[rsyslog]: Remote logging with the highest rule priority (#22020)

mssonicbld · web-flow · commit 90724450aca7 · 2025-03-13T16:01:32.000+08:00
#### Why I did it This fix resolves issue with missing certain types of messages while forwarding to the remote server. Basically, this moves remote syslog forwarding rules to be executed before any other instructions take place, so everything received by a local syslog instance will be forwarded to the remote machine. The fix allows remote forwarding of messages defined as: https://github.com/sonic-net/sonic-buildimage/blob/master/files/image_config/rsyslog/rsyslog.d/00-sonic.conf.j2 #### Work item tracking * N/A #### How I did it * Moved `rsyslog` remote forwarding rules to be on top of other syslog instructions #### How to verify it  1. Enable remote syslog forwarding 2. Check for message patterns defined as [00-sonic.conf.j2](https://github.com/sonic-net/sonic-buildimage/blob/master/files/image_config/rsyslog/rsyslog.d/00-sonic.conf.j2) #### Which release branch to backport (provide reason below if selected)  - [ ] 201811 - [ ] 201911 - [ ] 202006 - [ ] 202012 - [ ] 202106 - [ ] 202111 - [ ] 202205 - [ ] 202211 - [ ] 202305 #### Tested branch (Please provide the tested image version)  - [x] master  #### Description for the changelog  * N/A #### Link to config_db schema for YANG module changes  * N/A #### A picture of a cute animal (not mandatory but encouraged) ``` .---. .----------- / \ __ / ------ / / \( )/ ----- ////// ' \/ ` --- //// / // : : --- // / / /` '-- // //..\\ ====UU====UU==== '//||\\` ''`` ```
diff --git a/files/image_config/rsyslog/rsyslog.conf.j2 b/files/image_config/rsyslog/rsyslog.conf.j2
@@ -64,34 +64,6 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
 :::date-second%\" fw=\"{{ fw_name }}\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
 
-#
-# Set the default permissions for all log files.
-#
-$FileOwner root
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-
-#
-# Where to place spool and state files
-#
-$WorkDirectory /var/spool/rsyslog
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-#
-# Suppress duplicate messages and report "message repeated n times"
-#
-$RepeatedMsgReduction on
-
-###############
-#### RULES ####
-###############
-
 #
 # Remote syslog logging
 #
@@ -134,3 +106,31 @@ $RepeatedMsgReduction on
 *.{{ severity }}
 action(type="omfwd" Target="{{ server }}" Port="{{ port }}" Protocol="{{ proto }}" Template="{{ template }}"{{ options }})
 {% endfor %}
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+#
+# Suppress duplicate messages and report "message repeated n times"
+#
+$RepeatedMsgReduction on
+
+###############
+#### RULES ####
+###############
diff --git a/src/sonic-config-engine/setup.cfg b/src/sonic-config-engine/setup.cfg
@@ -0,0 +1,2 @@
+[aliases]
+test=pytest
diff --git a/src/sonic-config-engine/tests/sample_output/py3/rsyslog.conf b/src/sonic-config-engine/tests/sample_output/py3/rsyslog.conf
@@ -49,6 +49,17 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
 :::date-second%\" fw=\"kvm-host\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
 
+#
+# Remote syslog logging
+#
+
+# The omfwd plug-in provides the core functionality of traditional message
+# forwarding via UDP and plain TCP. It is a built-in module that does not need
+# to be loaded.
+
+*.*
+action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
+
 #
 # Set the default permissions for all log files.
 #
@@ -76,15 +87,3 @@ $RepeatedMsgReduction on
 ###############
 #### RULES ####
 ###############
-
-#
-# Remote syslog logging
-#
-
-# The omfwd plug-in provides the core functionality of traditional message
-# forwarding via UDP and plain TCP. It is a built-in module that does not need
-# to be loaded.
-
-*.*
-action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
-
diff --git a/src/sonic-config-engine/tests/sample_output/py3/rsyslog_with_docker0.conf b/src/sonic-config-engine/tests/sample_output/py3/rsyslog_with_docker0.conf
@@ -51,6 +51,17 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
 :::date-second%\" fw=\"kvm-host\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
 
+#
+# Remote syslog logging
+#
+
+# The omfwd plug-in provides the core functionality of traditional message
+# forwarding via UDP and plain TCP. It is a built-in module that does not need
+# to be loaded.
+
+*.*
+action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
+
 #
 # Set the default permissions for all log files.
 #
@@ -78,15 +89,3 @@ $RepeatedMsgReduction on
 ###############
 #### RULES ####
 ###############
-
-#
-# Remote syslog logging
-#
-
-# The omfwd plug-in provides the core functionality of traditional message
-# forwarding via UDP and plain TCP. It is a built-in module that does not need
-# to be loaded.
-
-*.*
-action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
-
