From 395e3cb72c521ea9d62c0efd1620e679fc709cda Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 8 Jan 2025 20:41:03 +0100
Subject: [PATCH 01/14] syslog: T6989: remove "file" logging destination

---
 data/templates/rsyslog/rsyslog.conf.j2        | 14 -------
 .../include/version/system-version.xml.i      |  2 +-
 interface-definitions/system_syslog.xml.in    | 39 -------------------
 src/migration-scripts/system/28-to-29         | 29 ++++++++++++++
 4 files changed, 30 insertions(+), 54 deletions(-)
 create mode 100644 src/migration-scripts/system/28-to-29

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 253a4bee2c..67c062ab99 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -24,20 +24,6 @@ $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }}
 {{ tmp | join(';') }} :omfile:$global
 {% endif %}
 
-{% if file is vyos_defined %}
-# File based configuration section
-{%     for file_name, file_options in file.items() %}
-{%         set tmp = [] %}
-$outchannel {{ file_name }},/var/log/user/{{ file_name }},{{ file_options.archive.size }},/usr/sbin/logrotate {{ logrotate }}
-{%         if file_options.facility is vyos_defined %}
-{%             for facility, facility_options in file_options.facility.items() %}
-{%                 set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
-{%             endfor %}
-{%         endif %}
-{{ tmp | join(';') }} :omfile:${{ file }}
-{%     endfor %}
-{% endif %}
-
 {% if console.facility is vyos_defined %}
 # Console logging
 {%     set tmp = [] %}
diff --git a/interface-definitions/include/version/system-version.xml.i b/interface-definitions/include/version/system-version.xml.i
index 3ecf124c79..5cdece74a9 100644
--- a/interface-definitions/include/version/system-version.xml.i
+++ b/interface-definitions/include/version/system-version.xml.i
@@ -1,3 +1,3 @@
 <!-- include start from include/version/system-version.xml.i -->
-<syntaxVersion component='system' version='28'></syntaxVersion>
+<syntaxVersion component='system' version='29'></syntaxVersion>
 <!-- include end -->
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 0a9a00572a..1d5b3635fa 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -106,45 +106,6 @@
               </leafNode>
             </children>
           </node>
-          <tagNode name="file">
-            <properties>
-              <help>Logging to a file</help>
-              <constraint>
-                <regex>[a-zA-Z0-9\-_.]{1,255}</regex>
-              </constraint>
-              <constraintErrorMessage>illegal characters in filename or filename longer than 255 characters</constraintErrorMessage>
-            </properties>
-            <children>
-              <node name="archive">
-                <properties>
-                  <help>Log file size and rotation characteristics</help>
-                </properties>
-                <children>
-                  <leafNode name="file">
-                    <properties>
-                      <help>Number of saved files</help>
-                      <constraint>
-                        <regex>[0-9]+</regex>
-                      </constraint>
-                      <constraintErrorMessage>illegal characters in number of files</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>5</defaultValue>
-                  </leafNode>
-                  <leafNode name="size">
-                    <properties>
-                      <help>Size of log files in kbytes</help>
-                      <constraint>
-                        <regex>[0-9]+</regex>
-                      </constraint>
-                      <constraintErrorMessage>illegal characters in size</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>256</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
-              #include <include/syslog-facility.xml.i>
-            </children>
-          </tagNode>
           <node name="console">
             <properties>
               <help>logging to serial console</help>
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
new file mode 100644
index 0000000000..e12063fc47
--- /dev/null
+++ b/src/migration-scripts/system/28-to-29
@@ -0,0 +1,29 @@
+# Copyright 2025 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+# T6989:
+#   - remove syslog arbitrary file logging
+#   - remove syslog user console logging
+
+from vyos.configtree import ConfigTree
+
+base = ['system', 'syslog']
+
+def migrate(config: ConfigTree) -> None:
+    if not config.exists(base):
+        return
+
+    if config.exists(base + ['file']):
+        config.delete(base + ['file'])

From 196797346b973d1eba3f3d000321786c54e3bdbf Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 8 Jan 2025 20:41:36 +0100
Subject: [PATCH 02/14] syslog: T6989: remove CLI option for user terminal
 logging

Should be added as runtime option similar to "terminal monitor" known from
other vendors.
---
 data/templates/rsyslog/rsyslog.conf.j2     | 13 -------------
 interface-definitions/system_syslog.xml.in | 19 -------------------
 src/migration-scripts/system/28-to-29      |  3 +++
 3 files changed, 3 insertions(+), 32 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 67c062ab99..21bfbf822b 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -49,16 +49,3 @@ $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }}
 {%         endif %}
 {%     endfor %}
 {% endif %}
-
-{% if user is defined and user is not none %}
-# Log to user terminal
-{%     for username, user_options in user.items() %}
-{%         set tmp = [] %}
-{%         if user_options.facility is vyos_defined %}
-{%             for facility, facility_options in user_options.facility.items() %}
-{%                 set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
-{%             endfor %}
-{%         endif %}
-{{ tmp | join(';') }} :omusrmsg:{{ username }}
-{%     endfor %}
-{% endif %}
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 1d5b3635fa..df9536c3b9 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -8,25 +8,6 @@
           <priority>400</priority>
         </properties>
         <children>
-          <tagNode name="user">
-            <properties>
-              <help>Logging to specific terminal of given user</help>
-              <completionHelp>
-                <path>system login user</path>
-              </completionHelp>
-              <valueHelp>
-                <format>txt</format>
-                <description>Local user account</description>
-              </valueHelp>
-              <constraint>
-                #include <include/constraint/login-username.xml.i>
-              </constraint>
-              <constraintErrorMessage>illegal characters in user</constraintErrorMessage>
-            </properties>
-            <children>
-              #include <include/syslog-facility.xml.i>
-            </children>
-          </tagNode>
           <tagNode name="host">
             <properties>
               <help>Logging to remote host</help>
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index e12063fc47..b8439100a4 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -27,3 +27,6 @@ def migrate(config: ConfigTree) -> None:
 
     if config.exists(base + ['file']):
         config.delete(base + ['file'])
+
+    if config.exists(base + ['user']):
+        config.delete(base + ['user'])

From 8784aaa6fbec978aa97cab09cfbf9894163a2b1b Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 8 Jan 2025 21:46:50 +0100
Subject: [PATCH 03/14] syslog: T6989: rename "host" to "remote"

---
 data/templates/rsyslog/rsyslog.conf.j2        |  14 +--
 interface-definitions/system_syslog.xml.in    |   2 +-
 smoketest/config-tests/basic-vyos             |   8 +-
 .../config-tests/bgp-azure-ipsec-gateway      |   4 +-
 smoketest/config-tests/dialup-router-complex  |   2 +-
 .../config-tests/dialup-router-medium-vpn     |   4 +-
 .../config-tests/dialup-router-wireguard-ipv6 |   2 +-
 smoketest/scripts/cli/test_system_syslog.py   | 103 +++++++++++-------
 src/migration-scripts/system/28-to-29         |   9 ++
 9 files changed, 90 insertions(+), 58 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 21bfbf822b..2e3d19afd0 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -33,19 +33,19 @@ $outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }}
 {{ tmp | join(';') }} /dev/console
 {% endif %}
 
-{% if host is vyos_defined %}
+{% if remote is vyos_defined %}
 # Remote logging
-{%     for host_name, host_options in host.items() %}
+{%     for remote_name, remote_options in remote.items() %}
 {%         set tmp = [] %}
-{%         if host_options.facility is vyos_defined %}
-{%             for facility, facility_options in host_options.facility.items() %}
+{%         if remote_options.facility is vyos_defined %}
+{%             for facility, facility_options in remote_options.facility.items() %}
 {%                 set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
 {%             endfor %}
 {%         endif %}
-{%         if host_options.protocol is vyos_defined('tcp') %}
-{{ tmp | join(';') }} @@{{ '(o)' if host_options.format.octet_counted is vyos_defined }}{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.include_timezone is vyos_defined }}
+{%         if remote_options.protocol is vyos_defined('tcp') %}
+{{ tmp | join(';') }} @@{{ '(o)' if remote_options.format.octet_counted is vyos_defined }}{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }}
 {%         else %}
-{{ tmp | join(';') }} @{{ host_name | bracketize_ipv6 }}:{{ host_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if host_options.format.include_timezone is vyos_defined }}
+{{ tmp | join(';') }} @{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }}
 {%         endif %}
 {%     endfor %}
 {% endif %}
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index df9536c3b9..68cb114232 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -8,7 +8,7 @@
           <priority>400</priority>
         </properties>
         <children>
-          <tagNode name="host">
+          <tagNode name="remote">
             <properties>
               <help>Logging to remote host</help>
               <constraint>
diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos
index 6ff28ec2eb..b6bb6ac67b 100644
--- a/smoketest/config-tests/basic-vyos
+++ b/smoketest/config-tests/basic-vyos
@@ -96,8 +96,8 @@ set system syslog global facility all level 'info'
 set system syslog global facility auth level 'info'
 set system syslog global facility local7 level 'debug'
 set system syslog global preserve-fqdn
-set system syslog host syslog.vyos.net facility auth level 'warning'
-set system syslog host syslog.vyos.net facility local7 level 'notice'
-set system syslog host syslog.vyos.net format octet-counted
-set system syslog host syslog.vyos.net port '8000'
+set system syslog remote syslog.vyos.net facility auth level 'warning'
+set system syslog remote syslog.vyos.net facility local7 level 'notice'
+set system syslog remote syslog.vyos.net format octet-counted
+set system syslog remote syslog.vyos.net port '8000'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway
index bbd7b961f5..91ec057a9f 100644
--- a/smoketest/config-tests/bgp-azure-ipsec-gateway
+++ b/smoketest/config-tests/bgp-azure-ipsec-gateway
@@ -137,8 +137,8 @@ set system logs logrotate messages rotate '10'
 set system name-server '192.0.2.254'
 set system syslog global facility all level 'info'
 set system syslog global facility local7 level 'debug'
-set system syslog host 10.0.9.188 facility all level 'info'
-set system syslog host 10.0.9.188 protocol 'udp'
+set system syslog remote 10.0.9.188 facility all level 'info'
+set system syslog remote 10.0.9.188 protocol 'udp'
 set system time-zone 'Europe/Berlin'
 set vpn ipsec authentication psk peer_51-105-0-1 id '51.105.0.1'
 set vpn ipsec authentication psk peer_51-105-0-1 id '192.0.2.189'
diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex
index c693cc3826..404bf342c8 100644
--- a/smoketest/config-tests/dialup-router-complex
+++ b/smoketest/config-tests/dialup-router-complex
@@ -736,5 +736,5 @@ set system option reboot-on-panic
 set system option startup-beep
 set system syslog global facility all level 'debug'
 set system syslog global facility local7 level 'debug'
-set system syslog host 172.16.100.1 facility all level 'warning'
+set system syslog remote 172.16.100.1 facility all level 'warning'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn
index d6b00c6783..b7187887b5 100644
--- a/smoketest/config-tests/dialup-router-medium-vpn
+++ b/smoketest/config-tests/dialup-router-medium-vpn
@@ -315,8 +315,8 @@ set system static-host-mapping host-name host109.vyos.net inet '192.168.0.109'
 set system sysctl parameter net.core.default_qdisc value 'fq'
 set system sysctl parameter net.ipv4.tcp_congestion_control value 'bbr'
 set system syslog global facility all level 'info'
-set system syslog host 192.168.0.252 facility all level 'debug'
-set system syslog host 192.168.0.252 protocol 'udp'
+set system syslog remote 192.168.0.252 facility all level 'debug'
+set system syslog remote 192.168.0.252 protocol 'udp'
 set system task-scheduler task Update-Blacklists executable path '/config/scripts/vyos-foo-update.script'
 set system task-scheduler task Update-Blacklists interval '3h'
 set system time-zone 'Pacific/Auckland'
diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6
index 3e298fb82b..e4b8bcac40 100644
--- a/smoketest/config-tests/dialup-router-wireguard-ipv6
+++ b/smoketest/config-tests/dialup-router-wireguard-ipv6
@@ -693,5 +693,5 @@ set system option reboot-on-panic
 set system option startup-beep
 set system syslog global facility all level 'debug'
 set system syslog global facility local7 level 'debug'
-set system syslog host 172.16.100.1 facility all level 'warning'
+set system syslog remote 172.16.100.1 facility all level 'warning'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index a867111195..961b7a6f48 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -53,31 +53,10 @@ def tearDown(self):
         # Check for running process
         self.assertFalse(process_named_running(PROCESS_NAME))
 
