No syslog servers are configured-juniper-junos

warn
best-practices
regulatory-complianc
junos
juniper
No syslog servers are configured-juniper-junos
0

#1

No syslog servers are configured-juniper-junos

Vendor: juniper

OS: junos

Description:
Ιndeni will alert if no syslog servers are configured for a specific device.

Remediation Steps:
Add syslog servers.

How does this work?
This script retrieves how the syslog servers are configured on the SRX device by running the command “show configuration system syslog” via SSH connection to a device.

Why is this important?
The SRX device can send log messages to the remote syslog servers.

Without Indeni how would you find this?
An administrator could log on to the device to run the command “show configuration system syslog” to collect the same information.

junos-show-configuration-system-syslog

#! META
name: junos-show-configuration-system-syslog
description: JUNOS SRX retrieve syslog server configuration information 
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
syslog-servers:
    why: |
        The SRX device can send log messages to the remote syslog servers. 
    how: |
        This script retrieves how the syslog servers are configured on the SRX device by running the command "show configuration system syslog" via SSH connection to a device. 
    without-indeni: |
        An administrator could log on to the device to run the command "show configuration system syslog" to collect the same information.
    can-with-snmp: false 
    can-with-syslog: false
    vendor-provided-management: |
        The commamnd line is available to retrieve this information

#! REMOTE::SSH
show configuration system syslog | display set | match host

#! PARSER::AWK
#set system syslog host 192.168.1.56 any critical
/^(set\s+system\s+syslog\s+host)/{
    host = $(NF - 2)
    facility = $(NF-1)
    severity = $NF 
    syslog_server[idx_1,"host"] = host 
    syslog_server[idx_1,"severity"] = severity 
    idx_1++
}

END{
    writeComplexMetricObjectArray("syslog-servers", null, syslog_server)
}

cross_vendor_syslog_servers_empty

package com.indeni.server.rules.library.crossvendor

import com.indeni.ruleengine.expressions.conditions.Equals
import com.indeni.ruleengine.expressions.data.SnapshotExpression
import com.indeni.server.rules.library.{ConditionalRemediationSteps, MultiSnapshotValueCheckTemplateRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class cross_vendor_syslog_servers_empty() extends MultiSnapshotValueCheckTemplateRule(
  severity = AlertSeverity.WARN,
  ruleName = "cross_vendor_syslog_servers_empty",
  ruleFriendlyName = "All Devices: No syslog servers are configured",
  ruleDescription = "Ιndeni will alert if no syslog servers are configured for a specific device.",
  metricName = "syslog-servers",
  alertDescription = "No syslog servers are configured on the device. It is critical to have at least one syslog server to collect device events on an external server. The logging information can be used to detect events and troubleshoot and analyze failures.",
  baseRemediationText = "Add syslog servers.",
  complexCondition = Equals(RuleHelper.createEmptyComplexArrayConstantExpression(), SnapshotExpression("syslog-servers").asMulti().mostRecent().value().noneable)
)(ConditionalRemediationSteps.OS_NXOS ->
  """|
    |1. Configure at least one syslog server using the "logging server <ip address> <severity> [facility <facility>] [use-vrf <vrf-name>]" NX-OS command
    |2. It is recommended to set the severity value to 6 (informational).
    |NOTE: The default syslog facility used by Nexus switches is "local7" . The default VRF is "management".  If you want syslog messages to be sent over the in-band global routing, use "default".
    |3. For more information please review the next configuration guide:
    |https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_5syslog.html""".stripMargin)