Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Junos Syslog Engine for Salt

 

Juniper Networks provides support for using Salt to manage devices running Junos OS. The Salt installation includes the Junos syslog engine (for Salt), which listens for Junos OS system log messages from managed devices and publishes them on the Salt event bus. The Junos syslog engine, in conjunction with existing or custom reactors, enables you to use Salt for event-based state management of devices running Junos OS.

The following sections discuss how the Junos syslog engine works, how to configure and enable it, how to configure the events to send and subscribe to, and how to view these events on the event bus.

Understanding the Junos Syslog Engine

Junos OS generates system log messages (also called syslog messages) to record events that occur on the device, including events for routine operations, failure and error conditions, and emergency or critical conditions. System log messages can contain the following information:

  • Junos OS process that generated the message

  • Date and time the message was generated

  • Severity of the event

  • Tag that uniquely identifies the event

  • String that provides information about the event

For example, the following syslog message records the successful completion of a commit operation on router1:

Salt engines are external system processes that are monitored by and leverage Salt. Salt engines can export or import events on the Salt event bus. The Salt installation includes the Junos syslog engine, which can monitor Junos OS system log messages that are sent to the Salt server and publish them on the Salt event bus. Figure 1 illustrates a Salt setup that includes the Junos syslog engine. When enabled, the Junos syslog engine listens on the specified port for syslog events from managed devices running Junos OS.

Figure 1: Junos Syslog Engine
Junos Syslog Engine

When the Junos syslog engine receives an event, it extracts the event information, translates it to Salt format, and publishes it on the Salt event bus. The following output represents the same commit complete event as it is displayed on the Salt event bus:

Salt events all use the same basic data structure, which consists of an event tag and a body. The event tag is just a high-level description of the event, and the body is a dictionary that contains the event details. In the previous example, the event tag is jnpr/syslog/router1/UI_COMMIT_COMPLETED.

How to Enable the Junos Syslog Engine

The Junos syslog engine requires installing the pyparsing and twisted Python modules on the server where the engine runs. This documentation assumes the Junos syslog engine is running on the Salt master. For detailed instructions on installing the prerequisites and enabling the Junos syslog engine, see Configuring the Junos Syslog Engine in the Salt for Junos OS Quick Start Guide.

To use the Junos syslog engine, you must configure the device running Junos OS to send its syslog messages to a designated port on the Salt master. You can configure the device to send all events or only events corresponding to a specific facility or message severity level.

To send all events, configure any any to indicate all facilities and all message severity levels.

To send, for example, only security events with a severity level of info or higher, configure security info.

For more information about system logging facilities and message severity levels, see Junos OS System Logging Facilities and Message Severity Levels.

To enable the Junos syslog engine, you must configure the engine under the engines key in the Salt master configuration file and specify the same port that you configured on the devices running Junos OS.

To apply the configuration, you must restart the Salt master, which automatically starts the Junos syslog engine process. The Junos syslog engine then listens for Junos OS syslog messages on the specified port, extracts the event information, and publishes it in Salt format on the Salt event bus. To create and configure reactors that automatically take action when specific events occur, see Configuring Salt Reactors for Junos OS Events.

How to Configure the Event Tag

Events published to the Salt event bus have two components: the event tag and the data. Junos OS events use the following default event tag (or event topic) syntax:

The event tag for Junos OS events must always start with jnpr/syslog, but you can customize the remaining fields by defining the topic parameter in the engine configuration and specifying the fields to include. For example, the following configuration generates event tags that include the device’s IP address, the process that generated the message, and the event:

When you configure this syntax, the tag for a completed commit operation event might be:

The event tag fields can include any combination of the following fields after jnpr/syslog/:

  • daemon

  • event

  • hostip

  • hostname

  • message

  • pid

  • priority

  • raw (the raw event data forwarded from the device)

  • severity

  • timestamp

How to Subscribe to Events for Specific Junos OS Processes

As described in How to Enable the Junos Syslog Engine, you can configure which syslog events the device running Junos OS sends to the Junos syslog engine. By default, the Junos syslog engine publishes the event data for all received events on the Salt event bus. You can also customize the Junos syslog engine to only subscribe to certain processes by configuring the daemon parameter in the engine configuration. When you configure this parameter, the Junos syslog engine only publishes the events pertaining to those processes on the Salt event bus.

The following Salt engine configuration subscribes the Junos syslog engine to events from the management process (mgd) and the routing protocol process (rpd):

After restarting the salt-master process to apply the configuration, the Junos syslog engine only publishes events from these two processes on the Salt event bus.

How to View Events on the Salt Event Bus

Salt runners execute modules on the Salt master rather than on the minions. You execute runners by using the salt-run command. To view the events on the Salt master event bus in real time, execute the following command, which displays the events in the terminal:

saltuser@salt-master~$ sudo salt-run state.event pretty=True

If you want to quickly trigger an event, you can ping the minion as shown in the following example:

saltuser@salt-master~$ sudo salt 'router1' test.ping

The corresponding event bus output shows the Salt job and the minion’s response.

To test the Junos syslog engine configuration, you can execute an operation on the device running Junos OS. The device must be configured to send messages with that operation’s facility and that severity level to the Junos syslog engine. In addition, the engine must be subscribed to messages from that process (or all processes, which is the default). When you execute the operation, the Junos syslog engine publishes the event to the Salt event bus.