f5-automation-labs icon indicating copy to clipboard operation
f5-automation-labs copied to clipboard

Published 20 hours ago verified publisher icon f5devcentral

How do I automate this? - K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)

Open Ronnie110755 opened this issue 3 years ago • 9 comments

I don't know if this is the appropriate place to post this issue. Apologies in advance.

Regarding the article: K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)

There are certain changes to be made to the sys config if we want to be able to filter out specific syslog events. i.e.

ENTER: tmsh modify sys syslog remote-servers none save sys config edit sys syslog all-properties

You will enter a vi editor, so use vi commands: Replace the include none line with the desired syslog filter.

delete line: include none AT that same line, insert via cut and paste the following text:

include " filter f_remote_loghost { level(warn..emerg); };

destination d_remote_loghost { tcp("10.7.3.11" port(1468)); udp("10.7.3.11" port(514)); };

log { source(s_syslog_pipe); filter(f_remote_loghost); destination(d_remote_loghost); }; "

exit the vi editor by saving the file

The issue is, since we want to roll this out to new devices via automation, I am looking for ways to automate this particular change. I get the sense that this won't be possible with Declarative Onboarding. I am not sure if it is possible with the Imperative model or not since it involves editing the syslog porting of the config file.

It could be scripted outside of those two methods but it would be great to be able to incorporate it in someway either via Postman or Ansible.

Any help ????

Many Thanks, rjc

Ronnie110755 avatar Oct 19 '22 17:10 Ronnie110755

You can PUT to https://host/mgmt/tm/sys/syslog and update the include attribute.

f5-rahm avatar Oct 19 '22 19:10 f5-rahm

Thank you sir! I'll give it a go!

Ronnie110755 avatar Oct 19 '22 20:10 Ronnie110755

@Ronnie110755 I created (and tested locally) an example with python and bigrest in python in this gist

f5-rahm avatar Oct 19 '22 20:10 f5-rahm

Jason,

More Goodies. Thanks! This will work nicely.

Curious though, if there is a way using Postman?

using PUT, raw text

curl --location --request PUT 'https://192.168.50.102/mgmt/tm/sys/syslog'
--header 'Authorization: Basic YWRtaW46bTB2MW5nIQ=='
--header 'Content-Type: text/plain'
--header 'Cookie: BIGIPAuthCookie=E1CF1ECB4FcfB4liKVsvelxuboozQPZiWlGBxujc; BIGIPAuthUsernameCookie=admin'
--data-raw 'include " filter f_remote_loghost { level(warn..emerg); };

destination d_remote_loghost { tcp("10.7.3.11" port(1468)); udp("10.7.3.11" port(514)); };

log { source(s_syslog_pipe); filter(f_remote_loghost); destination(d_remote_loghost); }; "'

and getting: {"code":415,"message":"Found invalid content-type. The content-type must be application/json. The received content-type is text/plain","errorStack":[],"apiError":1}

trying to resolve this.

It's good to have choices.

Ronnie

------ Original Message ------ From: "Jason Rahm" @.> To: "f5devcentral/f5-automation-labs" @.> Cc: "Ronnie110755" @.>; "Mention" @.> Sent: 10/19/2022 4:39:26 PM Subject: Re: [f5devcentral/f5-automation-labs] How do I automate this? -K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)(Issue #230)

@.*** https://github.com/Ronnie110755 I created (and tested

locally) an example with python and bigrest in python in this gist https://gist.github.com/jasonrahm/ef740a79359774aabadd0a9f6f092513

— Reply to this email directly, view it on GitHub https://github.com/f5devcentral/f5-automation-labs/issues/230#issuecomment-1284546789, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZBWEONAHOBRH2P3O7CNAPTWEBL75ANCNFSM6AAAAAARJLCRRE. You are receiving this because you were mentioned.Message ID: @.***>

Ronnie110755 avatar Oct 19 '22 21:10 Ronnie110755

Yes @Ronnie110755, if you want to use a postman collection, you can do that as well. Just PUT to https://host/mgmt/tm/sys/syslog with json body like:

{"include": "syslog config details here...use \n for line breaks"}

Just for additional context for objects like this one, it is an unnamed resource, so you can't create them, you can just update them. You only need to provide the attributes you want to change. If there is no prior syslog configuration present, the include attribute isn't even present in the rest object when you request it.

f5-rahm avatar Oct 19 '22 22:10 f5-rahm

Jason,

Regarding the python script: I assume it executes a save?

Also it worked like a charm and the formatting is a little off which I assume won't make a difference.

This:

as opposed to this:

Checking out the postman option as well.

Thanks!

------ Original Message ------ From: "Jason Rahm" @.> To: "f5devcentral/f5-automation-labs" @.> Cc: "Ronnie110755" @.>; "Mention" @.> Sent: 10/19/2022 6:30:01 PM Subject: Re: [f5devcentral/f5-automation-labs] How do I automate this? -K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)(Issue #230)

Yes @Ronnie110755 https://github.com/Ronnie110755, if you want to use a postman collection, you can do that as well. Just PUT to https://host/mgmt/tm/sys/syslog with json body like:

{"include": "syslog config details here...use \n for line breaks"}

— Reply to this email directly, view it on GitHub https://github.com/f5devcentral/f5-automation-labs/issues/230#issuecomment-1284638585, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZBWEOI5IP5OA2UPW5FMVFLWEBY6TANCNFSM6AAAAAARJLCRRE. You are receiving this because you were mentioned.Message ID: @.***>

Ronnie110755 avatar Oct 20 '22 15:10 Ronnie110755

no pictures were included in my message above.... live and learn

Ronnie110755 avatar Oct 20 '22 15:10 Ronnie110755

Postman working too - NEXT!!!! Thanks Jason - Much Obliged!

Ronnie110755 avatar Oct 20 '22 16:10 Ronnie110755

glad they are working. You do need to save config for it to persist, though.

<POST> /mgmt/tm/sys/config -d '{"command":"save"}'

f5-rahm avatar Oct 20 '22 16:10 f5-rahm