salt.engines.junos_syslog

Junos Syslog Engine

New in version 2017.7.0.

depends:

pyparsing, twisted

An engine that listens to syslog message from Junos devices, extract event information and generate message on SaltStack bus.

The event topic sent to salt is dynamically generated according to the topic title specified by the user. The incoming event data (from the junos device) consists of the following fields:

  1. hostname

  2. hostip

  3. daemon

  4. event

  5. severity

  6. priority

  7. timestamp

  8. message

  9. pid

  10. raw (the raw event data forwarded from the device)

The topic title can consist of any of the combination of above fields, but the topic has to start with 'jnpr/syslog'. So, we can have different combinations:

  • jnpr/syslog/hostip/daemon/event

  • jnpr/syslog/daemon/severity

The corresponding dynamic topic sent on salt event bus would look something like:

  • jnpr/syslog/1.1.1.1/mgd/UI_COMMIT_COMPLETED

  • jnpr/syslog/sshd/7

The default topic title is 'jnpr/syslog/hostname/event'.

The user can choose the type of data they wants of the event bus. Like, if one wants only events pertaining to a particular daemon, they can specify that in the configuration file:

daemon: mgd

One can even have a list of daemons like:

daemon:
  - mgd
  - sshd

Example configuration (to be written in master config file)

engines:
  - junos_syslog:
      port: 9999
      topic: jnpr/syslog/hostip/daemon/event
      daemon:
        - mgd
        - sshd

For junos_syslog engine to receive events, syslog must be set on the junos device. This can be done via following configuration:

set system syslog host <ip-of-the-salt-device> port 516 any any

Below is a sample syslog event which is received from the junos device:

'<30>May 29 05:18:12 bng-ui-vm-9 mspd[1492]: No chassis configuration found'

The source for parsing the syslog messages is taken from: https://gist.github.com/leandrosilva/3651640#file-xlog-py

class salt.engines.junos_syslog.DatagramProtocol
salt.engines.junos_syslog.start(port=516, **kwargs)