Cisco IOS XR Improvements

CSVD · May 16, 2020 · 0f7c2d0 · 0f7c2d0
1 parent f26b5ea
commit 0f7c2d0
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 33 deletions.
diff --git a/package/etc/conf.d/filters/cisco/cisco_syslog.conf b/package/etc/conf.d/filters/cisco/cisco_syslog.conf
@@ -11,38 +11,38 @@ filter f_is_cisco_syslog{
 parser cisco-parser-ex{
     channel {
         filter {
-            message('^<\d*> ?(?:(\d+)\: )?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(\d+): )?(?:(\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?((?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?( [AP]M)?)( [A-Z]{3,3})?)? ?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: ((\%[^\: ]+)\:? ?.*)' flags(store-matches));
-        };
-
-        parser { date-parser-nofilter(format(
-             '%b %d %H:%M:%S.%f',
-             '%b %d %H:%M:%S',
-             '%b %d %I:%M:%S %p.%f',
-             '%b %d %I:%M:%S %p',
-             '%b %d %Y %H:%M:%S.%f',
-             '%b %d %Y %H:%M:%S')
-             template("$8"));
+            message(
+                '^<\d*> ?(?:\d+\: )?(?<NODEID>RP\/\d*\/RSP\d*\/CPU\d*:)?(?:(?<H1>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])): ?)?(?:\d+: )?(?:(?:\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?(?<CISCOTS>(?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?(?: [AP]M)?)(?: [A-Z]{3,3})?)? ?(?<H2>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: (?<CISCOMESSAGE>(?:(?<PROGRAM>[^\[]{1,30})\[(?<PID>\d*)\]: ?)?(?<MNEMONIC>\%[^\: ]+)\:? ?.*)'
+                 flags(store-matches)
+                 );
         };
 
         rewrite {
             set(
-                "${4}",
+                "${H1}",
                 value("HOST")                
-                condition(not match('^\d+$', value('4')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('4')))
+                condition(not match('^\d+$', value('H1')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('H1')))
             );            
             set(
-                "${13}",
+                "${H2}",
                 value("HOST")                
-                condition(not match('^\d+$', value('13')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('13')))
+                condition(not match('^\d+$', value('H2')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('H2')))
             );                        
             set(        
-                "${15}",
-                value("PROGRAM")                
-            );                        
-            set(
-                "${14}",
+                "${CISCOMESSAGE}",
                 value("MESSAGE")                
-            );
+            );                   
+
         };
+        parser { date-parser-nofilter(format(
+             '%b %d %H:%M:%S.%f',
+             '%b %d %H:%M:%S',
+             '%b %d %I:%M:%S %p.%f',
+             '%b %d %I:%M:%S %p',
+             '%b %d %Y %H:%M:%S.%f',
+             '%b %d %Y %H:%M:%S')
+             template("${CISCOTS}"));
+        };       
+
     };
 };
diff --git a/tests/test_cisco_ios.py b/tests/test_cisco_ios.py
@@ -11,6 +11,7 @@
 from .timeutils import *
 
 import pytest
+
 env = Environment()
 
