Merge pull request #512 from splunk/feature/cisco-nexus-7k

Support Cisco Nexus Switch line
CSVD · Jun 10, 2020 · e79cce8 · e79cce8
2 parents db5aba7 + 3d82bb9
commit e79cce8
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/package/etc/conf.d/filters/cisco/cisco_syslog.conf b/package/etc/conf.d/filters/cisco/cisco_syslog.conf
@@ -42,6 +42,34 @@ parser cisco-parser-ex{
                     condition(not host("."))
                 );
             };
+        } elif {
+            # Cisco Nexus Switch
+            filter {
+                message('^<(?<pri>\d*)> ?20\d\d (\w\w\w \d+ \d\d:\d\d:\d\d(?:.\d{3,3})?) ([^ ]+) ((%[^\: ]+)\:? ?.*)'
+                flags(store-matches));
+            };            
+            rewrite {
+                set(
+                    "${3}",
+                    value("HOST")                
+                );            
+                set(
+                    "${4}",
+                    value("MESSAGE")                
+                );
+                set(
+                    "${5}",
+                    value("PROGRAM")                
+                );
+            };
+            parser { date-parser-nofilter(format(
+                '%b %d %H:%M:%S.%f',
+                '%b %d %H:%M:%S',
+                )
+                template("$2"));
+            };
+
+
         } elif {
             #Cisco IOS Other
             filter {

diff --git a/tests/test_cisco_ios.py b/tests/test_cisco_ios.py
@@ -55,6 +55,8 @@
     "{{ mark }}*{{ bsd }}.{{ millisec }} {{ tzname }}: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) {{ host }}",
     "{{ mark }}84027: {{ bsd }}.{{ millisec }} dst: %SYS-5-CONFIG_I: Configured from console by username on vty0 ({{ host }})",
     "{{ mark }}{{ host }}: *spamApTask1: {{ bsd }}.{{ millisec }}: %CAPWAP-4-DISC_INTF_ERR2: [PA]capwap_ac_sm.c:2053 Ignoring Primary discovery request received on a wrong VLAN (202) on interface (8) from AP 00:b7:00:00:00:00",
+    "{{ mark }} 2014 {{ bsd }}.{{ millisec }} {{ host }} %MODULE-2-MOD_SOMEPORTS_FAILED: Module 13 (Serial number: JAF12345678) reported failure on ports Eth13/17-20 (Ethernet) due to hardware not accessible in device DEV_CLP_FWD(device error 0xca804200)",
+    "{{ mark }} 2014 {{ bsd }} {{ host }} %MODULE-2-MOD_SOMEPORTS_FAILED: Module 13 (Serial number: JAF12345678) reported failure on ports Eth13/17-20 (Ethernet) due to hardware not accessible in device DEV_CLP_FWD(device error 0xca804200)",
     "{{ mark }}22191: {{ host }}: 022546: .{{ bsd }}.{{ millisec }} CDT: %PARSER-5-CFGLOG_LOGGEDCMD: User:dfa_service_admin  logged command:!exec: enable",
 ]