Update for cisco IOS-XR

CSVD · May 18, 2020 · 4439743 · 4439743
1 parent 7c2d81d
commit 4439743
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 33 deletions.
diff --git a/package/etc/conf.d/filters/cisco/cisco_syslog.conf b/package/etc/conf.d/filters/cisco/cisco_syslog.conf
@@ -10,39 +10,68 @@ filter f_is_cisco_syslog{
 
 parser cisco-parser-ex{
     channel {
-        filter {
-            message(
-                '^<\d*> ?(?:\d+\: )?(?<NODEID>RP\/\d*\/RSP\d*\/CPU\d*:)?(?:(?<H1>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])): ?)?(?:\d+: )?(?:(?:\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?(?<CISCOTS>(?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?(?: [AP]M)?)(?: [A-Z]{3,3})?)? ?(?<H2>(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*(?:[A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: (?<CISCOMESSAGE>(?:(?<PROGRAM>[^\[]{1,30})\[(?<PID>\d*)\]: ?)?(?<MNEMONIC>\%[^\: ]+)\:? ?.*)'
-                 flags(store-matches)
-                 );
-        };
+        if {
+            #Cisco IOS-XR devices with node-id format
+            filter {
+                message('^<\d*>(?:(\d+)\: )?(RP\/\d*\/RSP\d*\/CPU\d*:)?(?:([^\: ]+):)(?:(\*)?(\w\w\w {1,2}\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}\.\d+))? :  ?([^\[]{1,30}\[\d*\]: ?\%[^\: ]+\:? ?.*)' flags(store-matches));
+            };
 
-        rewrite {
-            set(
-                "${H1}",
-                value("HOST")                
-                condition(not match('^\d+$', value('H1')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('H1')))
-            );            
-            set(
-                "${H2}",
-                value("HOST")                
-                condition(not match('^\d+$', value('H2')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('H2')))
-            );                        
-            set(        
-                "${CISCOMESSAGE}",
-                value("MESSAGE")                
-            );                   
-
-        };
-        parser { date-parser-nofilter(format(
-             '%b %d %H:%M:%S.%f',
-             '%b %d %H:%M:%S',
-             '%b %d %I:%M:%S %p.%f',
-             '%b %d %I:%M:%S %p',
-             '%b %d %Y %H:%M:%S.%f',
-             '%b %d %Y %H:%M:%S')
-             template("${CISCOTS}"));
-        };       
+            parser { date-parser-nofilter(format(
+                '%b %d %H:%M:%S.%f',
+                '%b %d %H:%M:%S',
+                '%b %d %I:%M:%S %p.%f',
+                '%b %d %I:%M:%S %p',
+                '%b %d %Y %H:%M:%S.%f',
+                '%b %d %Y %H:%M:%S')
+                template("$5"));
+            };
 
+            rewrite {
+                set(
+                    "${3}",
+                    value("HOST")                
+                    condition(not match('^\d+$', value('3')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('3')))
+                );            
+                set(
+                    "${6}",
+                    value("MESSAGE")                
+                );
+            };
+        } else {
+            # All other cisco syslog
+            filter {
+                message('^<\d*> ?(?:(\d+)\: )?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]): )?(?:(\d+): )?(?:(\d\d:\d\d:\d\d|\d{1,6} \d{1,2}))?(?:(\*)?((?:\w\w\w {1,2}\d{1,2} (?:\d{2,4} )?\d\d:\d\d:\d\d)(?:\.\d{3,6})?( [AP]M)?)( [A-Z]{3,3})?)? ?(?:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))? ?: ((\%[^\: ]+)\:? ?.*)' flags(store-matches));
+            };            
+
+            rewrite {
+                set(
+                    "${4}",
+                    value("HOST")                
+                    condition(not match('^\d+$', value('4')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('4')))
+                );            
+                set(
+                    "${13}",
+                    value("HOST")                
+                    condition(not match('^\d+$', value('13')) and match('^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$' value('13')))
+                );                        
+                set(        
+                    "${15}",
+                    value("PROGRAM")                
+                );                        
+                set(
+                    "${14}",
+                    value("MESSAGE")                
+                );
+            };
+            parser { date-parser-nofilter(format(
+                '%b %d %H:%M:%S.%f',
+                '%b %d %H:%M:%S',
+                '%b %d %I:%M:%S %p.%f',
+                '%b %d %I:%M:%S %p',
+                '%b %d %Y %H:%M:%S.%f',
+                '%b %d %Y %H:%M:%S')
+                template("$8"));
+            };
+        };
     };
 };
diff --git a/package/etc/conf.d/log_paths/lp-cisco_z_ios.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_z_ios.conf.tmpl
@@ -46,4 +46,4 @@ log {
 {{- end }}
 
     flags(flow-control,final);
-};
+};