Configure syslog match
The <syslog-match>
section of the oobc.properties.xml
file
contains the elements that describe how the OutOfBandChange daemon
should parse the syslog
file.
XML Syntax
The following example shows the
XML code for the <syslog-match>
element:
<syslog-match>
<!-- Matches Sthe most common log messages like
Apr 17 06:46:24 test_2-1 12980: Apr 17 02:46:23.318 EDT: %SYS-5-CONFIG_I:
Configured from console by unknown on vty0 (10.0.0.1) -->
<log-pattern actionName="ConfigSyncIn" uowPriority="LOW" notifyName="
FileNotifier">
<pattern>([A-S][a-u][by]\
s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+\[?([\.A-Za-z0-9_-
]+)\]?[\.\S+]*\s+.*?SYS-5-CONFIG_I:\s(Configured\
sfrom.*by\s(.*)\s+on\s(.*$))</pattern>
<timeStampIndex>1</timeStampIndex>
<dnsNameIndex>2</dnsNameIndex>
<userIdIndex>4</userIdIndex>
<descriptionIndex>3</descriptionIndex>
<sourceHostIndex>5</sourceHostIndex>
</log-pattern>
<!-- this pattern matches the most common log messages like
Apr 17 11:53:24 test_3-2 12984: Apr 17 07:52:23.318 EDT:
%SYS-5-CONFIG_I: Configured from console by vty0 (10.0.0.1)
-->
<log-pattern actionName="ConfigSyncIn" uowPriority="LOW" notifyName="
FileNotifier">
<pattern>([A-S][a-u][by]\
s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+\[?([\.A-Za-z0-9_-
]+)\]?[\.\S+]*\s+.*?SYS-5-CONFIG_I:\s(Configured\
sfrom.*by\s(.*)\s+on\s(.*$))</pattern>
<timeStampIndex>1</timeStampIndex>
<dnsNameIndex>2</dnsNameIndex>
<userIdIndex>4</userIdIndex>
<descriptionIndex>3</descriptionIndex>
<sourceHostIndex>5</sourceHostIndex>
</log-pattern>
<log-pattern actionName="Import" uowPriority="HIGH" notifyName="
FileNotifier">
<pattern>([A-S][a-u][by]\
s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+\[?([\.A-Za-z0-9_-
]+)\]?[\.\S+]*\s+.*?SYS-5-SUMTHIN_ELSE:\s(Configured\
sfrom.*by\s(.*)\s+on\s(.*$))</pattern>
<timeStampIndex>1</timeStampIndex>
<dnsNameIndex>2</dnsNameIndex>
<userIdIndex>4</userIdIndex>
<descriptionIndex>3</descriptionIndex>
<sourceHostIndex>5</sourceHostIndex>
</log-pattern>
<log-pattern actionName="Reload" uowPriority="MEDIUM" notifyName="
FileNotifier">
<pattern>([A-S][a-u][by]\
s+\d{1,2}\s+\d{2}:\d{2}:\d{2})\s+\[?([\.A-Za-z0-9_-
]+)\]?[\.\S+]*\s+.*?SYS-5-RELOAD:\s(Reload\srequested\
sby\s(.*)\s+on\s(.*$))</pattern>
<timeStampIndex>1</timeStampIndex>
<dnsNameIndex>2</dnsNameIndex>
<userIdIndex>4</userIdIndex>
<descriptionIndex>3</descriptionIndex>
<sourceHostIndex>5</sourceHostIndex>
</log-pattern>
</syslog-match>
Description
The <syslog-match>
section
of the oobc.properties.xml
file gives fine control
over what syslog
entries are considered an 'Out-Of-Band'
change as well as what 'actions' and 'notifications' must occur because
of the 'Out-Of-Band' change. There is only one <syslog-match>
element
but it will typically contain multiple <log-pattern>
elements
for each of the various types of entries found in a typical syslog
file.
The
following table describes the XML elements specified within the <syslog-match>
section
of the oobc.properties.xml
file:
XML element | Description |
---|---|
|
This is an outer wrapper element
that contains one or more |
|
A log-pattern describes what pattern
must be matched within the syslog file before it is considered an
'Out-Of-Band' change event. This element has two attributes which
reference other elements in this document by name. It contains one
attribute called The second attribute called The third attribute
called |
|
The pattern contains a Perl 5 regular
expression syntax describing what pattern of text to match within
the |
|
The index of the sub-expression within the 'pattern' that contains the time stamp. Also used
by the |
|
The index of the sub-expression within the 'pattern' that contains the DNS name (or IP address) of the network device that was changed. |
|
The index of the sub-expression within the 'pattern' that contains the user name that caused a change to the network device. |
|
The index of the sub-expression within the 'pattern' that contains the description of the change that occurred to the network device. |