Merge branch 'develop' into fix/cisco-dz

CSVD · May 18, 2020 · 68e9d5d · 68e9d5d
2 parents 98ca38b + fd96e32
commit 68e9d5d
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 3 deletions.
diff --git a/package/etc/conf.d/conflib/_common/templates.conf b/package/etc/conf.d/conflib/_common/templates.conf
@@ -42,6 +42,10 @@ template t_hdr_msg {
         template("${MSGHDR}${MESSAGE}");
         };
 
+template t_program_nopid_msg {
+        template("${PROGRAM}: ${MESSAGE}");
+        };
+
 template t_legacy_hdr_msg {
         template("${LEGACY_MSGHDR}${MESSAGE}");
         };

diff --git a/package/etc/conf.d/filters/cisco/nx-os.conf b/package/etc/conf.d/filters/cisco/nx-os.conf
@@ -1,3 +1,37 @@
 filter f_cisco_nx_os {
-    match("cisco_nx_os", value("fields.sc4s_vendor_product") type(glob) );
+    match("cisco_nx_os", value("fields.sc4s_vendor_product") type(glob) )
+        or program('^%ACLMGR-\d*-')
+    or program('^%ACLQOS-SLOT\d*-\d*-')
+    or program('^%AFM-\d*-')
+    or program('^%ARP-\d*-')
+    or program('^%AUTHPRIV-\d*-')
+    or program('^%COPP-\d*-')
+    or program('^%DAEMON-\d*-')
+    or program('^%EEM_ACTION-\d*-')
+    or program('^%EIGRP-\d*-')
+    or program('^%ETHPORT-\d*-')
+    or program('^%ETH_PORT_CHANNEL-\d*-')
+    or program('^%IGMP-\d*-')
+    or program('^%IM-\d*-')
+    or program('^%INTERFACE_VLAN-\d*-')
+    or program('^%KERN-\d*-')
+    or program('^%L2FM-\d*-')
+    or program('^%LIBIFMGR-\d*-')
+    or program('^%LICMGR-\d*-')
+    or program('^%LOCAL\d*-\d*-')
+    or program('^%M2FIB-SLOT\d*-\d*-')
+    or program('^%METROPOLIS_USD-SLOT')
+    or program('^%MODULE-\d*-')
+    or program('^%NOHMS-\d*-')
+    or program('^%NTP-\d*-')
+    or program('^%PFMA-\d*-')
+    or program('^%PLATFORM-\d*-')
+    or program('^%SYSMGR-STANDBY-\d*-')
+    or program('^%SYSMGR-\d*-')
+    or program('^%TACACS-\d*-')
+    or program('^%USBHSD-\d*-')
+    or program('^%USER-\d*-')
+    or program('^%VIM-\d*-')
+    or program('^%VPC-\d*-')
+    or program('^%VSHD-\d*-')      ;
 };
diff --git a/package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl
@@ -28,7 +28,7 @@ log {
 
     parser { p_add_context_splunk(key("cisco_nx_os")); };
     parser (compliance_meta_by_source);
-    rewrite { set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG")); };
+    rewrite { set("$(template ${.splunk.sc4s_template} $(template t_program_nopid_msg))" value("MSG")); };
 
 {{- if or (conv.ToBool (getenv "SC4S_DEST_SPLUNK_HEC_GLOBAL" "yes")) (conv.ToBool (getenv "SC4S_DEST_CISCO_NXOS_HEC" "no")) }}
     destination(d_hec);

diff --git a/package/etc/conf.d/log_paths/lp-cisco_z_ios.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_z_ios.conf.tmpl
@@ -27,7 +27,13 @@ log {
     };
     parser { p_add_context_splunk(key("cisco_ios")); };
     parser (compliance_meta_by_source);
-    rewrite { set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG")); };
+    if {
+        filter{ program('^%')};
+        rewrite { set("$(template ${.splunk.sc4s_template} $(template t_program_nopid_msg))" value("MSG")); };
+    } else {
+        rewrite { set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG")); };
+    };
+
 
 {{- if or (conv.ToBool (getenv "SC4S_DEST_SPLUNK_HEC_GLOBAL" "yes")) (conv.ToBool (getenv "SC4S_DEST_CISCO_IOS_HEC" "no")) }}
     destination(d_hec);

diff --git a/tests/test_cisco_nx_os.py b/tests/test_cisco_nx_os.py
@@ -39,6 +39,32 @@ def test_cisco_nx_os(record_property, setup_wordlist, get_host_key, setup_splunk
 
     assert resultCount == 1
 
+def test_cisco_nx_os_soup(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s):
+    host = get_host_key
+
+    dt = datetime.datetime.now()
+    iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)
+
+    # Tune time functions
+    epoch = epoch[:-7]
+
+    mt = env.from_string(
+        "{{ mark }} {{ bsd }} {{ host }} %MODULE-5-MOD_OK: Module 1 is online")
+    message = mt.render(mark="<111>", bsd=bsd, host=host, date=date, time=time, tzoffset=tzoffset)
+
+    sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
+
+    st = env.from_string("search _time={{ epoch }} index=netops host=\"{{ host }}\" sourcetype=\"cisco:ios\"")
+    search = st.render(epoch=epoch, host=host)
+
+    resultCount, eventCount = splunk_single(setup_splunk, search)
+
+    record_property("host", host)
+    record_property("resultCount", resultCount)
+    record_property("message", message)
+
+    assert resultCount == 1
+
 # Nov 1 14:07:58 excal-113 %MODULE-5-MOD_OK: Module 1 is online
 # @pytest.mark.xfail
 #def test_cisco_nx_os_singleport(record_property, setup_wordlist, get_host_key, setup_splunk, setup_sc4s):