 
@@ -27,7 +28,7 @@
 # foo: 1 2: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure.
 # 101 21: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure.
 # *Mar  1 18:48:50.483 UTC: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36)
-
+# <189>357492: RP/0/RSP0/CPU0:May 14 16:44:40.145 : bgp[1051]: %ROUTING-BGP-5-MAXPFX : No. of IPv4 Unicast prefixes received from xx.xx.xx.xx has reached 792340, max 1048576
 testdata = [
     "{{ mark }}{{ seq }}: {{ host }}: 6340004: *{{ bsd }}: %SEC-6-IPACCESSLOGP: list INET-BLOCK permitted tcp 192.168.20.252(55244) -> 10.54.3.178(44818), 1 packet",
     "{{ mark }}{{ seq }}: {{ host }}: *{{ bsd }}.{{ microsec }}: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 stopped - CLI initiated {{ bsd }}.{{ millisec }}",
@@ -37,21 +38,24 @@
     "{{ mark }}{{ seq }}: {{ host }}: {{ bsd }}.{{ microsec }}: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 stopped - CLI initiated",
     "{{ mark }}{{ seq }}: {{ host }}: {{ bsd }}.{{ millisec }}: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.1.239 stopped - CLI initiated",
     "{{ mark }}{{ host }}: {{ bsd }}.{{ millisec }}: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure. {{ bsd }}.{{ millisec }}",
-    "{{ mark }}*{{ bsd }}.{{ millisec }} {{ tzname }}: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) {{ host }}"
+    "{{ mark }}*{{ bsd }}.{{ millisec }} {{ tzname }}: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) {{ host }}",
+    "{{ mark }}{{ seq }}: RP/0/RSP0/CPU0:{{ bsd }}.{{ millisec }} : bgp[1051]: %ROUTING-BGP-5-MAXPFX : No. of IPv4 Unicast prefixes received from {{ host }} has reached 792340, max 1048576",
+    "{{ mark }}{{ seq }}: RP/0/RSP0/CPU0:{{ host }}:{{ bsd }}.{{ millisec }} : bgp[1051]: %ROUTING-BGP-5-MAXPFX : No. of IPv4 Unicast prefixes received from xx.xx.xx.xx has reached 792340, max 1048576",
 ]
-
 testdata_uptime = [
     "{{ mark }}{{ host }}: 00:01:01: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the ",
     "{{ mark }}00:01:01: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the {{ host }}",
     "{{ mark }}{{ host }}: 00:01:01: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the ",
     "{{ mark }}{{ seq }}: 00:01:01: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the {{ host }}",
     "{{ mark }}{{ seq }}: {{ host }}: 1 2: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure.",
-    "{{ mark }}101 21: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure. {{ host }}"
+    "{{ mark }}101 21: %SYSMGR-STANDBY-3-SHUTDOWN_START: The System Manager has started the shutdown procedure.shutdown procedure. {{ host }}",
 ]
 
 
 @pytest.mark.parametrize("event", testdata)
-def test_cisco_ios(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s, event):
+def test_cisco_ios(
+    record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s, event
+):
     host = get_host_key
 
     dt = datetime.datetime.now()
@@ -64,15 +68,23 @@ def test_cisco_ios(record_property, setup_wordlist, get_host_key, setup_splunk,
     microsec = iso[20:26]
 
     mt = env.from_string(event + "\n")
-    message = mt.render(mark="<166>", seq=20, bsd=bsd, time=time,
-                        millisec=millisec, microsec=microsec, tzname=tzname, host=host)
+    message = mt.render(
+        mark="<166>",
+        seq=20,
+        bsd=bsd,
+        time=time,
+        millisec=millisec,
+        microsec=microsec,
+        tzname=tzname,
+        host=host,
+    )
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops (_time={{ epoch }} OR _time={{ epoch }}.{{ millisec }} OR _time={{ epoch }}.{{ microsec }}) sourcetype=\"cisco:ios\" (host=\"{{ host }}\" OR \"{{ host }}\")")
-    search = st.render(epoch=epoch, millisec=millisec,
-                       microsec=microsec, host=host)
+        'search index=netops (_time={{ epoch }} OR _time={{ epoch }}.{{ millisec }} OR _time={{ epoch }}.{{ microsec }}) sourcetype="cisco:ios" (host="{{ host }}" OR "{{ host }}")'
+    )
+    search = st.render(epoch=epoch, millisec=millisec, microsec=microsec, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
 
@@ -84,7 +96,9 @@ def test_cisco_ios(record_property, setup_wordlist, get_host_key, setup_splunk,
 
 
 @pytest.mark.parametrize("event", testdata_uptime)
-def test_cisco_ios_uptime(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s, event):
+def test_cisco_ios_uptime(
+    record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s, event
+):
     host = get_host_key
 
     mt = env.from_string(event + "\n")
@@ -93,7 +107,8 @@ def test_cisco_ios_uptime(record_property, setup_wordlist, get_host_key, setup_s
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops earliest=-1m@m latest=+1m@m sourcetype=\"cisco:ios\" (host=\"{{ host }}\" OR \"{{ host }}\")")
+        'search index=netops earliest=-1m@m latest=+1m@m sourcetype="cisco:ios" (host="{{ host }}" OR "{{ host }}")'
+    )
     search = st.render(host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)