-    def test_syslog_basic(self):
-        host1 = '127.0.0.10'
-        host2 = '127.0.0.20'
-
-        self.cli_set(base_path + ['host', host1, 'port', '999'])
-        self.cli_set(base_path + ['host', host1, 'facility', 'all', 'level', 'all'])
-        self.cli_set(base_path + ['host', host2, 'facility', 'kern', 'level', 'err'])
+    def test_syslog_console(self):
         self.cli_set(base_path + ['console', 'facility', 'all', 'level', 'warning'])
-
         self.cli_commit()
-        # verify log level and facilities in config file
-        # *.warning /dev/console
-        # *.* @198.51.100.1:999
-        # kern.err @192.0.2.1:514
-        config = [
-            get_config_value('\*.\*'),
-            get_config_value('kern.err'),
-            get_config_value('\*.warning'),
-        ]
-        expected = [f'@{host1}:999', f'@{host2}:514', '/dev/console']
-
-        for i in range(0, 3):
-            self.assertIn(expected[i], config[i])
-        # Check for running process
-        self.assertTrue(process_named_running(PROCESS_NAME))
+        self.assertIn('/dev/console', get_config_value('\*.warning'))
 
     def test_syslog_global(self):
         hostname = 'vyos123'
@@ -100,32 +79,76 @@ def test_syslog_global(self):
 
         for e in expected:
             self.assertIn(e, config)
-        # Check for running process
-        self.assertTrue(process_named_running(PROCESS_NAME))
 
     def test_syslog_remote(self):
-        rhost = '169.254.0.1'
-        default_port = default_value(base_path + ['host', rhost, 'port'])
-
-        self.cli_set(base_path + ['global', 'facility', 'all', 'level', 'info'])
-        self.cli_set(base_path + ['global', 'facility', 'local7', 'level', 'debug'])
-        self.cli_set(base_path + ['host', rhost, 'facility', 'all', 'level', 'all'])
-        self.cli_set(base_path + ['host', rhost, 'protocol', 'tcp'])
+        rhosts = {
+            '169.254.0.1': {
+                'facility': {'name' : 'auth', 'level': 'info'},
+                'protocol': 'udp',
+            },
+            '169.254.0.2': {
+                'port': '1514',
+                'protocol': 'udp',
+            },
+            '169.254.0.3': {
+                'format': ['include-timezone', 'octet-counted'],
+                'protocol': 'tcp',
+            },
+        }
+        default_port = default_value(base_path + ['remote', next(iter(rhosts)), 'port'])
+
+        for remote, remote_options in rhosts.items():
+            remote_base = base_path + ['remote', remote]
+
+            if 'port' in remote_options:
+                self.cli_set(remote_base + ['port', remote_options['port']])
+
+            if ('facility' in remote_options and
+                'name' in remote_options['facility'] and
+                'level' in remote_options['facility']
+                ):
+                facility = remote_options['facility']['name']
+                level = remote_options['facility']['level']
+                self.cli_set(remote_base + ['facility', facility, 'level', level])
+
+            if 'format' in remote_options:
+                for format in remote_options['format']:
+                    self.cli_set(remote_base + ['format', format])
+
+            if 'protocol' in remote_options:
+                protocol = remote_options['protocol']
+                self.cli_set(remote_base + ['protocol', protocol])
 
         self.cli_commit()
 
         config = read_file(RSYSLOG_CONF)
-        self.assertIn(f'*.* @@{rhost}:{default_port}', config)
+        for remote, remote_options in rhosts.items():
+            tmp = ' '
+            if ('facility' in remote_options and
+                'name' in remote_options['facility'] and
+                'level' in remote_options['facility']
+                ):
+                facility = remote_options['facility']['name']
+                level = remote_options['facility']['level']
+                tmp = f'{facility}.{level} '
 
-        # Change default port and enable "octet-counting" mode
-        port = '10514'
-        self.cli_set(base_path + ['host', rhost, 'port', port])
-        self.cli_set(base_path + ['host', rhost, 'format', 'octet-counted'])
-        self.cli_commit()
+            tmp += '@'
+            if 'protocol' in remote_options and remote_options['protocol'] == 'tcp':
+                tmp += '@'
 
-        config = read_file(RSYSLOG_CONF)
-        self.assertIn(f'*.* @@(o){rhost}:{port}', config)
+            if 'format' in remote_options and 'octet-counted' in remote_options['format']:
+                tmp += '(o)'
+
+            port = default_port
+            if 'port' in remote_options:
+                port = remote_options['port']
+
+            tmp += f'{remote}:{port}'
+
+            if 'format' in remote_options and 'include-timezone' in remote_options['format']:
+                tmp += ';RSYSLOG_SyslogProtocol23Format'
 
+            self.assertIn(tmp, config)
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index b8439100a4..2f55d425a5 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -30,3 +30,12 @@ def migrate(config: ConfigTree) -> None:
 
     if config.exists(base + ['user']):
         config.delete(base + ['user'])
+
+    # rename host -> remote
+    if config.exists(base + ['host']):
+        config.set(base + ['remote'])
+        config.set_tag(base + ['remote'])
+        for remote in config.list_nodes(base + ['host']):
+            config.copy(base + ['host', remote], base + ['remote', remote])
+            config.set_tag(base + ['remote'])
+        config.delete(base + ['host'])

From e143e496e28b9d6d5803278fa76a14bf2bc2304e Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 13 Jan 2025 19:36:41 +0100
Subject: [PATCH 04/14] syslog: T6989: convert old configuration format to
 "advanced"

---
 data/templates/rsyslog/override.conf.j2       |  11 --
 data/templates/rsyslog/rsyslog.conf.j2        | 125 ++++++++++++---
 debian/vyos-1x.install                        |   1 -
 interface-definitions/system_syslog.xml.in    |  17 +-
 smoketest/scripts/cli/test_system_syslog.py   | 151 ++++++++++++------
 src/conf_mode/system_option.py                |   2 +-
 src/conf_mode/system_syslog.py                |  14 +-
 src/etc/rsyslog.conf                          |  67 --------
 .../system/rsyslog.service.d/override.conf    |  10 ++
 src/migration-scripts/system/28-to-29         |   7 +-
 10 files changed, 235 insertions(+), 170 deletions(-)
 delete mode 100644 data/templates/rsyslog/override.conf.j2
 delete mode 100644 src/etc/rsyslog.conf
 create mode 100644 src/etc/systemd/system/rsyslog.service.d/override.conf

diff --git a/data/templates/rsyslog/override.conf.j2 b/data/templates/rsyslog/override.conf.j2
deleted file mode 100644
index 5f6a87edf5..0000000000
--- a/data/templates/rsyslog/override.conf.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-{% set vrf_command = 'ip vrf exec ' ~ vrf ~ ' ' if vrf is vyos_defined else '' %}
-[Unit]
-StartLimitIntervalSec=0
-
-[Service]
-ExecStart=
-ExecStart={{ vrf_command }}/usr/sbin/rsyslogd -n -iNONE
-Restart=always
-RestartPreventExitStatus=
-RestartSec=10
-RuntimeDirectoryPreserve=yes
diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 2e3d19afd0..efb23ca7d6 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -1,51 +1,126 @@
 ### Autogenerated by system_syslog.py ###
 
+#### MODULES ####
+# Load input modules for local logging and kernel logging
+
+# Old-style log file format with low-precision timestamps
+# A modern-style logfile format with high-precision timestamps and timezone info
+# RSYSLOG_FileFormat
+module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
+module(load="imuxsock")  # provides support for local system logging
+module(load="imklog")    # provides kernel logging support
+
+# Import logs from journald
+module(
+    load="imjournal"
+    StateFile="/var/spool/rsyslog/imjournal.state"  # Persistent state file to track the journal cursor
+    Ratelimit.Interval="0"  # Disable rate limiting (set to "0" for no limit)
+    RateLimit.Burst="0"
+)
+
+#### GLOBAL DIRECTIVES ####
+### TODO - remove
+# Filter duplicated messages
+# https://www.rsyslog.com/doc/configuration/action/rsconf1_repeatedmsgreduction.html
+$RepeatedMsgReduction on
+
+##########################################
+#### AUTH.LOG CHANNEL AND LOGGING RULES ####
+##########################################
+
+# Log specific programs to auth.log, then stop further processing
+if (
+    $programname == "CRON" or
+    $programname == "sudo" or
+    $programname == "su"
+) then {
+    action(type="omfile" file="/var/log/auth.log")
+    stop
+}
+
+global(workDirectory="/var/spool/rsyslog")
+
+###############
+#### RULES ####
+###############
+
+# Send emergency messages to all logged-in users
+*.emerg action(type="omusrmsg" users="*")
+
 {% if global.marker is vyos_defined %}
-$ModLoad immark
-{%     if global.marker.interval is vyos_defined %}
-$MarkMessagePeriod {{ global.marker.interval }}
-{%     endif %}
+# Load the immark module for periodic --MARK-- message capability
+module(load="immark" interval="{{ global.marker.interval }}")
 {% endif %}
 {% if global.preserve_fqdn is vyos_defined %}
-$PreserveFQDN on
+# Preserve the fully qualified domain name (FQDN) in log messages
+global(preserveFQDN="on")
 {% endif %}
-
 {% if global.local_host_name is vyos_defined %}
-$LocalHostName {{ global.local_host_name }}
+# Set the local hostname for log messages
+global(localHostname="{{ global.local_host_name }}")
 {% endif %}
 
-# We always log to /var/log/messages
-$outchannel global,/var/log/messages,262144,/usr/sbin/logrotate {{ logrotate }}
+#### GLOBAL LOGGING ####
 {% if global.facility is vyos_defined %}
 {%     set tmp = [] %}
-{%     for facility, facility_options in global.facility.items() %}
-{%         set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
-{%     endfor %}
-{{ tmp | join(';') }} :omfile:$global
+{%     if global.facility is vyos_defined %}
+{%         for facility, facility_options in global.facility.items() %}
+{%             set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %}
+{%         endfor %}
+if prifilt("{{ tmp | join(',') }}") then {
+    action(
+        type="omfile"
+        file="/var/log/messages"
+        queue.size="262144"
+        rotation.sizeLimitCommand="/usr/sbin/logrotate {{ logrotate }}"
+    )
+}
+{%     endif %}
 {% endif %}
 
+#### CONSOLE LOGGING ####
 {% if console.facility is vyos_defined %}
-# Console logging
 {%     set tmp = [] %}
-{%     for facility, facility_options in console.facility.items() %}
-{%         set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
-{%     endfor %}
-{{ tmp | join(';') }} /dev/console
+{%     if console.facility is vyos_defined %}
+{%         for facility, facility_options in console.facility.items() %}
+{%             set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %}
+{%         endfor %}
+if prifilt("{{ tmp | join(',') }}") then {
+    action(type="omfile" file="/dev/console")
+}
+{%     endif %}
 {% endif %}
 
+#### REMOTE LOGGING ####
 {% if remote is vyos_defined %}
-# Remote logging
 {%     for remote_name, remote_options in remote.items() %}
 {%         set tmp = [] %}
 {%         if remote_options.facility is vyos_defined %}
 {%             for facility, facility_options in remote_options.facility.items() %}
-{%                 set _ = tmp.append(facility.replace('all', '*') + '.' + facility_options.level.replace('all', '*')) %}
+{%                 set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %}
 {%             endfor %}
-{%         endif %}
-{%         if remote_options.protocol is vyos_defined('tcp') %}
-{{ tmp | join(';') }} @@{{ '(o)' if remote_options.format.octet_counted is vyos_defined }}{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }}
-{%         else %}
-{{ tmp | join(';') }} @{{ remote_name | bracketize_ipv6 }}:{{ remote_options.port }}{{ ';RSYSLOG_SyslogProtocol23Format' if remote_options.format.include_timezone is vyos_defined }}
+{%             set _ = tmp.sort() %}
+# Remote syslog to {{ remote_name }}
+if prifilt("{{ tmp | join(',') }}") then {
+    action(
+        type="omfwd"
+        # Remote syslog server where we send our logs to
+        target="{{ remote_name | bracketize_ipv6 }}"
+        # Port on the remote syslog server
+        port="{{ remote_options.port }}"
+        protocol="{{ remote_options.protocol }}"
+{%             if remote_options.format.include_timezone is vyos_defined %}
+        template="SyslogProtocol23Format"
+{%             endif %}
+        TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}"
+{%             if vrf is vyos_defined %}
+        Device="{{ vrf }}"
+{%             endif %}
+    )
+}
 {%         endif %}
 {%     endfor %}
 {% endif %}
+
+# Include all configuration files in /etc/rsyslog.d/
+include(file="/etc/rsyslog.d/*.conf")
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index 5fcff959a6..4e312a648a 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -9,7 +9,6 @@ etc/netplug
 etc/opennhrp
 etc/modprobe.d
 etc/ppp
-etc/rsyslog.conf
 etc/securetty
 etc/security
 etc/skel
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 68cb114232..acc7b47476 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -10,7 +10,7 @@
         <children>
           <tagNode name="remote">
             <properties>
-              <help>Logging to remote host</help>
+              <help>Log to remote host</help>
               <constraint>
                 <validator name="ip-address"/>
                 <validator name="fqdn"/>
@@ -59,21 +59,26 @@
           </tagNode>
           <node name="global">
             <properties>
-              <help>Logging to system standard location</help>
+              <help>Log to standard system location /var/log/messages</help>
             </properties>
             <children>
               #include <include/syslog-facility.xml.i>
               <node name="marker">
                 <properties>
-                  <help>mark messages sent to syslog</help>
+                  <help>Mark messages sent to syslog</help>
                 </properties>
                 <children>
                   <leafNode name="interval">
                     <properties>
-                      <help>time interval how often a mark message is being sent in seconds</help>
+                      <help>Mark message interval</help>
+                      <valueHelp>
+                        <format>u32:1-65535</format>
+                        <description>Time in seconds</description>
+                      </valueHelp>
                       <constraint>
-                        <validator name="numeric" argument="--positive"/>
+                        <validator name="numeric" argument="--range 1-86400"/>
                       </constraint>
+                      <constraintErrorMessage>Port number must be in range 1 to 86400</constraintErrorMessage>
                     </properties>
                     <defaultValue>1200</defaultValue>
                   </leafNode>
@@ -89,7 +94,7 @@
           </node>
           <node name="console">
             <properties>
-              <help>logging to serial console</help>
+              <help>Log to system console (/dev/console)</help>
             </properties>
             <children>
               #include <include/syslog-facility.xml.i>
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index 961b7a6f48..de2e9b260c 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2024 VyOS maintainers and contributors
+# Copyright (C) 2019-2025 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -20,18 +20,24 @@
 from base_vyostest_shim import VyOSUnitTestSHIM
 
 from vyos.utils.file import read_file
+from vyos.utils.process import cmd
 from vyos.utils.process import process_named_running
 from vyos.xml_ref import default_value
 
