Syslog not working 1.4

Hi All,

Wondering if someone could help me troubleshoot syslog.
Setting up a graylog docker - which is all good and up and running.

Saw a post that I tried following - Sending VyOS Syslog to Graylog | Bill Clark

Noticed “facility protocols” does not exist and has been replaced by local7?

When I enable syslog in VyOS however I get the following:

Configuration is

set system syslog host <GRAYLOG_IP> facility all level 'info'
set system syslog host <GRAYLOG_IP> facility local7 level 'debug'
set system syslog host <GRAYLOG_IP> format octet-counted

Seems to error out?

journalctl -f | grep syslog
May 07 21:31:21 box sudo[628873]:   boxadm : TTY=pts/0 ; PWD=/home/boxadm ; USER=root ; COMMAND=/usr/bin/sh -c '/usr/sbin/vyshim /usr/libexec/vyos/conf_mode/system_syslog.py'
May 07 21:31:28 box vyos-configd[692]: Received message: {"type": "node", "data": "/usr/libexec/vyos/conf_mode/system_syslog.py"}
May 07 21:31:29 box systemd[1]: Stopping rsyslog.service - System Logging Service...
May 07 21:31:29 box rsyslogd[628043]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="628043" x-info="https://www.rsyslog.com"] exiting on signal 15.
May 07 21:31:29 box systemd[1]: rsyslog.service: Deactivated successfully.
May 07 21:31:29 box systemd[1]: Stopped rsyslog.service - System Logging Service.
May 07 21:31:29 box systemd[1]: Starting rsyslog.service - System Logging Service...
May 07 21:31:29 box rsyslogd[628911]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd.  [v8.2302.0]
May 07 21:31:29 box rsyslogd[628911]: [origin software="rsyslogd" swVersion="8.2302.0" x-pid="628911" x-info="https://www.rsyslog.com"] start
May 07 21:31:29 box systemd[1]: Started rsyslog.service - System Logging Service.
May 07 21:31:29 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628930) exited with status 1 [v8.2302.0]
May 07 21:31:29 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628939) exited with status 1 [v8.2302.0]
May 07 21:31:29 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628947) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628956) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628964) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628972) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628980) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628988) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 628996) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 629004) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: program '/usr/sbin/logrotate' (pid 629013) exited with status 1 [v8.2302.0]
May 07 21:31:30 box rsyslogd[628911]: child process (pid 629021) exited with status 1 [v8.2302.0]

Kind Regards

Which version of 1.4?

I have

set system syslog host 192.168.0.5 facility all level 'debug'
set system syslog host 192.168.0.5 protocol 'udp'

On 1.4-epa2 and it’s working fine.

It is probably only for TCP

Running version

Version:          VyOS 1.4.0-epa2
Release train:    sagitta

UDP and Port are have defaults set

set system syslog host 192.168.0.5
Possible completions:
+> facility             Facility for logging
 > format               Logging format
   port                 Port number used by connection (default: 514)
   protocol             Protocol to be used (TCP/UDP) (default: udp)

So I removed octet-counted and ended up with just

set system syslog host 192.168.100.122 facility all level debug

logs get flooded with the same error about logrotate and nothing coming through to syslog server.

May 08 08:03:20 box rsyslogd[666332]: program '/usr/sbin/logrotate' (pid 666465) exited with status 1 [v8.2302.0]
May 08 08:03:20 box rsyslogd[666332]: program '/usr/sbin/logrotate' (pid 666473) exited with status 1 [v8.2302.0]
May 08 08:03:20 box rsyslogd[666332]: program '/usr/sbin/logrotate' (pid 666481) exited with status 1 [v8.2302.0]
May 08 08:03:20 box rsyslogd[666332]: child process (pid 666489) exited with status 1 [v8.2302.0]
May 08 08:03:20 box rsyslogd[666332]: program '/usr/sbin/logrotate' (pid 666497) exited with status 1 [v8.2302.0]

Anything else I can check?

The latest rolling release behavior.

In case it helps (which it may not), I have a machine running 1.4.0-epa2 with:-

set system syslog global facility all level ‘debug’
set system syslog global facility local7 level ‘debug’
set system syslog host xxx.xxx.42.2 facility all level ‘debug’

which does not show any errors similar to the above. Indeed it does from time to time show:-

May 8 08:00:01 ha-r02a systemd[1]: Starting logrotate.service - Rotate log files…
May 8 08:00:01 ha-r02a systemd[1]: logrotate.service: Deactivated successfully.
May 8 08:00:01 ha-r02a systemd[1]: Finished logrotate.service - Rotate log files.