diff --git a/files/image_config/rsyslog/rsyslog-config.sh b/files/image_config/rsyslog/rsyslog-config.sh
index 52cb3c10371..4771415e5b3 100755
--- a/files/image_config/rsyslog/rsyslog-config.sh
+++ b/files/image_config/rsyslog/rsyslog-config.sh
@@ -40,8 +40,34 @@ if [ -z "$syslog_counter" ]; then
     syslog_counter="false"
 fi
 
+# Generate config to a temp file so we can compare before restarting.
+# On Debian 13 (Trixie), rsyslog.service has systemd sandboxing directives
+# (PrivateTmp, ProtectSystem, etc.) that add ~4 seconds of overhead per
+# restart due to namespace setup/teardown.  Skipping the restart when the
+# config is unchanged avoids this delay on warm/fast reboot and config_reload
+# where nothing actually changed.
+#
+# When the config IS unchanged we still send SIGHUP so rsyslog re-opens its
+# log files (needed after log rotation or /var/log remounts).
+#
+# See: https://github.com/sonic-net/sonic-buildimage/issues/25382
+
+TMPFILE=$(mktemp /tmp/rsyslog.conf.XXXXXX)
+trap 'rm -f "$TMPFILE"' EXIT
+
 sonic-cfggen -d -t /usr/share/sonic/templates/rsyslog.conf.j2 \
     -a "{\"udp_server_ip\": \"$udp_server_ip\", \"hostname\": \"$hostname\", \"docker0_ip\": \"$docker0_ip\", \"forward_with_osversion\": \"$syslog_with_osversion\", \"os_version\": \"$os_version\", \"syslog_counter\": \"$syslog_counter\"}" \
-    > /etc/rsyslog.conf
+    > "$TMPFILE"
 
-systemctl restart rsyslog
+if [ ! -f /etc/rsyslog.conf ] || ! cmp -s "$TMPFILE" /etc/rsyslog.conf; then
+    # Config changed (or first boot) — install and restart
+    if cp "$TMPFILE" /etc/rsyslog.conf; then
+        systemctl restart rsyslog
+    else
+        echo "Failed to update /etc/rsyslog.conf; not restarting rsyslog" >&2
+        exit 1
+    fi
+else
+    # Config unchanged — just signal rsyslog to re-open log files
+    systemctl kill -s HUP rsyslog
+fi