 PROCESS_NAME = 'rsyslogd'
-RSYSLOG_CONF = '/etc/rsyslog.d/00-vyos.conf'
+RSYSLOG_CONF = '/run/rsyslog/rsyslog.conf'
 
 base_path = ['system', 'syslog']
 
-def get_config_value(key):
-    tmp = read_file(RSYSLOG_CONF)
-    tmp = re.findall(r'\n?{}\s+(.*)'.format(key), tmp)
-    return tmp[0]
+def get_config(string=''):
+    """
+    Retrieve current "running configuration" from FRR
+    string:        search for a specific start string in the configuration
+    """
+    command = 'cat /run/rsyslog/rsyslog.conf'
+    if string:
+        command += f' | sed -n "/^{string}$/,/}}/p"' # }} required to escape } in f-string
+    return cmd(command)
 
 class TestRSYSLOGService(VyOSUnitTestSHIM.TestCase):
     @classmethod
@@ -53,37 +59,72 @@ def tearDown(self):
         # Check for running process
         self.assertFalse(process_named_running(PROCESS_NAME))
 
-    def test_syslog_console(self):
-        self.cli_set(base_path + ['console', 'facility', 'all', 'level', 'warning'])
+    def test_console(self):
+        level = 'warning'
+        self.cli_set(base_path + ['console', 'facility', 'all', 'level', level])
         self.cli_commit()
-        self.assertIn('/dev/console', get_config_value('\*.warning'))
 
-    def test_syslog_global(self):
+        rsyslog_conf = get_config()
+        config = [
+            f'if prifilt("*.{level}") then {{', # {{ required to escape { in f-string
+             'action(type="omfile" file="/dev/console")',
+        ]
+        for tmp in config:
+            self.assertIn(tmp, rsyslog_conf)
+
+    def test_global(self):
         hostname = 'vyos123'
-        domainname = 'example.local'
+        domain_name = 'example.local'
+        default_marker_interval = default_value(base_path + ['global',
+            'marker', 'interval'])
+
+        facility = {
+            'auth': {'level': 'info'},
+            'kern': {'level': 'debug'},
+            'all':  {'level': 'notice'},
+        }
+
         self.cli_set(['system', 'host-name', hostname])
-        self.cli_set(['system', 'domain-name', domainname])
-        self.cli_set(base_path + ['global', 'marker', 'interval', '600'])
+        self.cli_set(['system', 'domain-name', domain_name])
         self.cli_set(base_path + ['global', 'preserve-fqdn'])
-        self.cli_set(base_path + ['global', 'facility', 'kern', 'level', 'err'])
+
+        for tmp, tmp_options in facility.items():
+            level = tmp_options['level']
+            self.cli_set(base_path + ['global', 'facility', tmp, 'level', level])
 
         self.cli_commit()
 
-        config = read_file(RSYSLOG_CONF)
+        config = get_config('')
         expected = [
-            '$MarkMessagePeriod 600',
-            '$PreserveFQDN on',
-            'kern.err',
-            f'$LocalHostName {hostname}.{domainname}',
+            f'module(load="immark" interval="{default_marker_interval}")',
+            'global(preserveFQDN="on")',
+            f'global(localHostname="{hostname}.{domain_name}")',
         ]
-
         for e in expected:
             self.assertIn(e, config)
 
-    def test_syslog_remote(self):
+        config = get_config('#### GLOBAL LOGGING ####')
+        prifilt = []
+        for tmp, tmp_options in facility.items():
+            if tmp == 'all':
+                tmp = '*'
+            level = tmp_options['level']
+            prifilt.append(f'{tmp}.{level}')
+
+        prifilt.sort()
+        prifilt = ','.join(prifilt)
+
+        self.assertIn(f'if prifilt("{prifilt}") then {{', config)
+        self.assertIn( '    action(', config)
+        self.assertIn( '        type="omfile"', config)
+        self.assertIn( '        file="/var/log/messages"', config)
+        self.assertIn( '        queue.size="262144"', config)
+        self.assertIn( '        rotation.sizeLimitCommand="/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog"', config)
+
+    def test_remote(self):
         rhosts = {
             '169.254.0.1': {
-                'facility': {'name' : 'auth', 'level': 'info'},
+                'facility': {'auth' : {'level': 'info'}},
                 'protocol': 'udp',
             },
             '169.254.0.2': {
@@ -91,11 +132,17 @@ def test_syslog_remote(self):
                 'protocol': 'udp',
             },
             '169.254.0.3': {
+                'facility': {'auth' : {'level': 'info'},
+                             'kern' : {'level': 'debug'},
+                             'all'  : {'level': 'notice'},
+                },
                 'format': ['include-timezone', 'octet-counted'],
                 'protocol': 'tcp',
+                'port': '10514',
             },
         }
         default_port = default_value(base_path + ['remote', next(iter(rhosts)), 'port'])
+        default_protocol = default_value(base_path + ['remote', next(iter(rhosts)), 'protocol'])
 
         for remote, remote_options in rhosts.items():
             remote_base = base_path + ['remote', remote]
@@ -103,13 +150,10 @@ def test_syslog_remote(self):
             if 'port' in remote_options:
                 self.cli_set(remote_base + ['port', remote_options['port']])
 
-            if ('facility' in remote_options and
-                'name' in remote_options['facility'] and
-                'level' in remote_options['facility']
-                ):
-                facility = remote_options['facility']['name']
-                level = remote_options['facility']['level']
-                self.cli_set(remote_base + ['facility', facility, 'level', level])
+            if 'facility' in remote_options:
+                for facility, facility_options in remote_options['facility'].items():
+                    level = facility_options['level']
+                    self.cli_set(remote_base + ['facility', facility, 'level', level])
 
             if 'format' in remote_options:
                 for format in remote_options['format']:
@@ -123,32 +167,43 @@ def test_syslog_remote(self):
 
         config = read_file(RSYSLOG_CONF)
         for remote, remote_options in rhosts.items():
-            tmp = ' '
-            if ('facility' in remote_options and
-                'name' in remote_options['facility'] and
-                'level' in remote_options['facility']
-                ):
-                facility = remote_options['facility']['name']
-                level = remote_options['facility']['level']
-                tmp = f'{facility}.{level} '
-
-            tmp += '@'
-            if 'protocol' in remote_options and remote_options['protocol'] == 'tcp':
-                tmp += '@'
-
-            if 'format' in remote_options and 'octet-counted' in remote_options['format']:
-                tmp += '(o)'
+            config = get_config(f'# Remote syslog to {remote}')
+            prifilt = []
+            if 'facility' in remote_options:
+                for facility, facility_options in remote_options['facility'].items():
+                    level = facility_options['level']
+                    if facility == 'all':
+                        facility = '*'
+                    prifilt.append(f'{facility}.{level}')
+
+            prifilt.sort()
+            prifilt = ','.join(prifilt)
+            if not prifilt:
+                # Skip test - as we do not render anything if no facility is set
+                continue
+
+            self.assertIn(f'if prifilt("{prifilt}") then {{', config)
+            self.assertIn( '        type="omfwd"', config)
+            self.assertIn(f'        target="{remote}"', config)
 
             port = default_port
             if 'port' in remote_options:
                 port = remote_options['port']
+            self.assertIn(f'port="{port}"', config)
 
-            tmp += f'{remote}:{port}'
+            protocol = default_protocol
+            if 'protocol' in remote_options:
+                protocol = remote_options['protocol']
+            self.assertIn(f'protocol="{protocol}"', config)
 
-            if 'format' in remote_options and 'include-timezone' in remote_options['format']:
-                tmp += ';RSYSLOG_SyslogProtocol23Format'
+            if 'format' in remote_options:
+                if 'include-timezone' in remote_options['format']:
+                    self.assertIn( '        template="SyslogProtocol23Format"', config)
 
-            self.assertIn(tmp, config)
+                if 'octet-counted' in remote_options['format']:
+                    self.assertIn( '        TCP_Framing="octed-counted"', config)
+                else:
+                    self.assertIn( '        TCP_Framing="traditional"', config)
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/system_option.py b/src/conf_mode/system_option.py
index e2832cde6a..064a1aa91b 100755
--- a/src/conf_mode/system_option.py
+++ b/src/conf_mode/system_option.py
@@ -86,7 +86,7 @@ def verify(options):
 
         if 'source_address' in config:
             if not is_addr_assigned(config['source_address']):
-                raise ConfigError('No interface with give address specified!')
+                raise ConfigError('No interface with given address specified!')
 
     if 'ssh_client' in options:
         config = options['ssh_client']
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index eb2f02eb32..78840a5f53 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2024 VyOS maintainers and contributors
+# Copyright (C) 2018-2025 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -22,15 +22,15 @@
 from vyos.config import Config
 from vyos.configdict import is_node_changed
 from vyos.configverify import verify_vrf
+from vyos.utils.network import is_addr_assigned
 from vyos.utils.process import call
 from vyos.template import render
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
-rsyslog_conf = '/etc/rsyslog.d/00-vyos.conf'
+rsyslog_conf = '/run/rsyslog/rsyslog.conf'
 logrotate_conf = '/etc/logrotate.d/vyos-rsyslog'
-systemd_override = r'/run/systemd/system/rsyslog.service.d/override.conf'
 
 def get_config(config=None):
     if config:
@@ -70,8 +70,8 @@ def verify(syslog):
     if not syslog:
         return None
 
-    if 'host' in syslog:
-         for host, host_options in syslog['host'].items():
+    if 'remote' in syslog:
+         for host, host_options in syslog['remote'].items():
              if 'protocol' in host_options and host_options['protocol'] == 'udp':
                  if 'format' in host_options and 'octet_counted' in host_options['format']:
                      Warning(f'Syslog UDP transport for "{host}" should not use octet-counted format!')
@@ -88,11 +88,7 @@ def generate(syslog):
         return None
 
     render(rsyslog_conf, 'rsyslog/rsyslog.conf.j2', syslog)
-    render(systemd_override, 'rsyslog/override.conf.j2', syslog)
     render(logrotate_conf, 'rsyslog/logrotate.j2', syslog)
-
-    # Reload systemd manager configuration
-    call('systemctl daemon-reload')
     return None
 
 def apply(syslog):
diff --git a/src/etc/rsyslog.conf b/src/etc/rsyslog.conf
deleted file mode 100644
index b3f41acb68..0000000000
--- a/src/etc/rsyslog.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-#################
-#### MODULES ####
-#################
-
-$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
-#$ModLoad immark  # provides --MARK-- message capability
-
-$OmitLocalLogging off
-$SystemLogSocketName /run/systemd/journal/syslog
-
-$KLogPath /proc/kmsg
-
-###########################
-#### GLOBAL DIRECTIVES ####
-###########################
-
-# Use traditional timestamp format.
-# To enable high precision timestamps, comment out the following line.
-# A modern-style logfile format similar to TraditionalFileFormat, buth with high-precision timestamps and timezone information
-#$ActionFileDefaultTemplate RSYSLOG_FileFormat
-# The "old style" default log file format with low-precision timestamps
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-# Filter duplicated messages
-$RepeatedMsgReduction on
-
-#
-# Set the default permissions for all log files.
-#
-$FileOwner root
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-
-#
-# Stop excessive logging of sudo
-#
-:msg, contains, " pam_unix(sudo:session): session opened for user root(uid=0) by" stop
-:msg, contains, "pam_unix(sudo:session): session closed for user root" stop
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-# The lines below cause all listed daemons/processes to be logged into
-# /var/log/auth.log, then drops the message so it does not also go to the
-# regular syslog so that messages are not duplicated
-
-$outchannel auth_log,/var/log/auth.log
-if  $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then :omfile:$auth_log
-
-if $programname == 'CRON' or
-    $programname == 'sudo' or
-    $programname == 'su'
-    then stop
-
-###############
-#### RULES ####
-###############
-# Emergencies are sent to everybody logged in.
-*.emerg                         :omusrmsg:*
\ No newline at end of file
diff --git a/src/etc/systemd/system/rsyslog.service.d/override.conf b/src/etc/systemd/system/rsyslog.service.d/override.conf
new file mode 100644
index 0000000000..665b994d9b
--- /dev/null
+++ b/src/etc/systemd/system/rsyslog.service.d/override.conf
@@ -0,0 +1,10 @@
+[Unit]
+StartLimitIntervalSec=0
+
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/rsyslogd -n -iNONE -f /run/rsyslog/rsyslog.conf
+Restart=always
+RestartPreventExitStatus=
+RestartSec=10
+RuntimeDirectoryPreserve=yes
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index 2f55d425a5..1addad0355 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -16,6 +16,7 @@
 # T6989:
 #   - remove syslog arbitrary file logging
 #   - remove syslog user console logging
+#   - rename "host" to "remote"
 
 from vyos.configtree import ConfigTree
 
@@ -24,14 +25,16 @@ base = ['system', 'syslog']
 def migrate(config: ConfigTree) -> None:
     if not config.exists(base):
         return
-
+    # Drop support for custom file logging
     if config.exists(base + ['file']):
         config.delete(base + ['file'])
 
