How do I automate this? - K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x) #230
Comments
|
You can PUT to https://host/mgmt/tm/sys/syslog and update the include attribute. |
|
Thank you sir! I'll give it a go! |
|
@Ronnie110755 I created (and tested locally) an example with python and bigrest in python in this gist |
|
Jason,
More Goodies. Thanks!
This will work nicely.
Curious though, if there is a way using Postman?
using PUT, raw text
curl --location --request PUT
'https://192.168.50.102/mgmt/tm/sys/syslog' \
--header 'Authorization: Basic YWRtaW46bTB2MW5nIQ==' \
--header 'Content-Type: text/plain' \
--header 'Cookie:
BIGIPAuthCookie=E1CF1ECB4FcfB4liKVsvelxuboozQPZiWlGBxujc;
BIGIPAuthUsernameCookie=admin' \
--data-raw 'include "
filter f_remote_loghost {
level(warn..emerg);
};
destination d_remote_loghost {
tcp(\"10.7.3.11\" port(1468));
udp(\"10.7.3.11\" port(514));
};
log {
source(s_syslog_pipe);
filter(f_remote_loghost);
destination(d_remote_loghost);
};
"'
and getting:
{"code":415,"message":"Found invalid content-type. The content-type
must be application/json. The received content-type is
text/plain","errorStack":[],"apiError":1}
trying to resolve this.
It's good to have choices.
Ronnie
------ Original Message ------
From: "Jason Rahm" ***@***.***>
To: "f5devcentral/f5-automation-labs"
***@***.***>
Cc: "Ronnie110755" ***@***.***>; "Mention"
***@***.***>
Sent: 10/19/2022 4:39:26 PM
Subject: Re: [f5devcentral/f5-automation-labs] How do I automate this?
-K13333: Filtering log messages sent to remote syslog servers (11.x -
15.x)(Issue #230)
***@***.*** <https://github.com/Ronnie110755> I created (and tested
locally) an example with python and bigrest in python in this gist
<https://gist.github.com/jasonrahm/ef740a79359774aabadd0a9f6f092513>
—
Reply to this email directly, view it on GitHub
<#230 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZBWEONAHOBRH2P3O7CNAPTWEBL75ANCNFSM6AAAAAARJLCRRE>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
… |
|
Yes @Ronnie110755, if you want to use a postman collection, you can do that as well. Just PUT to https://host/mgmt/tm/sys/syslog with json body like:
Just for additional context for objects like this one, it is an unnamed resource, so you can't create them, you can just update them. You only need to provide the attributes you want to change. If there is no prior syslog configuration present, the include attribute isn't even present in the rest object when you request it. |
|
Jason,
Regarding the python script:
I assume it executes a save?
Also it worked like a charm and the formatting is a little off which I
assume won't make a difference.
This:
as opposed to this:
Checking out the postman option as well.
Thanks!
------ Original Message ------
From: "Jason Rahm" ***@***.***>
To: "f5devcentral/f5-automation-labs"
***@***.***>
Cc: "Ronnie110755" ***@***.***>; "Mention"
***@***.***>
Sent: 10/19/2022 6:30:01 PM
Subject: Re: [f5devcentral/f5-automation-labs] How do I automate this?
-K13333: Filtering log messages sent to remote syslog servers (11.x -
15.x)(Issue #230)
Yes @Ronnie110755 <https://github.com/Ronnie110755>, if you want to use
a postman collection, you can do that as well. Just PUT to
https://host/mgmt/tm/sys/syslog with json body like:
{"include": "syslog config details here...use \n for line breaks"}
—
Reply to this email directly, view it on GitHub
<#230 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AZBWEOI5IP5OA2UPW5FMVFLWEBY6TANCNFSM6AAAAAARJLCRRE>.
You are receiving this because you were mentioned.Message ID:
***@***.***>
… |
|
no pictures were included in my message above.... live and learn |
|
Postman working too - NEXT!!!! |
|
glad they are working. You do need to save config for it to persist, though.
|
I don't know if this is the appropriate place to post this issue. Apologies in advance.
Regarding the article: K13333: Filtering log messages sent to remote syslog servers (11.x - 15.x)
There are certain changes to be made to the sys config if we want to be able to filter out specific syslog events. i.e.
ENTER: tmsh
modify sys syslog remote-servers none
save sys config
edit sys syslog all-properties
You will enter a vi editor, so use vi commands:
Replace the include none line with the desired syslog filter.
delete line: include none
AT that same line, insert via cut and paste the following text:
include "
filter f_remote_loghost {
level(warn..emerg);
};
destination d_remote_loghost {
tcp("10.7.3.11" port(1468));
udp("10.7.3.11" port(514));
};
log {
source(s_syslog_pipe);
filter(f_remote_loghost);
destination(d_remote_loghost);
};
"
exit the vi editor by saving the file
The issue is, since we want to roll this out to new devices via automation, I am looking for ways to automate this particular change.
I get the sense that this won't be possible with Declarative Onboarding. I am not sure if it is possible with the Imperative model or not since it involves editing the syslog porting of the config file.
It could be scripted outside of those two methods but it would be great to be able to incorporate it in someway either via Postman or Ansible.
Any help ????
Many Thanks,
rjc
The text was updated successfully, but these errors were encountered: