Syslog Servers In Use-juniper-junos

Syslog Servers In Use-juniper-junos
0

Syslog Servers In Use-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will verify that certain syslog servers are configured on a monitored device.

Remediation Steps:
Modify the device’s configuration as required.
|||1. On the device command line interface execute “show system syslog” command to review system log configuration.
|2. Check if the syslog server is accessible.
|3. Check if the severity level is set properly to ensure that the traffic log messages are captured.
|4. Consider specifying two remote syslog servers to which system logs are sent.
|5. Review the following article on Juniper TechLibrary for more information: SRX Getting Started - Configure System Logging.

How does this work?
This script retrieves how the syslog servers are configured on the SRX device by running the command “show configuration system syslog” via SSH connection to a device.

Why is this important?
The SRX device can send log messages to the remote syslog servers.

Without Indeni how would you find this?
An administrator could log on to the device to run the command “show configuration system syslog” to collect the same information.

junos-show-configuration-system-syslog

#! META
name: junos-show-configuration-system-syslog
description: JUNOS SRX retrieve syslog server configuration information 
type: monitoring
monitoring_interval: 60 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
syslog-servers:
    why: |
        The SRX device can send log messages to the remote syslog servers. 
    how: |
        This script retrieves how the syslog servers are configured on the SRX device by running the command "show configuration system syslog" via SSH connection to a device. 
    without-indeni: |
        An administrator could log on to the device to run the command "show configuration system syslog" to collect the same information.
    can-with-snmp: false 
    can-with-syslog: false
    vendor-provided-management: |
        The commamnd line is available to retrieve this information

#! REMOTE::SSH
show configuration system syslog | display set | match host

#! PARSER::AWK
#set system syslog host 192.168.1.56 any critical
/^(set\s+system\s+syslog\s+host)/{
    host = $(NF - 2)
    facility = $(NF-1)
    severity = $NF 
    syslog_server[idx_1,"host"] = host 
    syslog_server[idx_1,"severity"] = severity 
    idx_1++
}

END{
    writeComplexMetricObjectArray("syslog-servers", null, syslog_server)
}

verification_syslog_servers_in_use

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/sync_core_rules/SyslogServersInUseComplianceCheckRule.scala