+    # Drop support for logging to a user tty
+    # This should be dynamically added via an op-mode command like "terminal monitor"
     if config.exists(base + ['user']):
         config.delete(base + ['user'])
 
-    # rename host -> remote
+    # Rename host x.x.x.x -> remote x.x.x.x
     if config.exists(base + ['host']):
         config.set(base + ['remote'])
         config.set_tag(base + ['remote'])

From 04d296a3446fa8488add17ce1ec7931d43c4a4d0 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 13 Jan 2025 19:39:50 +0100
Subject: [PATCH 05/14] syslog: T6989: add new source-address CLI option for
 outgoing connections

---
 data/templates/rsyslog/rsyslog.conf.j2     | 4 ++++
 interface-definitions/system_syslog.xml.in | 1 +
 src/conf_mode/system_syslog.py             | 7 +++++++
 3 files changed, 12 insertions(+)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index efb23ca7d6..779ae8d04f 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -113,6 +113,10 @@ if prifilt("{{ tmp | join(',') }}") then {
         template="SyslogProtocol23Format"
 {%             endif %}
         TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}"
+{%             if source_address is vyos_defined %}
+        # Sender IP address
+        Address="{{ source_address }}"
+{%             endif %}
 {%             if vrf is vyos_defined %}
         Device="{{ vrf }}"
 {%             endif %}
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index acc7b47476..f47a95f093 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -100,6 +100,7 @@
               #include <include/syslog-facility.xml.i>
             </children>
           </node>
+          #include <include/source-address-ipv4-ipv6.xml.i>
           #include <include/interface/vrf.xml.i>
         </children>
       </node>
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index 78840a5f53..ce806a540c 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -78,6 +78,13 @@ def verify(syslog):
 
     verify_vrf(syslog)
 
+    if 'source_address' in syslog:
+        syslog_vrf = None
+        if 'vrf' in syslog:
+            syslog_vrf = syslog['vrf']
+        if not is_addr_assigned(syslog['source_address'], syslog_vrf):
+            raise ConfigError('No interface with given address specified!')
+
 def generate(syslog):
     if not syslog:
         if os.path.exists(rsyslog_conf):

From 20ab585a68982c4635c4e5a1ee5bbcc219feaebc Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 15 Jan 2025 20:38:43 +0100
Subject: [PATCH 06/14] syslog: T6989: move up "global preserve-fqdn" one level
 in CLI

Move "global preserve-fqdn" one CLI level up, as it relates to all logging
targets (console, global and remote).
---
 data/templates/rsyslog/rsyslog.conf.j2      |  8 +++----
 interface-definitions/system_syslog.xml.in  | 24 ++++++++++-----------
 smoketest/config-tests/basic-vyos           |  2 +-
 smoketest/config-tests/bgp-big-as-cloud     |  2 +-
 smoketest/scripts/cli/test_system_syslog.py |  2 +-
 src/conf_mode/system_syslog.py              | 23 +++++++++++---------
 src/migration-scripts/system/28-to-29       |  7 ++++++
 7 files changed, 39 insertions(+), 29 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 779ae8d04f..bc98329b21 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -51,13 +51,13 @@ global(workDirectory="/var/spool/rsyslog")
 # Load the immark module for periodic --MARK-- message capability
 module(load="immark" interval="{{ global.marker.interval }}")
 {% endif %}
-{% if global.preserve_fqdn is vyos_defined %}
+{% if preserve_fqdn is vyos_defined %}
 # Preserve the fully qualified domain name (FQDN) in log messages
 global(preserveFQDN="on")
-{% endif %}
-{% if global.local_host_name is vyos_defined %}
+{%     if preserve_fqdn.host_name is vyos_defined and preserve_fqdn.domain_name is vyos_defined %}
 # Set the local hostname for log messages
-global(localHostname="{{ global.local_host_name }}")
+global(localHostname="{{ preserve_fqdn.host_name }}.{{ preserve_fqdn.domain_name }}")
+{%     endif %}
 {% endif %}
 
 #### GLOBAL LOGGING ####
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index f47a95f093..09cfd3dd45 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -8,6 +8,14 @@
           <priority>400</priority>
         </properties>
         <children>
+          <node name="console">
+            <properties>
+              <help>Log to system console (/dev/console)</help>
+            </properties>
+            <children>
+              #include <include/syslog-facility.xml.i>
+            </children>
+          </node>
           <tagNode name="remote">
             <properties>
               <help>Log to remote host</help>
@@ -84,22 +92,14 @@
                   </leafNode>
                 </children>
               </node>
-              <leafNode name="preserve-fqdn">
-                <properties>
-                  <help>uses FQDN for logging</help>
-                  <valueless/>
-                </properties>
-              </leafNode>
             </children>
           </node>
-          <node name="console">
+          <leafNode name="preserve-fqdn">
             <properties>
-              <help>Log to system console (/dev/console)</help>
+              <help>Always include domain portion in hostname</help>
+              <valueless/>
             </properties>
-            <children>
-              #include <include/syslog-facility.xml.i>
-            </children>
-          </node>
+          </leafNode>
           #include <include/source-address-ipv4-ipv6.xml.i>
           #include <include/interface/vrf.xml.i>
         </children>
diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos
index b6bb6ac67b..eaa61c56d4 100644
--- a/smoketest/config-tests/basic-vyos
+++ b/smoketest/config-tests/basic-vyos
@@ -95,7 +95,7 @@ set system syslog console facility mail level 'info'
 set system syslog global facility all level 'info'
 set system syslog global facility auth level 'info'
 set system syslog global facility local7 level 'debug'
-set system syslog global preserve-fqdn
+set system syslog preserve-fqdn
 set system syslog remote syslog.vyos.net facility auth level 'warning'
 set system syslog remote syslog.vyos.net facility local7 level 'notice'
 set system syslog remote syslog.vyos.net format octet-counted
diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud
index d6c17b3d26..ff75499571 100644
--- a/smoketest/config-tests/bgp-big-as-cloud
+++ b/smoketest/config-tests/bgp-big-as-cloud
@@ -848,5 +848,5 @@ set system sflow interface 'eth0.4088'
 set system sflow interface 'eth0.4089'
 set system sflow server 1.2.3.4 port '1234'
 set system syslog global facility all level 'all'
-set system syslog global preserve-fqdn
+set system syslog preserve-fqdn
 set system time-zone 'Europe/Zurich'
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index de2e9b260c..b1aaa53a51 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -86,7 +86,7 @@ def test_global(self):
 
         self.cli_set(['system', 'host-name', hostname])
         self.cli_set(['system', 'domain-name', domain_name])
-        self.cli_set(base_path + ['global', 'preserve-fqdn'])
+        self.cli_set(base_path + ['preserve-fqdn'])
 
         for tmp, tmp_options in facility.items():
             level = tmp_options['level']
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index ce806a540c..6f6546fd13 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -53,16 +53,13 @@ def get_config(config=None):
     if syslog.from_defaults(['global']):
         del syslog['global']
 
-    if (
-        'global' in syslog
-        and 'preserve_fqdn' in syslog['global']
-        and conf.exists(['system', 'host-name'])
-        and conf.exists(['system', 'domain-name'])
-    ):
-        hostname = conf.return_value(['system', 'host-name'])
-        domain = conf.return_value(['system', 'domain-name'])
-        fqdn = f'{hostname}.{domain}'
-        syslog['global']['local_host_name'] = fqdn
+    if 'preserve_fqdn' in syslog:
+        if conf.exists(['system', 'host-name']):
+            tmp = conf.return_value(['system', 'host-name'])
+            syslog['preserve_fqdn']['host_name'] = tmp
+        if conf.exists(['system', 'domain-name']):
+            tmp  = conf.return_value(['system', 'domain-name'])
+            syslog['preserve_fqdn']['domain_name'] = tmp
 
     return syslog
 
@@ -70,6 +67,12 @@ def verify(syslog):
     if not syslog:
         return None
 
+    if 'preserve_fqdn' in syslog:
+        if 'host_name' not in syslog['preserve_fqdn']:
+            Warning('No "system host-name" defined - cannot set syslog FQDN!')
+        if 'domain_name' not in syslog['preserve_fqdn']:
+            Warning('No "system domain-name" defined - cannot set syslog FQDN!')
+
     if 'remote' in syslog:
          for host, host_options in syslog['remote'].items():
              if 'protocol' in host_options and host_options['protocol'] == 'udp':
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index 1addad0355..dadfc994ab 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -16,6 +16,7 @@
 # T6989:
 #   - remove syslog arbitrary file logging
 #   - remove syslog user console logging
+#   - move "global preserve-fqdn" one CLI level up
 #   - rename "host" to "remote"
 
 from vyos.configtree import ConfigTree
@@ -34,6 +35,12 @@ def migrate(config: ConfigTree) -> None:
     if config.exists(base + ['user']):
         config.delete(base + ['user'])
 
+    # Move "global preserve-fqdn" one CLI level up, as it relates to all
+    # logging targets (console, global and remote)
+    if config.exists(base + ['global', 'preserve-fqdn']):
+        config.delete(base + ['global', 'preserve-fqdn'])
+        config.set(base + ['preserve-fqdn'])
+
     # Rename host x.x.x.x -> remote x.x.x.x
     if config.exists(base + ['host']):
         config.set(base + ['remote'])

From b9c43b19acb6f649bb6f64c75ab63df768e360c9 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 15 Jan 2025 20:45:42 +0100
Subject: [PATCH 07/14] syslog: T6989: move up "global marker" one level in CLI

---
 data/templates/rsyslog/rsyslog.conf.j2      |  4 +--
 interface-definitions/system_syslog.xml.in  | 38 ++++++++++-----------
 smoketest/config-tests/basic-vyos           |  1 +
 smoketest/configs/basic-vyos                |  3 ++
 smoketest/scripts/cli/test_system_syslog.py |  3 +-
 src/migration-scripts/system/28-to-29       |  7 ++++
 6 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index bc98329b21..26d62a23f7 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -47,9 +47,9 @@ global(workDirectory="/var/spool/rsyslog")
 # Send emergency messages to all logged-in users
 *.emerg action(type="omusrmsg" users="*")
 
-{% if global.marker is vyos_defined %}
+{% if marker is vyos_defined %}
 # Load the immark module for periodic --MARK-- message capability
-module(load="immark" interval="{{ global.marker.interval }}")
+module(load="immark" interval="{{ marker.interval }}")
 {% endif %}
 {% if preserve_fqdn is vyos_defined %}
 # Preserve the fully qualified domain name (FQDN) in log messages
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 09cfd3dd45..1ee5a7687e 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -71,27 +71,27 @@
             </properties>
             <children>
               #include <include/syslog-facility.xml.i>
-              <node name="marker">
+            </children>
+          </node>
+          <node name="marker">
+            <properties>
+              <help>Mark messages sent to syslog</help>
+            </properties>
+            <children>
+              <leafNode name="interval">
                 <properties>
-                  <help>Mark messages sent to syslog</help>
+                  <help>Mark message interval</help>
+                  <valueHelp>
+                    <format>u32:1-65535</format>
+                    <description>Time in seconds</description>
+                  </valueHelp>
+                  <constraint>
+                    <validator name="numeric" argument="--range 1-86400"/>
+                  </constraint>
+                  <constraintErrorMessage>Port number must be in range 1 to 86400</constraintErrorMessage>
                 </properties>
-                <children>
-                  <leafNode name="interval">
-                    <properties>
-                      <help>Mark message interval</help>
-                      <valueHelp>
-                        <format>u32:1-65535</format>
-                        <description>Time in seconds</description>
-                      </valueHelp>
-                      <constraint>
-                        <validator name="numeric" argument="--range 1-86400"/>
-                      </constraint>
-                      <constraintErrorMessage>Port number must be in range 1 to 86400</constraintErrorMessage>
-                    </properties>
-                    <defaultValue>1200</defaultValue>
-                  </leafNode>
-                </children>
-              </node>
+                <defaultValue>1200</defaultValue>
+              </leafNode>
             </children>
           </node>
           <leafNode name="preserve-fqdn">
diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos
index eaa61c56d4..94a4d139e5 100644
--- a/smoketest/config-tests/basic-vyos
+++ b/smoketest/config-tests/basic-vyos
@@ -95,6 +95,7 @@ set system syslog console facility mail level 'info'
 set system syslog global facility all level 'info'
 set system syslog global facility auth level 'info'
 set system syslog global facility local7 level 'debug'
+set system syslog marker interval '1000'
 set system syslog preserve-fqdn
 set system syslog remote syslog.vyos.net facility auth level 'warning'
 set system syslog remote syslog.vyos.net facility local7 level 'notice'
diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos
index 242f3d1def..527e620da0 100644
--- a/smoketest/configs/basic-vyos
+++ b/smoketest/configs/basic-vyos
@@ -236,6 +236,9 @@ system {
             facility security {
                 level info
             }
+            marker {
+                interval 1000
+            }
             preserve-fqdn
         }
         host syslog.vyos.net {
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index b1aaa53a51..1233bf12b8 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -75,8 +75,7 @@ def test_console(self):
     def test_global(self):
         hostname = 'vyos123'
         domain_name = 'example.local'
-        default_marker_interval = default_value(base_path + ['global',
-            'marker', 'interval'])
+        default_marker_interval = default_value(base_path + ['marker', 'interval'])
 
         facility = {
             'auth': {'level': 'info'},
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index dadfc994ab..9716e9e905 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -41,6 +41,13 @@ def migrate(config: ConfigTree) -> None:
         config.delete(base + ['global', 'preserve-fqdn'])
         config.set(base + ['preserve-fqdn'])
 
