[checkmk-commits] 3656 Added support for syslog messages produced by Aristana devices

Module: check_mk Branch: master Commit: b22b47b7ca8858e1fe3b6cf53fbe0ce5d0a4b41f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b22b47b7ca8858… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Mon Jun 27 09:46:24 2016 +0200 3656 Added support for syslog messages produced by Aristana devices The EC can now parse and process syslog messages produced by Aristana devices. These devices produce a strange syslog message format: 2016 May 26 15:41:47 IST STOD-DH1-H26-CO-B Ebra: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet45 (XXX.CO-A.Et45), changed state to up To break it down year month day hh:mm:ss timezone HOSTNAME KeyAgent: Some more documentation: http://www.arista.com/docs/Manuals/QuickStart-Managing7100Series.pdf --- .werks/3656 | 17 +++++++++++++++++ ChangeLog | 1 + bin/mkeventd | 12 ++++++++++++ 3 files changed, 30 insertions(+) diff --git a/.werks/3656 b/.werks/3656 new file mode 100644 index 0000000..0e81a87 --- /dev/null +++ b/.werks/3656 @@ -0,0 +1,17 @@ +Title: Added support for syslog messages produced by Aristana devices +Level: 1 +Component: ec +Compatible: compat +Version: 1.4.0i1 +Date: 1467013515 +Class: feature + +The EC can now parse and process syslog messages produced by Aristana devices. +These devices produce a strange syslog message format: + +2016 May 26 15:41:47 IST STOD-DH1-H26-CO-B Ebra: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet45 (XXX.CO-A.Et45), changed state to up + +To break it down +year month day hh:mm:ss timezone HOSTNAME KeyAgent: + +Some more documentation: http://www.arista.com/docs/Manuals/QuickStart-Managing7100Series.pdf diff --git a/ChangeLog b/ChangeLog index 10e26bd..5ba0426 100644 --- a/ChangeLog +++ b/ChangeLog @@ -498,6 +498,7 @@ * 3388 Event Console can now process SNMPv3 traps... * 3390 Events can now be cancelled by the syslog application... * 3539 Event console: The EC notifications are now also controlled through the master control snapin... + * 3656 Added support for syslog messages produced by Aristana devices... * 3058 FIX: Event Console is now allowing non loadable MIB modules on startup... * 3097 FIX: mkeventd: fixed crash with non-descriptive error message if mibs couldn't be loaded * 3335 FIX: Improved error handling when requested rule pack does not exist diff --git a/bin/mkeventd b/bin/mkeventd index a0413e9..67751fa 100755 --- a/bin/mkeventd +++ b/bin/mkeventd @@ -2423,6 +2423,10 @@ class EventServer: # Variant 9: syslog message (RFC 5424) # <134>1 2016-06-02T12:49:05.181+02:00 chrissw7 ChrisApp - TestID - coming from java code + # Variant 10: + # 2016 May 26 15:41:47 IST STOD-DH1-H26-CO-B Ebra: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet45 (XXX.CO-A.Et45), changed state to up + # year month day hh:mm:ss timezone HOSTNAME KeyAgent: + # FIXME: Would be better to parse the syslog messages in another way: # Split the message by the first ":", then split the syslog header part # and detect which information are present. Take a look at the syslog RFCs @@ -2484,6 +2488,14 @@ class EventServer: if address and type(address) == tuple: event["host"] = address[0] + # Variant 10 + elif line[4] == " " and line[:4].isdigit(): + time_part = line[:20] # ignoring tz info + event["host"], application, line = line[25:].split(" ", 2) + event["application"] = application.rstrip(":") + event["text"] = line + event['time'] = time.mktime(time.strptime(time_part, '%Y %b %d %H:%M:%S')) + # Variant 1,2,4 else: month_name, day, timeofday, host, rest = line.split(None, 4)