From f8f9f96b703eceee4d51e3c6c02df6262421ef48 Mon Sep 17 00:00:00 2001
From: Nazarii Hnydyn <nazariig@nvidia.com>
Date: Tue, 4 Mar 2025 16:52:55 +0200
Subject: [PATCH 1/2] [rsyslog]: Remote logging with the highest rule priority

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
---
 files/image_config/rsyslog/rsyslog.conf.j2 | 61 ++++++++++------------
 1 file changed, 28 insertions(+), 33 deletions(-)

diff --git a/files/image_config/rsyslog/rsyslog.conf.j2 b/files/image_config/rsyslog/rsyslog.conf.j2
index b68ba2e77e5b..629dd78c7441 100644
--- a/files/image_config/rsyslog/rsyslog.conf.j2
+++ b/files/image_config/rsyslog/rsyslog.conf.j2
@@ -64,42 +64,9 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
 :::date-second%\" fw=\"{{ fw_name }}\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
 
-#
-# Set the default permissions for all log files.
-#
-$FileOwner root
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-
-#
-# Where to place spool and state files
-#
-$WorkDirectory /var/spool/rsyslog
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-#
-# Suppress duplicate messages and report "message repeated n times"
-#
-$RepeatedMsgReduction on
-
-###############
-#### RULES ####
-###############
-
 #
 # Remote syslog logging
 #
-
-# The omfwd plug-in provides the core functionality of traditional message
-# forwarding via UDP and plain TCP. It is a built-in module that does not need
-# to be loaded.
-
 {% set servers = SYSLOG_SERVER | d({}) -%}
 {% for server in servers %}
 {% set conf = servers[server] | d({}) -%}
@@ -134,3 +101,31 @@ $RepeatedMsgReduction on
 *.{{ severity }}
 action(type="omfwd" Target="{{ server }}" Port="{{ port }}" Protocol="{{ proto }}" Template="{{ template }}"{{ options }})
 {% endfor %}
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+#
+# Suppress duplicate messages and report "message repeated n times"
+#
+$RepeatedMsgReduction on
+
+###############
+#### RULES ####
+###############

From eb6da83a39caabe29e0b7516948aaf91806b1f38 Mon Sep 17 00:00:00 2001
From: Nazarii Hnydyn <nazariig@nvidia.com>
Date: Wed, 5 Mar 2025 14:14:10 +0200
Subject: [PATCH 2/2] [rsyslog]: Update UTs

Signed-off-by: Nazarii Hnydyn <nazariig@nvidia.com>
---
 files/image_config/rsyslog/rsyslog.conf.j2    |  5 ++++
 src/sonic-config-engine/setup.cfg             |  2 ++
 .../tests/sample_output/py3/rsyslog.conf      | 23 +++++++++----------
 .../py3/rsyslog_with_docker0.conf             | 23 +++++++++----------
 4 files changed, 29 insertions(+), 24 deletions(-)
 create mode 100644 src/sonic-config-engine/setup.cfg

diff --git a/files/image_config/rsyslog/rsyslog.conf.j2 b/files/image_config/rsyslog/rsyslog.conf.j2
index 629dd78c7441..7958e74bf958 100644
--- a/files/image_config/rsyslog/rsyslog.conf.j2
+++ b/files/image_config/rsyslog/rsyslog.conf.j2
@@ -67,6 +67,11 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 #
 # Remote syslog logging
 #
+
+# The omfwd plug-in provides the core functionality of traditional message
+# forwarding via UDP and plain TCP. It is a built-in module that does not need
+# to be loaded.
+
 {% set servers = SYSLOG_SERVER | d({}) -%}
 {% for server in servers %}
 {% set conf = servers[server] | d({}) -%}
diff --git a/src/sonic-config-engine/setup.cfg b/src/sonic-config-engine/setup.cfg
new file mode 100644
index 000000000000..b7e478982ccf
--- /dev/null
+++ b/src/sonic-config-engine/setup.cfg
@@ -0,0 +1,2 @@
+[aliases]
+test=pytest
diff --git a/src/sonic-config-engine/tests/sample_output/py3/rsyslog.conf b/src/sonic-config-engine/tests/sample_output/py3/rsyslog.conf
index e62c29781bc0..6a2aecf9e19a 100644
--- a/src/sonic-config-engine/tests/sample_output/py3/rsyslog.conf
+++ b/src/sonic-config-engine/tests/sample_output/py3/rsyslog.conf
@@ -49,6 +49,17 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
 :::date-second%\" fw=\"kvm-host\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
 
+#
+# Remote syslog logging
+#
+
+# The omfwd plug-in provides the core functionality of traditional message
+# forwarding via UDP and plain TCP. It is a built-in module that does not need
+# to be loaded.
+
+*.*
+action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
+
 #
 # Set the default permissions for all log files.
 #
@@ -76,15 +87,3 @@ $RepeatedMsgReduction on
 ###############
 #### RULES ####
 ###############
-
-#
-# Remote syslog logging
-#
-
-# The omfwd plug-in provides the core functionality of traditional message
-# forwarding via UDP and plain TCP. It is a built-in module that does not need
-# to be loaded.
-
-*.*
-action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
-
diff --git a/src/sonic-config-engine/tests/sample_output/py3/rsyslog_with_docker0.conf b/src/sonic-config-engine/tests/sample_output/py3/rsyslog_with_docker0.conf
index 0c845227aa13..f6a340e0053e 100644
--- a/src/sonic-config-engine/tests/sample_output/py3/rsyslog_with_docker0.conf
+++ b/src/sonic-config-engine/tests/sample_output/py3/rsyslog_with_docker0.conf
@@ -51,6 +51,17 @@ template(name="WelfRemoteFormat" type="string" string="%TIMESTAMP% id=firewall t
 :::date-year%-%timereported:::date-month%-%timereported:::date-day% %timereported:::date-hour%:%timereported:::date-minute%:%timereported\
 :::date-second%\" fw=\"kvm-host\" pri=%syslogpriority% msg=\"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\"\n")
 
+#
+# Remote syslog logging
+#
+
+# The omfwd plug-in provides the core functionality of traditional message
+# forwarding via UDP and plain TCP. It is a built-in module that does not need
+# to be loaded.
+
+*.*
+action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
+
 #
 # Set the default permissions for all log files.
 #
@@ -78,15 +89,3 @@ $RepeatedMsgReduction on
 ###############
 #### RULES ####
 ###############
-
-#
-# Remote syslog logging
-#
-
-# The omfwd plug-in provides the core functionality of traditional message
-# forwarding via UDP and plain TCP. It is a built-in module that does not need
-# to be loaded.
-
-*.*
-action(type="omfwd" Target="3.3.3.3" Port="514" Protocol="udp" Template="SONiCForwardFormat")
-