+    # Move "global marker" one CLI level up, as it relates to all
+    # logging targets (console, global and remote)
+    marker_base = base + ['global', 'marker']
+    if config.exists(marker_base):
+        config.copy(marker_base, base + ['marker'])
+        config.delete(marker_base)
+
     # Rename host x.x.x.x -> remote x.x.x.x
     if config.exists(base + ['host']):
         config.set(base + ['remote'])

From 211bc4a767564d1eb28b431e1529eb719bb721a9 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 22 Jan 2025 20:52:52 +0100
Subject: [PATCH 08/14] syslog: T6989: rename "global" to "local"

The previously "global" options actually were only relevant for the local
logging to /var/log/messages.
---
 data/templates/rsyslog/rsyslog.conf.j2              |  6 +++---
 interface-definitions/system_syslog.xml.in          |  2 +-
 smoketest/config-tests/basic-api-service            |  4 ++--
 smoketest/config-tests/basic-vyos                   |  7 ++++---
 smoketest/config-tests/basic-vyos-no-ntp            |  4 ++--
 smoketest/config-tests/bgp-azure-ipsec-gateway      |  4 ++--
 smoketest/config-tests/bgp-bfd-communities          |  4 ++--
 smoketest/config-tests/bgp-big-as-cloud             |  2 +-
 smoketest/config-tests/bgp-dmvpn-hub                |  4 ++--
 smoketest/config-tests/bgp-dmvpn-spoke              |  4 ++--
 smoketest/config-tests/bgp-evpn-l2vpn-leaf          |  4 ++--
 smoketest/config-tests/bgp-evpn-l2vpn-spine         |  4 ++--
 smoketest/config-tests/bgp-evpn-l3vpn-pe-router     |  4 ++--
 smoketest/config-tests/bgp-medium-confederation     |  4 ++--
 smoketest/config-tests/bgp-rpki                     |  4 ++--
 smoketest/config-tests/bgp-small-internet-exchange  |  4 ++--
 smoketest/config-tests/bgp-small-ipv4-unicast       |  4 ++--
 smoketest/config-tests/cluster-basic                |  4 ++--
 smoketest/config-tests/dialup-router-complex        |  4 ++--
 smoketest/config-tests/dialup-router-medium-vpn     |  2 +-
 smoketest/config-tests/dialup-router-wireguard-ipv6 |  4 ++--
 smoketest/config-tests/egp-igp-route-maps           |  2 +-
 smoketest/config-tests/igmp-pim-small               |  4 ++--
 smoketest/config-tests/ipoe-server                  |  4 ++--
 smoketest/config-tests/ipv6-disable                 |  4 ++--
 smoketest/config-tests/isis-small                   |  4 ++--
 smoketest/config-tests/nat-basic                    |  4 ++--
 smoketest/config-tests/ospf-simple                  |  4 ++--
 smoketest/config-tests/ospf-small                   |  4 ++--
 smoketest/config-tests/pppoe-server                 |  4 ++--
 smoketest/config-tests/qos-basic                    |  4 ++--
 smoketest/config-tests/rip-router                   |  4 ++--
 smoketest/config-tests/rpki-only                    |  4 ++--
 smoketest/config-tests/static-route-basic           |  4 ++--
 smoketest/config-tests/tunnel-broker                |  4 ++--
 smoketest/config-tests/vpn-openconnect-sstp         |  4 ++--
 smoketest/config-tests/vrf-basic                    |  4 ++--
 smoketest/config-tests/vrf-bgp-pppoe-underlay       |  4 ++--
 smoketest/config-tests/vrf-ospf                     |  4 ++--
 smoketest/config-tests/wireless-basic               |  4 ++--
 smoketest/configs/basic-vyos                        |  1 +
 smoketest/scripts/cli/test_system_syslog.py         |  2 +-
 src/conf_mode/system_syslog.py                      |  4 ++--
 src/migration-scripts/system/28-to-29               | 10 ++++++++--
 44 files changed, 91 insertions(+), 83 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 26d62a23f7..c2cb8a1ca5 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -61,10 +61,10 @@ global(localHostname="{{ preserve_fqdn.host_name }}.{{ preserve_fqdn.domain_name
 {% endif %}
 
