-
-
Notifications
You must be signed in to change notification settings - Fork 28
Example: CISCO Syslog
Lorenzo Mangani edited this page Feb 8, 2021
·
1 revision
Status : functional, experimental plugin.
# sudo npm install --unsafe-perm -g @pastash/pastash @pastash/filter_app_cisco
Configure your system to send syslog to pastash using tcp, ie:
nfvis(config)# system settings logging host 1.2.3.4 port 9515 transport tcp
Configure paStash to convert Cisco Syslog event to HEP packets towards your HOMER/HEPIC socket:
input {
tcp {
host => 0.0.0.0
port => 9515
type=> syslog
}
}
filter {
if [udp_port] == 9515 {
multiline {
start_line_regex => /^<\d+?>\d+:\s(\*|)[A-Za-z]{3}\s{1,2}\d{1,2}\s\d{2}:\d{2}:\d{2}\.\d+.*ccsipDisplayMsg:/
}
app_cisco{}
}
}
output {
hep {
host => '127.0.0.1'
port => 9060
hep_id => 2223
hep_type => 1
}
}