From 15fe844ae7fef8403683109257ab0b0966148239 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 29 Aug 2024 08:51:49 -0600 Subject: [PATCH] syslog: deprecate The standalone syslog output is now deprecated for Suricata 8. Display a warning on use and add notes to the userguide. Ticket: #6544 --- doc/userguide/configuration/suricata-yaml.rst | 4 ++++ doc/userguide/upgrade.rst | 3 +++ src/alert-syslog.c | 2 ++ suricata.yaml.in | 10 ---------- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index f5f3101aaeca..ffc540585f11 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -581,6 +581,10 @@ section as described above. Syslog ~~~~~~ +.. attention:: The syslog output is deprecated in Suricata 8.0 and + will be removed in Suricata 9.0. Please migrate to the + ``eve`` output which has the ability to send to syslog. + With this option it is possible to send all alert and event output to syslog. :: diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index 885b8d95dbbe..a4fda32a00a3 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -80,6 +80,9 @@ Deprecations ~~~~~~~~~~~~ - The ``http-log`` output is now deprecated and will be removed in Suricata 9.0. - The ``tls-log`` output is now deprecated and will be removed in Suricata 9.0. +- The ``syslog`` output is now deprecated and will be removed in + Suricata 9.0. Note that this is the standalone ``syslog`` output and + does affect the ``eve`` outputs ability to send to syslog. Upgrading 6.0 to 7.0 -------------------- diff --git a/src/alert-syslog.c b/src/alert-syslog.c index 856e5843d03d..5c00f1b35056 100644 --- a/src/alert-syslog.c +++ b/src/alert-syslog.c @@ -87,6 +87,8 @@ static void AlertSyslogDeInitCtx(OutputCtx *output_ctx) */ static OutputInitResult AlertSyslogInitCtx(ConfNode *conf) { + SCLogWarning("The syslog output has been deprecated and will be removed in Suricata 9.0."); + OutputInitResult result = { NULL, false }; const char *facility_s = ConfNodeLookupChildValue(conf, "facility"); if (facility_s == NULL) { diff --git a/suricata.yaml.in b/suricata.yaml.in index 5a61c8050f1f..9c116a3082a2 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -434,16 +434,6 @@ outputs: threads: no # per thread stats #null-values: yes # print counters that have value 0. Default: no - # a line based alerts log similar to fast.log into syslog - - syslog: - enabled: no - # reported identity to syslog. If omitted the program name (usually - # suricata) will be used. - #identity: "suricata" - facility: local5 - #level: Info ## possible levels: Emergency, Alert, Critical, - ## Error, Warning, Notice, Info, Debug - # Output module for storing files on disk. Files are stored in # directory names consisting of the first 2 characters of the # SHA256 of the file. Each file is given its SHA256 as a filename.