 #### GLOBAL LOGGING ####
-{% if global.facility is vyos_defined %}
+{% if local.facility is vyos_defined %}
 {%     set tmp = [] %}
-{%     if global.facility is vyos_defined %}
-{%         for facility, facility_options in global.facility.items() %}
+{%     if local.facility is vyos_defined %}
+{%         for facility, facility_options in local.facility.items() %}
 {%             set _ = tmp.append(facility.replace('all', '*') ~ "." ~ facility_options.level.replace('all', 'debug')) %}
 {%         endfor %}
 if prifilt("{{ tmp | join(',') }}") then {
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 1ee5a7687e..0dbf5d497e 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -65,7 +65,7 @@
               </node>
             </children>
           </tagNode>
-          <node name="global">
+          <node name="local">
             <properties>
               <help>Log to standard system location /var/log/messages</help>
             </properties>
diff --git a/smoketest/config-tests/basic-api-service b/smoketest/config-tests/basic-api-service
index 3f796f35dd..ca10cf4e9b 100644
--- a/smoketest/config-tests/basic-api-service
+++ b/smoketest/config-tests/basic-api-service
@@ -24,5 +24,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/basic-vyos b/smoketest/config-tests/basic-vyos
index 94a4d139e5..4793e069e4 100644
--- a/smoketest/config-tests/basic-vyos
+++ b/smoketest/config-tests/basic-vyos
@@ -92,13 +92,14 @@ set system login user vyos authentication plaintext-password ''
 set system name-server '192.168.0.1'
 set system syslog console facility all level 'emerg'
 set system syslog console facility mail level 'info'
-set system syslog global facility all level 'info'
-set system syslog global facility auth level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility auth level 'info'
+set system syslog local facility local7 level 'debug'
 set system syslog marker interval '1000'
 set system syslog preserve-fqdn
 set system syslog remote syslog.vyos.net facility auth level 'warning'
 set system syslog remote syslog.vyos.net facility local7 level 'notice'
 set system syslog remote syslog.vyos.net format octet-counted
 set system syslog remote syslog.vyos.net port '8000'
+set system syslog remote syslog.vyos.net protocol 'tcp'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/basic-vyos-no-ntp b/smoketest/config-tests/basic-vyos-no-ntp
index a182601089..f00dea5d44 100644
--- a/smoketest/config-tests/basic-vyos-no-ntp
+++ b/smoketest/config-tests/basic-vyos-no-ntp
@@ -48,6 +48,6 @@ set system host-name 'no-ntp'
 set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
 set system login user vyos authentication plaintext-password ''
 set system name-server '172.16.254.30'
-set system syslog global facility all level 'debug'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'debug'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-azure-ipsec-gateway b/smoketest/config-tests/bgp-azure-ipsec-gateway
index 91ec057a9f..0d683c921c 100644
--- a/smoketest/config-tests/bgp-azure-ipsec-gateway
+++ b/smoketest/config-tests/bgp-azure-ipsec-gateway
@@ -135,8 +135,8 @@ set system login user vyos authentication plaintext-password ''
 set system logs logrotate messages max-size '20'
 set system logs logrotate messages rotate '10'
 set system name-server '192.0.2.254'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system syslog remote 10.0.9.188 facility all level 'info'
 set system syslog remote 10.0.9.188 protocol 'udp'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-bfd-communities b/smoketest/config-tests/bgp-bfd-communities
index 6eee0137e6..06e412c552 100644
--- a/smoketest/config-tests/bgp-bfd-communities
+++ b/smoketest/config-tests/bgp-bfd-communities
@@ -196,6 +196,6 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud
index ff75499571..f71a51be3b 100644
--- a/smoketest/config-tests/bgp-big-as-cloud
+++ b/smoketest/config-tests/bgp-big-as-cloud
@@ -847,6 +847,6 @@ set system name-server '192.0.2.2'
 set system sflow interface 'eth0.4088'
 set system sflow interface 'eth0.4089'
 set system sflow server 1.2.3.4 port '1234'
-set system syslog global facility all level 'all'
+set system syslog local facility all level 'all'
 set system syslog preserve-fqdn
 set system time-zone 'Europe/Zurich'
diff --git a/smoketest/config-tests/bgp-dmvpn-hub b/smoketest/config-tests/bgp-dmvpn-hub
index 99f3799a4e..f9ceba11c9 100644
--- a/smoketest/config-tests/bgp-dmvpn-hub
+++ b/smoketest/config-tests/bgp-dmvpn-hub
@@ -50,8 +50,8 @@ set system login user vyos authentication plaintext-password ''
 set system name-server '1.1.1.1'
 set system name-server '8.8.8.8'
 set system name-server '9.9.9.9'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set vpn ipsec esp-group ESP-DMVPN lifetime '1800'
 set vpn ipsec esp-group ESP-DMVPN mode 'transport'
 set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2'
diff --git a/smoketest/config-tests/bgp-dmvpn-spoke b/smoketest/config-tests/bgp-dmvpn-spoke
index e4fb82a0ec..a98275ba49 100644
--- a/smoketest/config-tests/bgp-dmvpn-spoke
+++ b/smoketest/config-tests/bgp-dmvpn-spoke
@@ -56,8 +56,8 @@ set system login user vyos authentication plaintext-password ''
 set system name-server '1.1.1.1'
 set system name-server '8.8.8.8'
 set system name-server '9.9.9.9'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set vpn ipsec esp-group ESP-DMVPN lifetime '1800'
 set vpn ipsec esp-group ESP-DMVPN mode 'transport'
 set vpn ipsec esp-group ESP-DMVPN pfs 'dh-group2'
diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-leaf b/smoketest/config-tests/bgp-evpn-l2vpn-leaf
index 315cb9e062..5e42a269ef 100644
--- a/smoketest/config-tests/bgp-evpn-l2vpn-leaf
+++ b/smoketest/config-tests/bgp-evpn-l2vpn-leaf
@@ -48,8 +48,8 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62
 set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1
 set vrf name MGMT table '1000'
diff --git a/smoketest/config-tests/bgp-evpn-l2vpn-spine b/smoketest/config-tests/bgp-evpn-l2vpn-spine
index dee29e0218..e6d876af69 100644
--- a/smoketest/config-tests/bgp-evpn-l2vpn-spine
+++ b/smoketest/config-tests/bgp-evpn-l2vpn-spine
@@ -41,8 +41,8 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set vrf name MGMT protocols static route 0.0.0.0/0 next-hop 192.0.2.62
 set vrf name MGMT protocols static route6 ::/0 next-hop 2001:db8::1
 set vrf name MGMT table '1000'
diff --git a/smoketest/config-tests/bgp-evpn-l3vpn-pe-router b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router
index 7a2ec9f919..f867c221e9 100644
--- a/smoketest/config-tests/bgp-evpn-l3vpn-pe-router
+++ b/smoketest/config-tests/bgp-evpn-l3vpn-pe-router
@@ -101,8 +101,8 @@ set system login user vyos authentication plaintext-password ''
 set system name-server '192.0.2.251'
 set system name-server '192.0.2.252'
 set system name-server '2001:db8::1'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set vrf name blue protocols bgp address-family ipv4-unicast redistribute connected
 set vrf name blue protocols bgp address-family l2vpn-evpn advertise ipv4 unicast
 set vrf name blue protocols bgp system-as '100'
diff --git a/smoketest/config-tests/bgp-medium-confederation b/smoketest/config-tests/bgp-medium-confederation
index 582e280475..71797fe93f 100644
--- a/smoketest/config-tests/bgp-medium-confederation
+++ b/smoketest/config-tests/bgp-medium-confederation
@@ -69,5 +69,5 @@ set system host-name 'vyos'
 set system ip protocol bgp route-map 'DEFAULT-ZEBRA-IN'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'notice'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'notice'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/bgp-rpki b/smoketest/config-tests/bgp-rpki
index 44e95ae98f..587de67c60 100644
--- a/smoketest/config-tests/bgp-rpki
+++ b/smoketest/config-tests/bgp-rpki
@@ -39,5 +39,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/bgp-small-internet-exchange b/smoketest/config-tests/bgp-small-internet-exchange
index a9dce4dd56..2adb3fbb5d 100644
--- a/smoketest/config-tests/bgp-small-internet-exchange
+++ b/smoketest/config-tests/bgp-small-internet-exchange
@@ -205,5 +205,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/bgp-small-ipv4-unicast b/smoketest/config-tests/bgp-small-ipv4-unicast
index b8c0e12460..f8820cb3cd 100644
--- a/smoketest/config-tests/bgp-small-ipv4-unicast
+++ b/smoketest/config-tests/bgp-small-ipv4-unicast
@@ -28,5 +28,5 @@ set system domain-name 'vyos.net'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'notice'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'notice'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/cluster-basic b/smoketest/config-tests/cluster-basic
index 744c117eb8..871b40bbbe 100644
--- a/smoketest/config-tests/cluster-basic
+++ b/smoketest/config-tests/cluster-basic
@@ -16,6 +16,6 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Antarctica/South_Pole'
diff --git a/smoketest/config-tests/dialup-router-complex b/smoketest/config-tests/dialup-router-complex
index 404bf342c8..c356c73c0c 100644
--- a/smoketest/config-tests/dialup-router-complex
+++ b/smoketest/config-tests/dialup-router-complex
@@ -734,7 +734,7 @@ set system name-server '172.16.254.30'
 set system option ctrl-alt-delete 'ignore'
 set system option reboot-on-panic
 set system option startup-beep
-set system syslog global facility all level 'debug'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'debug'
+set system syslog local facility local7 level 'debug'
 set system syslog remote 172.16.100.1 facility all level 'warning'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/dialup-router-medium-vpn b/smoketest/config-tests/dialup-router-medium-vpn
index b7187887b5..ba3ed29f42 100644
--- a/smoketest/config-tests/dialup-router-medium-vpn
+++ b/smoketest/config-tests/dialup-router-medium-vpn
@@ -314,7 +314,7 @@ set system static-host-mapping host-name host107.vyos.net inet '192.168.0.107'
 set system static-host-mapping host-name host109.vyos.net inet '192.168.0.109'
 set system sysctl parameter net.core.default_qdisc value 'fq'
 set system sysctl parameter net.ipv4.tcp_congestion_control value 'bbr'
-set system syslog global facility all level 'info'
+set system syslog local facility all level 'info'
 set system syslog remote 192.168.0.252 facility all level 'debug'
 set system syslog remote 192.168.0.252 protocol 'udp'
 set system task-scheduler task Update-Blacklists executable path '/config/scripts/vyos-foo-update.script'
diff --git a/smoketest/config-tests/dialup-router-wireguard-ipv6 b/smoketest/config-tests/dialup-router-wireguard-ipv6
index e4b8bcac40..269e9d7221 100644
--- a/smoketest/config-tests/dialup-router-wireguard-ipv6
+++ b/smoketest/config-tests/dialup-router-wireguard-ipv6
@@ -691,7 +691,7 @@ set system option ctrl-alt-delete 'ignore'
 set system option performance 'network-latency'
 set system option reboot-on-panic
 set system option startup-beep
-set system syslog global facility all level 'debug'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'debug'
+set system syslog local facility local7 level 'debug'
 set system syslog remote 172.16.100.1 facility all level 'warning'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/egp-igp-route-maps b/smoketest/config-tests/egp-igp-route-maps
index fc46d25ff8..222325cd70 100644
--- a/smoketest/config-tests/egp-igp-route-maps
+++ b/smoketest/config-tests/egp-igp-route-maps
@@ -42,5 +42,5 @@ set system login user vyos authentication plaintext-password ''
 set system logs logrotate messages max-size '1'
 set system logs logrotate messages rotate '5'
 set system name-server '192.168.0.1'
-set system syslog global facility all level 'info'
+set system syslog local facility all level 'info'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/igmp-pim-small b/smoketest/config-tests/igmp-pim-small
index 909c3d67b6..06051af41f 100644
--- a/smoketest/config-tests/igmp-pim-small
+++ b/smoketest/config-tests/igmp-pim-small
@@ -32,6 +32,6 @@ set system domain-name 'vyos.io'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/ipoe-server b/smoketest/config-tests/ipoe-server
index f4a12f502d..c21495ab26 100644
--- a/smoketest/config-tests/ipoe-server
+++ b/smoketest/config-tests/ipoe-server
@@ -44,5 +44,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/ipv6-disable b/smoketest/config-tests/ipv6-disable
index 40e34fa0cd..5f906b5f70 100644
--- a/smoketest/config-tests/ipv6-disable
+++ b/smoketest/config-tests/ipv6-disable
@@ -27,5 +27,5 @@ set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX
 set system login user vyos authentication plaintext-password ''
 set system name-server '172.16.254.20'
 set system name-server '172.16.254.30'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/isis-small b/smoketest/config-tests/isis-small
index b322f4e29b..e61d0362eb 100644
--- a/smoketest/config-tests/isis-small
+++ b/smoketest/config-tests/isis-small
@@ -39,6 +39,6 @@ set system login user vyos authentication plaintext-password ''
 set service ntp server time1.vyos.net
 set service ntp server time2.vyos.net
 set service ntp server time3.vyos.net
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/nat-basic b/smoketest/config-tests/nat-basic
index 471add3b35..ba2b1b8384 100644
--- a/smoketest/config-tests/nat-basic
+++ b/smoketest/config-tests/nat-basic
@@ -84,5 +84,5 @@ set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX
 set system login user vyos authentication plaintext-password ''
 set system name-server '1.1.1.1'
 set system name-server '9.9.9.9'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/ospf-simple b/smoketest/config-tests/ospf-simple
index 3557094484..4273e4b8ff 100644
--- a/smoketest/config-tests/ospf-simple
+++ b/smoketest/config-tests/ospf-simple
@@ -20,5 +20,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'lab-vyos-r1'
 set system login user vyos authentication encrypted-password '$6$R.OnGzfXSfl6J$Iba/hl9bmjBs0VPtZ2zdW.Snh/nHuvxUwi0R6ruypgW63iKEbicJH.uUst8xZCyByURblxRtjAC1lAnYfIt.b0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/ospf-small b/smoketest/config-tests/ospf-small
index a7f8b682ce..af69e57023 100644
--- a/smoketest/config-tests/ospf-small
+++ b/smoketest/config-tests/ospf-small
@@ -77,6 +77,6 @@ set system sysctl parameter net.ipv4.igmp_max_memberships value '5'
 set system sysctl parameter net.ipv4.ipfrag_time value '4'
 set system sysctl parameter net.mpls.default_ttl value '10'
 set system sysctl parameter net.mpls.ip_ttl_propagate value '0'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/pppoe-server b/smoketest/config-tests/pppoe-server
index 34fbea2157..e488fc746d 100644
--- a/smoketest/config-tests/pppoe-server
+++ b/smoketest/config-tests/pppoe-server
@@ -43,5 +43,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/qos-basic b/smoketest/config-tests/qos-basic
index 0e198b80ce..655a5794ea 100644
--- a/smoketest/config-tests/qos-basic
+++ b/smoketest/config-tests/qos-basic
@@ -71,5 +71,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/rip-router b/smoketest/config-tests/rip-router
index 829aafbd53..d22f424a59 100644
--- a/smoketest/config-tests/rip-router
+++ b/smoketest/config-tests/rip-router
@@ -79,5 +79,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/rpki-only b/smoketest/config-tests/rpki-only
index dcbc7673d9..f3e2a74b9b 100644
--- a/smoketest/config-tests/rpki-only
+++ b/smoketest/config-tests/rpki-only
@@ -38,5 +38,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'debug'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'debug'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/static-route-basic b/smoketest/config-tests/static-route-basic
index d2d33d0433..a6135d2c47 100644
--- a/smoketest/config-tests/static-route-basic
+++ b/smoketest/config-tests/static-route-basic
@@ -32,6 +32,6 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Asia/Macau'
diff --git a/smoketest/config-tests/tunnel-broker b/smoketest/config-tests/tunnel-broker
index ee6301c85a..5518c303b1 100644
--- a/smoketest/config-tests/tunnel-broker
+++ b/smoketest/config-tests/tunnel-broker
@@ -71,5 +71,5 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
diff --git a/smoketest/config-tests/vpn-openconnect-sstp b/smoketest/config-tests/vpn-openconnect-sstp
index 28d7d5daac..e7969f6331 100644
--- a/smoketest/config-tests/vpn-openconnect-sstp
+++ b/smoketest/config-tests/vpn-openconnect-sstp
@@ -16,8 +16,8 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set vpn openconnect authentication local-users username test password 'test'
 set vpn openconnect authentication mode local 'password'
 set vpn openconnect network-settings client-ip-settings subnet '192.168.160.0/24'
diff --git a/smoketest/config-tests/vrf-basic b/smoketest/config-tests/vrf-basic
index 1d2874a601..0c4e49c52b 100644
--- a/smoketest/config-tests/vrf-basic
+++ b/smoketest/config-tests/vrf-basic
@@ -35,8 +35,8 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
 set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 interface 'eth1'
 set vrf name green protocols static route 20.0.0.0/8 next-hop 1.1.1.1 vrf 'default'
diff --git a/smoketest/config-tests/vrf-bgp-pppoe-underlay b/smoketest/config-tests/vrf-bgp-pppoe-underlay
index bd64c914a4..e3c765a9a9 100644
--- a/smoketest/config-tests/vrf-bgp-pppoe-underlay
+++ b/smoketest/config-tests/vrf-bgp-pppoe-underlay
@@ -143,8 +143,8 @@ set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
 set system name-server '192.168.0.1'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
 set vrf bind-to-all
 set vrf name vyos-test-01 protocols bgp address-family ipv4-unicast network 100.64.50.0/23
diff --git a/smoketest/config-tests/vrf-ospf b/smoketest/config-tests/vrf-ospf
index fd14615e09..53207d565e 100644
--- a/smoketest/config-tests/vrf-ospf
+++ b/smoketest/config-tests/vrf-ospf
@@ -28,8 +28,8 @@ set system console device ttyS0 speed '115200'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
 set system login user vyos authentication plaintext-password ''
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system time-zone 'Europe/Berlin'
 set vrf name blue protocols ospf area 0 network '172.18.201.0/24'
 set vrf name blue protocols ospf interface eth2 authentication md5 key-id 30 md5-key 'vyoskey456'
diff --git a/smoketest/config-tests/wireless-basic b/smoketest/config-tests/wireless-basic
index d9e6c8fac7..e424b2b0f1 100644
--- a/smoketest/config-tests/wireless-basic
+++ b/smoketest/config-tests/wireless-basic
@@ -20,6 +20,6 @@ set system console device ttyS0 speed '115200'
 set system domain-name 'dev.vyos.net'
 set system host-name 'WR1'
 set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
-set system syslog global facility all level 'info'
-set system syslog global facility local7 level 'debug'
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
 set system wireless country-code 'es'
diff --git a/smoketest/configs/basic-vyos b/smoketest/configs/basic-vyos
index 527e620da0..a6cd3b6e16 100644
--- a/smoketest/configs/basic-vyos
+++ b/smoketest/configs/basic-vyos
@@ -254,6 +254,7 @@ system {
             format {
                 octet-counted
             }
+            protocol tcp
             port 8000
         }
     }
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index 1233bf12b8..5a09fab188 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -89,7 +89,7 @@ def test_global(self):
 
         for tmp, tmp_options in facility.items():
             level = tmp_options['level']
-            self.cli_set(base_path + ['global', 'facility', tmp, 'level', level])
+            self.cli_set(base_path + ['local', 'facility', tmp, 'level', level])
 
         self.cli_commit()
 
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index 6f6546fd13..f27c27e0b1 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -50,8 +50,8 @@ def get_config(config=None):
     if tmp: syslog.update({'restart_required': {}})
 
     syslog = conf.merge_defaults(syslog, recursive=True)
-    if syslog.from_defaults(['global']):
-        del syslog['global']
+    if syslog.from_defaults(['local']):
+        del syslog['local']
 
     if 'preserve_fqdn' in syslog:
         if conf.exists(['system', 'host-name']):
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index 9716e9e905..2ccd4b9c05 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -37,8 +37,9 @@ def migrate(config: ConfigTree) -> None:
 
     # Move "global preserve-fqdn" one CLI level up, as it relates to all
     # logging targets (console, global and remote)
-    if config.exists(base + ['global', 'preserve-fqdn']):
-        config.delete(base + ['global', 'preserve-fqdn'])
+    preserve_fqdn_base = base + ['global', 'preserve-fqdn']
+    if config.exists(preserve_fqdn_base):
+        config.delete(preserve_fqdn_base)
         config.set(base + ['preserve-fqdn'])
 
     # Move "global marker" one CLI level up, as it relates to all
@@ -48,6 +49,11 @@ def migrate(config: ConfigTree) -> None:
         config.copy(marker_base, base + ['marker'])
         config.delete(marker_base)
 
+    # Rename "global" -> "local" as this describes what is logged locally
+    # on the router to a file on the filesystem
+    if config.exists(base + ['global']):
+        config.rename(base + ['global'], 'local')
+
     # Rename host x.x.x.x -> remote x.x.x.x
     if config.exists(base + ['host']):
         config.set(base + ['remote'])

From 3f4c6422110c9a242ff3b81abd4f5ac5e01d5ab9 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Wed, 15 Jan 2025 20:48:34 +0100
Subject: [PATCH 09/14] syslog: T6989: remove RepeatedMsgReduction
 configuration option

This is a feature that worked decades ago when logs were small and reviewed by
a human, it fails badly on high volume logs processed by tools.

