TCP syslog server is not reachable-f5-all
Vendor: f5
OS: all
Description:
indeni will alert if one of the Syslog servers configured for use over TCP is not responding.
Remediation Steps:
Verify that the firewall is allowing the traffic and that the syslog service is running.
How does this work?
This alert logs into the F5 device through SSH, parses the output of the command “tmsh list sys syslog”, extracts the configured tcp syslog servers and test the connection to them.
Why is this important?
A syslog server is not reachable from the device. This could result in lost messages in which traceability would be severely impacted. This script verifies that any configured syslog servers using TCP is can be reached by establishing a TCP connection to each one.
Without Indeni how would you find this?
An administrator could could periodically log into the device through SSH, enter TMSH and execute the command “list sys syslog” in order to identify the configured syslog servers. For each syslog server using TCP he could then test the connectivity by issuing the command "nc -v -z ".
f5-tmsh-list-sys-syslog-test-tcp
name: f5-tmsh-list-sys-syslog-test-tcp
description: Test configured tcp syslog servers
type: monitoring
monitoring_interval: 10 minutes
requires:
vendor: f5
product: load-balancer
shell: bash
comments:
tcp-syslog-state:
why: |
A syslog server is not reachable from the device. This could result in lost messages in which traceability would be severely impacted. This script verifies that any configured syslog servers using TCP is can be reached by establishing a TCP connection to each one.
how: |
This alert logs into the F5 device through SSH, parses the output of the command "tmsh list sys syslog", extracts the configured tcp syslog servers and test the connection to them.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: tmsh-list-sys-syslog-test-tcp.remote.1.bash
parse:
type: AWK
file: tmsh-list-sys-syslog-test-tcp.parser.1.awk
cross_vendor_syslog_tcp_accessible
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_syslog_tcp_accessible.scala