log file, and there are nearly 20 such log files.") ?>
<br /><br />
<?=gettext("NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, you must first save the options to set the size, then clear all logs using the \"Reset Log Files\" option farther down this page. "); ?>
<?=gettext("Be aware that increasing this value increases every log file size, so disk usage will increase significantly."); ?>
<?=gettext("Disk space currently used by log files: ") ?><?= exec("/usr/bin/du -sh /var/log | /usr/bin/awk '{print $1;}'"); ?>.
<?=gettext("Remaining disk space for log files: ") ?><?= exec("/bin/df -h /var/log | /usr/bin/awk '{print $4;}'"); ?>.
</div>
</td>
</tr>
<tr>
<td><a id="help_for_logdefaultblock" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Log Firewall Default Blocks') ?></td>
<td>