https://www.rsyslog.com/doc/configuration/action/rsconf1_repeatedmsgreduction.html
---
 data/templates/rsyslog/rsyslog.conf.j2 | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index c2cb8a1ca5..daaafa6d13 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -18,16 +18,9 @@ module(
     RateLimit.Burst="0"
 )
 
+###########################
 #### GLOBAL DIRECTIVES ####
-### TODO - remove
-# Filter duplicated messages
-# https://www.rsyslog.com/doc/configuration/action/rsconf1_repeatedmsgreduction.html
-$RepeatedMsgReduction on
-
-##########################################
-#### AUTH.LOG CHANNEL AND LOGGING RULES ####
-##########################################
-
+###########################
 # Log specific programs to auth.log, then stop further processing
 if (
     $programname == "CRON" or

From 5a7a9f3a20e19a52572ce1b9b214528b6ce958ce Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 18 Jan 2025 20:28:16 +0100
Subject: [PATCH 10/14] syslog: T6989: add possibility to define VRF per remote

Rsyslog supports individual VRFs per omfwd remote entry - so we should support
this, too.
---
 data/templates/rsyslog/rsyslog.conf.j2      | 10 +--
 interface-definitions/system_syslog.xml.in  | 14 ++---
 smoketest/config-tests/basic-syslog         | 25 ++++++++
 smoketest/configs/basic-syslog              | 70 +++++++++++++++++++++
 smoketest/scripts/cli/test_system_syslog.py | 65 ++++++++++++++++++-
 src/conf_mode/system_syslog.py              | 46 +++++++-------
 src/migration-scripts/system/28-to-29       |  7 +++
 7 files changed, 201 insertions(+), 36 deletions(-)
 create mode 100644 smoketest/config-tests/basic-syslog
 create mode 100644 smoketest/configs/basic-syslog

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index daaafa6d13..45742b073a 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -106,12 +106,11 @@ if prifilt("{{ tmp | join(',') }}") then {
         template="SyslogProtocol23Format"
 {%             endif %}
         TCP_Framing="{{ 'octed-counted' if remote_options.format.octet_counted is vyos_defined else 'traditional' }}"
-{%             if source_address is vyos_defined %}
-        # Sender IP address
-        Address="{{ source_address }}"
+{%             if remote_options.source_address is vyos_defined %}
+        Address="{{ remote_options.source_address }}"
 {%             endif %}
-{%             if vrf is vyos_defined %}
-        Device="{{ vrf }}"
+{%             if remote_options.vrf is vyos_defined %}
+        Device="{{ remote_options.vrf }}"
 {%             endif %}
     )
 }
@@ -121,3 +120,4 @@ if prifilt("{{ tmp | join(',') }}") then {
 
 # Include all configuration files in /etc/rsyslog.d/
 include(file="/etc/rsyslog.d/*.conf")
+
diff --git a/interface-definitions/system_syslog.xml.in b/interface-definitions/system_syslog.xml.in
index 0dbf5d497e..91fb680e02 100644
--- a/interface-definitions/system_syslog.xml.in
+++ b/interface-definitions/system_syslog.xml.in
@@ -38,11 +38,6 @@
               </valueHelp>
             </properties>
             <children>
-              #include <include/port-number.xml.i>
-              <leafNode name="port">
-                <defaultValue>514</defaultValue>
-              </leafNode>
-              #include <include/protocol-tcp-udp.xml.i>
               #include <include/syslog-facility.xml.i>
               <node name="format">
                 <properties>
@@ -63,6 +58,13 @@
                   </leafNode>
                 </children>
               </node>
+              #include <include/port-number.xml.i>
+              <leafNode name="port">
+                <defaultValue>514</defaultValue>
+              </leafNode>
+              #include <include/protocol-tcp-udp.xml.i>
+              #include <include/source-address-ipv4-ipv6.xml.i>
+              #include <include/interface/vrf.xml.i>
             </children>
           </tagNode>
           <node name="local">
@@ -100,8 +102,6 @@
               <valueless/>
             </properties>
           </leafNode>
-          #include <include/source-address-ipv4-ipv6.xml.i>
-          #include <include/interface/vrf.xml.i>
         </children>
       </node>
     </children>
diff --git a/smoketest/config-tests/basic-syslog b/smoketest/config-tests/basic-syslog
new file mode 100644
index 0000000000..349d642fd0
--- /dev/null
+++ b/smoketest/config-tests/basic-syslog
@@ -0,0 +1,25 @@
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth1 address '172.16.33.154/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth1 vrf 'red'
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos-ci-test.net'
+set system host-name 'vyos'
+set system login user vyos authentication encrypted-password '$6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0'
+set system login user vyos authentication plaintext-password ''
+set system syslog local facility all level 'info'
+set system syslog local facility local7 level 'debug'
+set system syslog marker interval '999'
+set system syslog preserve-fqdn
+set system syslog remote syslog01.vyos.net facility local7 level 'notice'
+set system syslog remote syslog01.vyos.net port '8000'
+set system syslog remote syslog01.vyos.net vrf 'red'
+set system syslog remote syslog02.vyos.net facility all level 'debug'
+set system syslog remote syslog02.vyos.net format include-timezone
+set system syslog remote syslog02.vyos.net format octet-counted
+set system syslog remote syslog02.vyos.net port '8001'
+set system syslog remote syslog02.vyos.net protocol 'tcp'
+set system syslog remote syslog02.vyos.net vrf 'red'
+set vrf name red table '12321'
diff --git a/smoketest/configs/basic-syslog b/smoketest/configs/basic-syslog
new file mode 100644
index 0000000000..9336b73bc5
--- /dev/null
+++ b/smoketest/configs/basic-syslog
@@ -0,0 +1,70 @@
+interfaces {
+    ethernet eth0 {
+        duplex "auto"
+        speed "auto"
+    }
+    ethernet eth1 {
+        address 172.16.33.154/24
+        duplex auto
+        speed auto
+        vrf red
+    }
+}
+system {
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    domain-name vyos-ci-test.net
+    host-name vyos
+    login {
+        user vyos {
+            authentication {
+                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+                plaintext-password ""
+            }
+        }
+    }
+    syslog {
+        global {
+            facility all {
+                level info
+            }
+            facility local7 {
+                level debug
+            }
+            marker {
+                interval 999
+            }
+            preserve-fqdn
+        }
+        host syslog01.vyos.net {
+            facility local7 {
+                level notice
+            }
+            port 8000
+        }
+        host syslog02.vyos.net {
+            facility all {
+                level debug
+            }
+            format {
+                include-timezone
+                octet-counted
+            }
+            protocol tcp
+            port 8001
+        }
+        vrf red
+    }
+}
+vrf {
+    name red {
+        table 12321
+    }
+}
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "bgp@5:broadcast-relay@1:cluster@2:config-management@1:conntrack@5:conntrack-sync@2:container@2:dhcp-relay@2:dhcp-server@8:dhcpv6-server@1:dns-dynamic@4:dns-forwarding@4:firewall@15:flow-accounting@1:https@6:ids@1:interfaces@32:ipoe-server@3:ipsec@13:isis@3:l2tp@9:lldp@2:mdns@1:monitoring@1:nat@8:nat66@3:ntp@3:openconnect@3:ospf@2:pim@1:policy@8:pppoe-server@10:pptp@5:qos@2:quagga@11:reverse-proxy@1:rip@1:rpki@2:salt@1:snmp@3:ssh@2:sstp@6:system@27:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2"
+// Release version: 1.4.0
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index 5a09fab188..bf6d3134d2 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -14,7 +14,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import re
 import unittest
 
 from base_vyostest_shim import VyOSUnitTestSHIM
@@ -47,6 +46,7 @@ def setUpClass(cls):
         # ensure we can also run this test on a live system - so lets clean
         # out the current configuration :)
         cls.cli_delete(cls, base_path)
+        cls.cli_delete(cls, ['vrf'])
 
     def tearDown(self):
         # Check for running process
@@ -204,5 +204,68 @@ def test_remote(self):
                 else:
                     self.assertIn( '        TCP_Framing="traditional"', config)
 
+    def test_vrf_source_address(self):
+        rhosts = {
+            '169.254.0.10': { },
+            '169.254.0.11': {
+                'vrf': {'name' : 'red', 'table' : '12321'},
+                'source_address' : '169.254.0.11',
+            },
+            '169.254.0.12': {
+                'vrf': {'name' : 'green', 'table' : '12322'},
+                'source_address' : '169.254.0.12',
+            },
+            '169.254.0.13': {
+                'vrf': {'name' : 'blue', 'table' : '12323'},
+                'source_address' : '169.254.0.13',
+            },
+        }
+
+        for remote, remote_options in rhosts.items():
+            remote_base = base_path + ['remote', remote]
+            self.cli_set(remote_base + ['facility', 'all'])
+
+            vrf = None
+            if 'vrf' in remote_options:
+                vrf = remote_options['vrf']['name']
+                self.cli_set(['vrf', 'name', vrf, 'table', remote_options['vrf']['table']])
+                self.cli_set(remote_base + ['vrf', vrf])
+
+            if 'source_address' in remote_options:
+                source_address = remote_options['source_address']
+                self.cli_set(remote_base + ['source-address', source_address])
+
+                idx = source_address.split('.')[-1]
+                self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'address', f'{source_address}/32'])
+                if vrf:
+                    self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'vrf', vrf])
+
+
+        self.cli_commit()
+        config = read_file(RSYSLOG_CONF)
+
+        for remote, remote_options in rhosts.items():
+            config = get_config(f'# Remote syslog to {remote}')
+
+            self.assertIn(f'target="{remote}"', config)
+            if 'vrf' in remote_options:
+                vrf = remote_options['vrf']['name']
+                self.assertIn(f'Device="{vrf}"', config)
+
+            if 'source_address' in remote_options:
+                source_address = remote_options['source_address']
+                self.assertIn(f'Address="{source_address}"', config)
+
+        # Cleanup VRF/Dummy interfaces
+        for remote, remote_options in rhosts.items():
+            if 'vrf' in remote_options:
+                vrf = remote_options['vrf']['name']
+                self.cli_delete(['vrf', 'name', vrf])
+
+            if 'source_address' in remote_options:
+                source_address = remote_options['source_address']
+                idx = source_address.split('.')[-1]
+                self.cli_delete(['interfaces', 'dummy', f'dum{idx}'])
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index f27c27e0b1..00c571ea9a 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -20,11 +20,12 @@
 
 from vyos.base import Warning
 from vyos.config import Config
-from vyos.configdict import is_node_changed
 from vyos.configverify import verify_vrf
 from vyos.utils.network import is_addr_assigned
 from vyos.utils.process import call
 from vyos.template import render
+from vyos.template import is_ipv4
+from vyos.template import is_ipv6
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
@@ -46,9 +47,6 @@ def get_config(config=None):
 
     syslog.update({ 'logrotate' : logrotate_conf })
 
-    tmp = is_node_changed(conf, base + ['vrf'])
-    if tmp: syslog.update({'restart_required': {}})
-
     syslog = conf.merge_defaults(syslog, recursive=True)
     if syslog.from_defaults(['local']):
         del syslog['local']
@@ -74,19 +72,26 @@ def verify(syslog):
             Warning('No "system domain-name" defined - cannot set syslog FQDN!')
 
     if 'remote' in syslog:
-         for host, host_options in syslog['remote'].items():
-             if 'protocol' in host_options and host_options['protocol'] == 'udp':
-                 if 'format' in host_options and 'octet_counted' in host_options['format']:
-                     Warning(f'Syslog UDP transport for "{host}" should not use octet-counted format!')
-
-    verify_vrf(syslog)
-
-    if 'source_address' in syslog:
-        syslog_vrf = None
-        if 'vrf' in syslog:
-            syslog_vrf = syslog['vrf']
-        if not is_addr_assigned(syslog['source_address'], syslog_vrf):
-            raise ConfigError('No interface with given address specified!')
+        for remote, remote_options in syslog['remote'].items():
+            if 'protocol' in remote_options and remote_options['protocol'] == 'udp':
+                if 'format' in remote_options and 'octet_counted' in remote_options['format']:
+                    Warning(f'Syslog UDP transport for "{remote}" should not use octet-counted format!')
+
+            if 'vrf' in remote_options:
+                verify_vrf(remote_options)
+
+            if 'source_address' in remote_options:
+                vrf = None
+                if 'vrf' in remote_options:
+                    vrf = remote_options['vrf']
+                if not is_addr_assigned(remote_options['source_address'], vrf):
+                    raise ConfigError('No interface with given address specified!')
+
+                source_address = remote_options['source_address']
+                if ((is_ipv4(remote) and is_ipv6(source_address)) or
+                    (is_ipv6(remote) and is_ipv4(source_address))):
+                    raise ConfigError(f'Source-address "{source_address}" does not match '\
+                                      f'address-family of remote "{remote}"!')
 
 def generate(syslog):
     if not syslog:
@@ -108,12 +113,7 @@ def apply(syslog):
         call(f'systemctl stop {systemd_service} {systemd_socket}')
         return None
 
-    # we need to restart the service if e.g. the VRF name changed
-    systemd_action = 'reload-or-restart'
-    if 'restart_required' in syslog:
-        systemd_action = 'restart'
-
-    call(f'systemctl {systemd_action} {systemd_service}')
+    call(f'systemctl reload-or-restart {systemd_service}')
     return None
 
 if __name__ == '__main__':
diff --git a/src/migration-scripts/system/28-to-29 b/src/migration-scripts/system/28-to-29
index 2ccd4b9c05..ccf7056c47 100644
--- a/src/migration-scripts/system/28-to-29
+++ b/src/migration-scripts/system/28-to-29
@@ -54,6 +54,11 @@ def migrate(config: ConfigTree) -> None:
     if config.exists(base + ['global']):
         config.rename(base + ['global'], 'local')
 
