Triggering jobs from events through syslog

Triggering jobs from events through syslog

Overview

We can trigger netyce jobs from syslog messages.  The event manager(SEC)  can be used to match the syslog message pattern to trigger the suitable job..
The events on the device can be like config change, port/neighbor flap etc.  
Below is an example where we are fixing the configuration of the device when the non-compliance of the device was detected.


There are three parts that are involved in the setup

  1. syslog pattern matching in the event manager configuration(yce_events.conf)
  2. An API call that triggers scenario/job based on the syslog message
  3. A scenario/job that fixes non-compliance

1. Syslog pattern matching

Sample syslog message:

Below is a sample syslog message reporting non-compliancy for a node named abc_core2 for the policy '6.3.1 NTP - abc'

Oct 20 18:15:19 abc_core2 cpml [6.3.1 ntp - abc|minor] [warning]: [CMPL] Node abc_core2 is not compliant with policy '6.3.1 NTP - abc' - Severity: Minor - see abc.netyce.org/operate/cmpl_report.pl?Cmpl_node_id=15503&choice=policy_single for more details

Regex to match this syslog message

Regex to match this syslog message which extracts node name and the policy name (can be built using sites like regex101.com)


[a-zA-Z]{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2}\s(.*) cpml \[(.*)\|(.*)is not compliant with policy

Updating yce_events.conf 

(1) Admin -> (2) Setup -> Configuration files ->(3) YCE NCCM Syslog patterns configuration: edit

Paste below text above External worker script:


#

type=SingleWithSuppress

ptype=RegExp

name=Compliance_mitigate

pattern=[a-zA-Z]{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2}\s(.*) cpml \[(.*)\|(.*)is not compliant with policy

desc=Non compliance for $1

action=event Non_cmpl_for_$1_with_$2

window=600

#


Paste below text below Internal worker script:

#

type=SingleWithScript

ptype=RegExp

pattern=Non_cmpl_for_(.+)

script=/opt/yce/bin/cmpl_fix.pl $1

desc=$0

action=write - normal save OR save main node $1 matches

#



Click on Save config at the bottom of the page

After modifying the file, below command to execute in the CLI 

go restart yce_events


2. API call that triggers scenario/job

Copy the file cmpl_fix.pl to /opt/yce/bin directory

Login username($operator) and password($password) for api call to in the cmpl_fix.pl to be updated.

Use any file editor to modify this content.

$operator at line no: 112

$password(encrypted password) at line no: 111


Encrypted password can be obtained under (1) Operate ->(2) APIs -> XCH test -> (3) type the password and click on Encrypt pass to generate the encrypted password

3. Scenario/job that fixes non-compliance

Scenario to create/Import. 

We will be using Fix_non_cmpl.xml scenario to fix this non-compliance.
(1) Operate -> (2) Scenarios -> (3) Import -> Select the file


Small briefing about the Fix_non_cmpl scenario


Parsing template

show_run_ntp is the parsing template that is used to fetch the current ntp configuration
(1) Build -> (2) Templates -> Templates edit -> (3) Client type(in this case CMDB) -> (4) Parsing templates -> (5) New -> (6) Template:show_run_ntp -> (7) Template type:command -> (8) Vendory type: Cisco IOS -> (9) Save

Under Revisions ->(1)  New-> (2) Template text : ntp server <s> -> (3) Template status:production -> (4) Save

Config template (Sub template)

NTP_Server template is used that has the necessary configuration to make the node compliant.
(1) Build -> (2) Templates -> Templates edit -> (3) Client type(in this case CMDB) -> (4) Sub templates -> (5) New -> (6) Template:NTP_Server-> (7) Vendory type: Cisco IOS -> (8) Save

Under Revisions ->(1)  New-> (2) Template text : 
ntp server <Ntp_1> prefer
ntp server <Ntp_2>
ntp server <Ntp_3>
 (3) Template status:production -> (4) Save


Testing

Enabling syslog option

Enable the syslog option for the policy under Signal type

Signal trigger:

Enable the required options.

A change in the policy would be picked up by the NCCM Daemon during the next cycle(default of 5mins, if its busy then it will be picked up in the next batch.  So wait time might be around 15: to 20mins)


If we have to re-trigger the policy to be checked again during testing, modifying any contents of the policy would trigger(example is description).  By default Compliance is not triggered unless there is a change in the config of the device or change in the policy of the configuration.

Viewing the logs

Relevant log files

Syslog-ng.log file shows about the syslog messages that are generated

Yce_events.log file shows if the event was triggered with the syslog pattern match and if the API call was initiated

Yce_nccmd.log shows us the status of nccm(backup and compliance) daemon.  It runs every 5mins by default.

Viewing log files in GUI
(1) Admin -> (2) System -> (3) Debugging 
Click follow for real-time viewing of the respective log


Viewing log files via CLI
go logs
tail -f <log file name> for real-time viewing of logs


    • Related Articles

    • How to use configuration template in Jobs

      Templates overview Templates are used to generate configuration.  In this article we shall learn below topics. How to create template How to use template in Jobs How to create multi-vendor template Templates are accessed as below: (1) Build -> ...
    • How to supply parameters for the Job

      There are multiple ways we can supply values to the job.  Here we learn couple of ways to do it: Parameters under Scenario Retrieving values from the database Parameters under Scenario To understand this example, we are using a L2 Vlan configuration ...
    • Introduction to Scenarios or Tasks

      What are scenarios/tasks? Scenarios allow you to define the workflow steps as to how you want the communication with the device to be, including all associated processes, notifications and integrations. Like templates, you can build a library of ...
    • How to run Basic command Job

      Introduction Basic command Jobs are basically used to automate day to day jobs. This article is about executing our first job, with minimal information.  Below are the 5 steps involved. Select the Node Load the Job Define the config commands to ...
    • How to review Job logs

      Overview The logs of the specific Jobs can be found under Operate -> Job status -> Job Logs -> Look for the Job ID(In this case 0411_0023): files on netyce server This would pop up a new screen that has Job logs and other logs. Different files in the ...