Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for syslog format RFC5424 #3365

Closed
1 task done
durd opened this issue Nov 21, 2023 · 4 comments · Fixed by #3386
Closed
1 task done

Support for syslog format RFC5424 #3365

durd opened this issue Nov 21, 2023 · 4 comments · Fixed by #3386
Assignees
@durd
Labels
type: enhancement New feature or request

Comments

@durd
Copy link
Contributor

durd commented Nov 21, 2023

Enhancement summary

RFC5424 is the current RFC for the syslog protocol. Although most of my customers aren't using RFC5424 directly, I have a few customers that require RFC5424 formatting. This feature request would allow users to configure and select RFC5424 as a logging format.
logging format rfc5424 is the command in EOS 4.30.3M.

AVD component impacted would be eos_cli_config_gen as that is where config for logging is done.

Which component of AVD is impacted

eos_cli_config_gen

Use case example

I don't have much experience with SIEM products, mainly logstash, but from what I hear they are fickle in what format they can receive syslog messages in. Fickle in the way that they can't easily be set up to accept both RFC5424 and RFC3126. Therefore and since RFC5424 obsoletes RFC3164 more and more SIEM systems default to RFC5424.

Describe the solution you would like

The solution I'd like is for eos_cli_config_gen to support the configuration of logging format rfc5424. Looking at the logging.j2 template this change seems straight forward as other logging format options are already supported.
Note that I haven't looked at creating tests for this, I also understand that there needs to be documentation created.

Describe alternatives you have considered

A direct alternative would be to create a custom template to attach to eos_cli_config_gen with suitable YAML.

Additional context

No response

Contributing Guide

  • I agree to follow this project's Code of Conduct
@durd durd added the type: enhancement New feature or request label Nov 21, 2023
@durd
Copy link
Contributor Author

durd commented Nov 21, 2023
edited
Loading

I'm sorry, I saw that there was a mailing list (discussion board?) and this should have been discussed there in beforehand, but I'm not sure why it didn't register with me.

@gmuloc
Copy link
Contributor

gmuloc commented Nov 21, 2023

Hi @durd - thanks for opening the issue sounds like you are missing the logging format rfc5424 option in eos_cli_config_gen

host3(config)#show cli commands | grep "logging format"
[no|default] logging format hostname fqdn | ipv4
[no|default] logging format rfc5424
[no|default] logging format sequence-numbers
host3(config)#

Indeed today this is not supported so this is the right place to open an issue!

To add this to eos_cli_config_gen, the following steps are required in eos_cli_config_gen:

  1. update schema fragment for logging to add the key
  2. update eos and documentation templates
  3. add some test in molecule

some more info on this issue #3286

If you feel like you want to try to take this upon you let us know

@durd
Copy link
Contributor Author

durd commented Nov 21, 2023

I think I'm up for the challenge!
As I mentioned, other logging format ... options are available that I can reference against so I'm positive I can work out a good PR.

@gmuloc
Copy link
Contributor

gmuloc commented Nov 21, 2023

Ok! let us know if you need any help!

@durd durd mentioned this issue Nov 27, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@durd durd

Labels
type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat(eos_cli_config_gen): Add support for logging format rfc5424
2 participants
@gmuloc @durd