TCP syslog server is not reachable-f5-all

TCP syslog server is not reachable-f5-all
0

TCP syslog server is not reachable-f5-all

Vendor: f5

OS: all

Description:
indeni will alert if one of the Syslog servers configured for use over TCP is not responding.

Remediation Steps:
Verify that the firewall is allowing the traffic and that the syslog service is running.

How does this work?
This alert logs into the F5 device through SSH, parses the output of the command “tmsh list sys syslog”, extracts the configured tcp syslog servers and test the connection to them.

Why is this important?
A syslog server is not reachable from the device. This could result in lost messages in which traceability would be severely impacted. This script verifies that any configured syslog servers using TCP is can be reached by establishing a TCP connection to each one.

Without Indeni how would you find this?
An administrator could could periodically log into the device through SSH, enter TMSH and execute the command “list sys syslog” in order to identify the configured syslog servers. For each syslog server using TCP he could then test the connectivity by issuing the command "nc -v -z ".

f5-tmsh-list-sys-syslog-test-tcp

name: f5-tmsh-list-sys-syslog-test-tcp
description: Test configured tcp syslog servers
type: monitoring
monitoring_interval: 10 minutes
requires:
    vendor: f5
    product: load-balancer
    linux-based: 'true'
    shell: bash
comments:
    tcp-syslog-state:
        why: |
            A syslog server is not reachable from the device. This could result in lost messages in which traceability would be severely impacted. This script verifies that any configured syslog servers using TCP is can be reached by establishing a TCP connection to each one.
        how: |
            This alert logs into the F5 device through SSH, parses the output of the command "tmsh list sys syslog", extracts the configured tcp syslog servers and test the connection to them.
        without-indeni: |
            An administrator could could periodically log into the device through SSH, enter TMSH and execute the command "list sys syslog" in order to identify the configured syslog servers. For each syslog server using TCP he could then test the connectivity by issuing the command "nc -v -z <ip> <port>".
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: tmsh-list-sys-syslog-test-tcp.remote.1.bash
    parse:
        type: AWK
        file: tmsh-list-sys-syslog-test-tcp.parser.1.awk

cross_vendor_syslog_tcp_accessible

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.StateDownTemplateRule
/**
  *
  */
case class cross_vendor_syslog_tcp_accessible() extends StateDownTemplateRule(
  ruleName = "cross_vendor_syslog_tcp_accessible",
  ruleFriendlyName = "All Devices: TCP syslog server is not reachable",
  ruleDescription = "indeni will alert if one of the Syslog servers configured for use over TCP is not responding.",
  metricName = "tcp-syslog-state",
  applicableMetricTag = "name",
  alertItemsHeader = "Unreachable Syslog Servers",
  alertDescription = "One of the configured syslog servers is not reachable from the device. This could result in lost messages which would result in traceability being severely impacted.",
  baseRemediationText = "Verify that the firewall is allowing the traffic and that the syslog service is running."
)(
)