syslog: deprecate

The standalone syslog output is now deprecated for Suricata 8. Display a warning on use and add notes to the userguide. Ticket: #6544
6 months ago · 15fe844ae7
parent 5853fb922d
commit 15fe844ae7
4 changed files with 9 additions and 10 deletions
--- a/doc/userguide/configuration/suricata-yaml.rst
+++ b/doc/userguide/configuration/suricata-yaml.rst
@ -581,6 +581,10 @@ section as described above.
 Syslog
 ~~~~~~

+.. attention:: The syslog output is deprecated in Suricata 8.0 and
+               will be removed in Suricata 9.0. Please migrate to the
+               ``eve`` output which has the ability to send to syslog.
+
 With this option it is possible to send all alert and event output to syslog.

 ::
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@ -80,6 +80,9 @@ Deprecations
 ~~~~~~~~~~~~
 - The ``http-log`` output is now deprecated and will be removed in Suricata 9.0.
 - The ``tls-log`` output is now deprecated and will be removed in Suricata 9.0.
+- The ``syslog`` output is now deprecated and will be removed in
+  Suricata 9.0. Note that this is the standalone ``syslog`` output and
+  does affect the ``eve`` outputs ability to send to syslog.

 Upgrading 6.0 to 7.0
 --------------------
--- a/src/alert-syslog.c
+++ b/src/alert-syslog.c
@ -87,6 +87,8 @@ static void AlertSyslogDeInitCtx(OutputCtx *output_ctx)
 */
 static OutputInitResult AlertSyslogInitCtx(ConfNode *conf)
 {
+    SCLogWarning("The syslog output has been deprecated and will be removed in Suricata 9.0.");
+
    OutputInitResult result = { NULL, false };
    const char *facility_s = ConfNodeLookupChildValue(conf, "facility");
    if (facility_s == NULL) {
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -434,16 +434,6 @@ outputs:
      threads: no       # per thread stats
      #null-values: yes  # print counters that have value 0. Default: no

-  # a line based alerts log similar to fast.log into syslog
-  - syslog:
-      enabled: no
-      # reported identity to syslog. If omitted the program name (usually
-      # suricata) will be used.
-      #identity: "suricata"
-      facility: local5
-      #level: Info ## possible levels: Emergency, Alert, Critical,
-                   ## Error, Warning, Notice, Info, Debug
-
  # Output module for storing files on disk. Files are stored in
  # directory names consisting of the first 2 characters of the
  # SHA256 of the file. Each file is given its SHA256 as a filename.