+    vrf = ''
+    if config.exists(base + ['vrf']):
+        vrf = config.return_value(base + ['vrf'])
+        config.delete(base + ['vrf'])
+
     # Rename host x.x.x.x -> remote x.x.x.x
     if config.exists(base + ['host']):
         config.set(base + ['remote'])
@@ -61,4 +66,6 @@ def migrate(config: ConfigTree) -> None:
         for remote in config.list_nodes(base + ['host']):
             config.copy(base + ['host', remote], base + ['remote', remote])
             config.set_tag(base + ['remote'])
+            if vrf:
+                config.set(base + ['remote', remote, 'vrf'], value=vrf)
         config.delete(base + ['host'])

From ae52b7799f6872ee9ea2475e76a6d4ea32c2ddce Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 20 Jan 2025 21:02:22 +0100
Subject: [PATCH 11/14] syslog: T6989: increase local log size form 256KiB ->
 1MiB

---
 data/templates/rsyslog/rsyslog.conf.j2      | 3 +--
 smoketest/scripts/cli/test_system_syslog.py | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/data/templates/rsyslog/rsyslog.conf.j2 b/data/templates/rsyslog/rsyslog.conf.j2
index 45742b073a..c6eb6430c6 100644
--- a/data/templates/rsyslog/rsyslog.conf.j2
+++ b/data/templates/rsyslog/rsyslog.conf.j2
@@ -64,7 +64,7 @@ if prifilt("{{ tmp | join(',') }}") then {
     action(
         type="omfile"
         file="/var/log/messages"
-        queue.size="262144"
+        rotation.sizeLimit="524288" # 512Kib - maximum filesize before rotation
         rotation.sizeLimitCommand="/usr/sbin/logrotate {{ logrotate }}"
     )
 }
@@ -120,4 +120,3 @@ if prifilt("{{ tmp | join(',') }}") then {
 
 # Include all configuration files in /etc/rsyslog.d/
 include(file="/etc/rsyslog.d/*.conf")
-
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index bf6d3134d2..1fd9ee18d0 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -117,7 +117,7 @@ def test_global(self):
         self.assertIn( '    action(', config)
         self.assertIn( '        type="omfile"', config)
         self.assertIn( '        file="/var/log/messages"', config)
-        self.assertIn( '        queue.size="262144"', config)
+        self.assertIn( '        rotation.sizeLimit="524288"', config)
         self.assertIn( '        rotation.sizeLimitCommand="/usr/sbin/logrotate /etc/logrotate.d/vyos-rsyslog"', config)
 
     def test_remote(self):

From a8db4a59d917572040bcc9cc4c0070c7816a064f Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 2 Feb 2025 21:38:34 +0100
Subject: [PATCH 12/14] smoketest: T6989: extend cli_set() signature to pass
 CLI node value

---
 smoketest/scripts/cli/base_vyostest_shim.py |  7 +++--
 smoketest/scripts/cli/test_system_syslog.py | 34 ++++++++++++---------
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/smoketest/scripts/cli/base_vyostest_shim.py b/smoketest/scripts/cli/base_vyostest_shim.py
index a546227004..a89b8dce5e 100644
--- a/smoketest/scripts/cli/base_vyostest_shim.py
+++ b/smoketest/scripts/cli/base_vyostest_shim.py
@@ -75,10 +75,11 @@ def tearDownClass(cls):
                 cls._session.discard()
                 cls.fail(cls)
 
-        def cli_set(self, config):
+        def cli_set(self, path, value=None):
             if self.debug:
-                print('set ' + ' '.join(config))
-            self._session.set(config)
+                str = f'set {" ".join(path)} {value}' if value else f'set {" ".join(path)}'
+                print(str)
+            self._session.set(path, value)
 
         def cli_delete(self, config):
             if self.debug:
diff --git a/smoketest/scripts/cli/test_system_syslog.py b/smoketest/scripts/cli/test_system_syslog.py
index 1fd9ee18d0..c3b14e1c05 100755
--- a/smoketest/scripts/cli/test_system_syslog.py
+++ b/smoketest/scripts/cli/test_system_syslog.py
@@ -61,7 +61,7 @@ def tearDown(self):
 
     def test_console(self):
         level = 'warning'
-        self.cli_set(base_path + ['console', 'facility', 'all', 'level', level])
+        self.cli_set(base_path + ['console', 'facility', 'all', 'level'], value=level)
         self.cli_commit()
 
         rsyslog_conf = get_config()
@@ -72,7 +72,7 @@ def test_console(self):
         for tmp in config:
             self.assertIn(tmp, rsyslog_conf)
 
-    def test_global(self):
+    def test_basic(self):
         hostname = 'vyos123'
         domain_name = 'example.local'
         default_marker_interval = default_value(base_path + ['marker', 'interval'])
@@ -83,13 +83,13 @@ def test_global(self):
             'all':  {'level': 'notice'},
         }
 
-        self.cli_set(['system', 'host-name', hostname])
-        self.cli_set(['system', 'domain-name', domain_name])
+        self.cli_set(['system', 'host-name'], value=hostname)
+        self.cli_set(['system', 'domain-name'], value=domain_name)
         self.cli_set(base_path + ['preserve-fqdn'])
 
         for tmp, tmp_options in facility.items():
             level = tmp_options['level']
-            self.cli_set(base_path + ['local', 'facility', tmp, 'level', level])
+            self.cli_set(base_path + ['local', 'facility', tmp, 'level'], value=level)
 
         self.cli_commit()
 
@@ -147,20 +147,21 @@ def test_remote(self):
             remote_base = base_path + ['remote', remote]
 
             if 'port' in remote_options:
-                self.cli_set(remote_base + ['port', remote_options['port']])
+                self.cli_set(remote_base + ['port'], value=remote_options['port'])
 
             if 'facility' in remote_options:
                 for facility, facility_options in remote_options['facility'].items():
                     level = facility_options['level']
-                    self.cli_set(remote_base + ['facility', facility, 'level', level])
+                    self.cli_set(remote_base + ['facility', facility, 'level'],
+                                 value=level)
 
             if 'format' in remote_options:
                 for format in remote_options['format']:
-                    self.cli_set(remote_base + ['format', format])
+                    self.cli_set(remote_base + ['format'], value=format)
 
             if 'protocol' in remote_options:
                 protocol = remote_options['protocol']
-                self.cli_set(remote_base + ['protocol', protocol])
+                self.cli_set(remote_base + ['protocol'], value=protocol)
 
         self.cli_commit()
 
@@ -228,18 +229,21 @@ def test_vrf_source_address(self):
             vrf = None
             if 'vrf' in remote_options:
                 vrf = remote_options['vrf']['name']
-                self.cli_set(['vrf', 'name', vrf, 'table', remote_options['vrf']['table']])
-                self.cli_set(remote_base + ['vrf', vrf])
+                self.cli_set(['vrf', 'name', vrf, 'table'],
+                             value=remote_options['vrf']['table'])
+                self.cli_set(remote_base + ['vrf'], value=vrf)
 
             if 'source_address' in remote_options:
                 source_address = remote_options['source_address']
-                self.cli_set(remote_base + ['source-address', source_address])
+                self.cli_set(remote_base + ['source-address'],
+                             value=source_address)
 
                 idx = source_address.split('.')[-1]
-                self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'address', f'{source_address}/32'])
+                self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'address'],
+                             value=f'{source_address}/32')
                 if vrf:
-                    self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'vrf', vrf])
-
+                    self.cli_set(['interfaces', 'dummy', f'dum{idx}', 'vrf'],
+                                 value=vrf)
 
         self.cli_commit()
         config = read_file(RSYSLOG_CONF)

From 29a7edaf871cbf77092308eab05cb750a9e74308 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 2 Feb 2025 21:39:45 +0100
Subject: [PATCH 13/14] init: T6989: start syslog early

---
 src/init/vyos-router | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/init/vyos-router b/src/init/vyos-router
index 00136309b8..ab3cc42cb0 100755
--- a/src/init/vyos-router
+++ b/src/init/vyos-router
@@ -461,6 +461,7 @@ start ()
 
     # As VyOS does not execute commands that are not present in the CLI we call
     # the script by hand to have a single source for the login banner and MOTD
+    ${vyos_conf_scripts_dir}/system_syslog.py || log_failure_msg "could not reset syslog"
     ${vyos_conf_scripts_dir}/system_console.py || log_failure_msg "could not reset serial console"
     ${vyos_conf_scripts_dir}/system_login_banner.py || log_failure_msg "could not reset motd and issue files"
     ${vyos_conf_scripts_dir}/system_option.py || log_failure_msg "could not reset system option files"

From cf7721f7d5345e484e0c57b643913d2353dca6f5 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 2 Feb 2025 21:40:46 +0100
Subject: [PATCH 14/14] defaults: T6989: provide single source of systemd
 services

Some systemd services are re-used over multiple configuration files. Keep a
single source of the real systemd names and only reference them by dictionary
keys.
---
 python/vyos/defaults.py           | 7 ++++++-
 src/conf_mode/service_snmp.py     | 3 ++-
 src/conf_mode/system_host-name.py | 9 ++++++---
 src/conf_mode/system_syslog.py    | 6 ++++--
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index 9757a34df3..89e51707be 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -1,4 +1,4 @@
-# Copyright 2018-2024 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2018-2025 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -40,6 +40,11 @@
   'ca_certificates' : '/usr/local/share/ca-certificates/vyos'
 }
 
+systemd_services = {
+    'rsyslog' : 'rsyslog.service',
+    'snmpd' : 'snmpd.service',
+}
+
 config_status = '/tmp/vyos-config-status'
 api_config_state = '/run/http-api-state'
 frr_debug_enable = '/tmp/vyos.frr.debug'
diff --git a/src/conf_mode/service_snmp.py b/src/conf_mode/service_snmp.py
index 1174b12383..d85f208203 100755
--- a/src/conf_mode/service_snmp.py
+++ b/src/conf_mode/service_snmp.py
@@ -22,6 +22,7 @@
 from vyos.config import Config
 from vyos.configdict import dict_merge
 from vyos.configverify import verify_vrf
+from vyos.defaults import systemd_services
 from vyos.snmpv3_hashgen import plaintext_to_md5
 from vyos.snmpv3_hashgen import plaintext_to_sha1
 from vyos.snmpv3_hashgen import random
@@ -43,7 +44,7 @@
 config_file_user    = r'/var/lib/snmp/snmpd.conf'
 default_script_dir  = r'/config/user-data/'
 systemd_override    = r'/run/systemd/system/snmpd.service.d/override.conf'
-systemd_service     = 'snmpd.service'
+systemd_service     = systemd_services['snmpd']
 
 def get_config(config=None):
     if config:
diff --git a/src/conf_mode/system_host-name.py b/src/conf_mode/system_host-name.py
index 3f245f166f..fef034d1c5 100755
--- a/src/conf_mode/system_host-name.py
+++ b/src/conf_mode/system_host-name.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018-2024 VyOS maintainers and contributors
+# Copyright (C) 2018-2025 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -23,6 +23,7 @@
 from vyos.base import Warning
 from vyos.config import Config
 from vyos.configdict import leaf_node_changed
+from vyos.defaults import systemd_services
 from vyos.ifconfig import Section
 from vyos.template import is_ip
 from vyos.utils.process import cmd
@@ -174,11 +175,13 @@ def apply(config):
 
     # Restart services that use the hostname
     if hostname_new != hostname_old:
-        call("systemctl restart rsyslog.service")
+        tmp = systemd_services['rsyslog']
+        call(f'systemctl restart {tmp}')
 
     # If SNMP is running, restart it too
     if process_named_running('snmpd') and config['snmpd_restart_reqired']:
-        call('systemctl restart snmpd.service')
+        tmp = systemd_services['snmpd']
+        call(f'systemctl restart {tmp}')
 
     return None
 
diff --git a/src/conf_mode/system_syslog.py b/src/conf_mode/system_syslog.py
index 00c571ea9a..414bd4b6bc 100755
--- a/src/conf_mode/system_syslog.py
+++ b/src/conf_mode/system_syslog.py
@@ -21,6 +21,7 @@
 from vyos.base import Warning
 from vyos.config import Config
 from vyos.configverify import verify_vrf
+from vyos.defaults import systemd_services
 from vyos.utils.network import is_addr_assigned
 from vyos.utils.process import call
 from vyos.template import render
@@ -33,6 +34,9 @@
 rsyslog_conf = '/run/rsyslog/rsyslog.conf'
 logrotate_conf = '/etc/logrotate.d/vyos-rsyslog'
 
+systemd_socket = 'syslog.socket'
+systemd_service = systemd_services['rsyslog']
+
 def get_config(config=None):
     if config:
         conf = config
@@ -107,8 +111,6 @@ def generate(syslog):
     return None
 
 def apply(syslog):
-    systemd_socket = 'syslog.socket'
-    systemd_service = 'syslog.service'
     if not syslog:
         call(f'systemctl stop {systemd_service} {systemd_socket}')
         return None