Skip to content
This repository was archived by the owner on Oct 12, 2020. It is now read-only.

16. junos syslog engine

Jump to bottom
Khelil Sator edited this page Jul 17, 2017 · 5 revisions

Engines

Engines are executed in a separate process that is monitored by Salt. If a Salt engine stops, it is restarted automatically.
Engines can run on both master and minion.
To start an engine, you need to specify engine information in master/minion config file depending on where you want to run the engine. Once the engine configuration is added, start the master and minion normally (with salt-master/salt-minion command). The engine should start along with the salt master/minion.

engines_dirs option in the Salt master or minion configuration file has the list of directories under which Salt attempts to find Salt engines.

Salt engines are configured under an engines section in your salt master or minion configuration file.

Junos_syslog engine

This is an engine that listens to syslog messages from Junos devices, extracts event information and generates messages on SaltStack bus.

documentation:

https://docs.saltstack.com/en/develop/ref/engines/all/salt.engines.junos_syslog.html

requirements:

pyparsing and twisted

sudo pip install pyparsing twisted

topic

The default topic is jnpr/syslog/hostname/event.

This is configurable: the topic sent to salt is dynamically generated according to the engine configuration specified by the user.
The topic should start with jnpr/syslog, followed by one or more fields from:

  1. hostname
  2. hostip
  3. daemon
  4. event
  5. severity
  6. priority
  7. timestamp
  8. message
  9. pid
  10. raw (the raw event data forwarded from the device)

The topic can consist of any of the combination of the above fields, but it has to start with jnpr/syslog. Example:

# more /etc/salt/master 
file_roots:
 base:
  - /srv/salt

pillar_roots:
 base:
  - /srv/pillar

engines_dirs: 
  - /srv/engines

engines: 
  - junos_syslog: 
      port: 516
      topic: jnpr/syslog/hostip/daemon/event

reactor:
  - 'jnpr/syslog/*/UI_COMMIT_COMPLETED':
        - /srv/reactor/on_commit.sls

The corresponding dynamic topic sent on salt event bus would look something like jnpr/syslog/192.168.233.158/mgd/UI_COMMIT_COMPLETED instead of jnpr/syslog/vqfx01/UI_COMMIT_COMPLETED

Events filtering

We can also filter the type of data that will be sent on the event bus.
The following configuration will send only events coming from sshd or mgd and with severity 6.

# more /etc/salt/master 
file_roots:
 base:
  - /srv/salt

pillar_roots:
 base:
  - /srv/pillar

engines_dirs: 
  - /srv/engines

engines: 
  - junos_syslog: 
      port: 516
      topic: jnpr/syslog/hostip/daemon/event
      daemon:
            - mgd
            - sshd
      severity: 6

reactor:
  - 'jnpr/syslog/*/UI_COMMIT_COMPLETED':
        - /srv/reactor/on_commit.sls
Clone this wiki locally