Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. RSyslog>
  3. users
PMCISCOIOS Module Issue
rsyslog at lists
Mar 19, 2024, 6:31 AM
Post #1 of 5 (77 views)
Permalink
Good Morning,

I am hopeful this mailing list is still monitored, and that this is not falling onto deaf ears. I am currently trying to implement an Rsyslog Remote Server to consolidate the logs of all of our Cisco switches. The server is collecting the data, however because of the format of the Cisco IOS logs, it is not properly parsing and recognizing the host and source of the remote logs. Rsyslog is prepending a its own IP address, and timestamp, and making the data difficult more difficult to read. I have dug through the documentation and found that there is a module called pmciscoios that is supposed to aide in fixing this issue. Unfortunately, I am currently running rsyslogd 8.2102.0-7.el8_6.1 (aka 2021.02), on RHEL 8.6 and the pmciscoios module is missing. Through further research I was able to find the pmciscoios.c file through GITHUB but was unable to figure out how to convert it to a .so format in order to add it to /lib64/rsyslog and have it read properly. Has anyone dealt with this is
sue previously, and do you have any suggestions for how I might be able to fix this? I would be very grateful for any assistance or feedback. Thank you in advance!

Very Respectfully,


Roy White, MBA

SysOps Project Manager, Information Technology


_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: PMCISCOIOS Module Issue [ In reply to ]
rsyslog at lists
Mar 19, 2024, 6:57 AM
Post #2 of 5 (77 views)
Permalink
We do this at Bard, without any extra modules. I changed the format for
output to:

template(name="myASAFormat"
type="string"
string="%TIMESTAMP:::date-rfc3339% %fromhost-ip%
%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")

Then in the action section for handling incoming Cisco logs I specified:

template="myASAFormat"

We don't get the hostname this way, but that isn't an issue for us.

-Sean

Sean Maguire
System Administrator
Bard College I.T.


On Tue, Mar 19, 2024 at 9:31?AM Roy White via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> Good Morning,
>
> I am hopeful this mailing list is still monitored, and that this is not
> falling onto deaf ears. I am currently trying to implement an Rsyslog
> Remote Server to consolidate the logs of all of our Cisco switches. The
> server is collecting the data, however because of the format of the Cisco
> IOS logs, it is not properly parsing and recognizing the host and source of
> the remote logs. Rsyslog is prepending a its own IP address, and timestamp,
> and making the data difficult more difficult to read. I have dug through
> the documentation and found that there is a module called pmciscoios that
> is supposed to aide in fixing this issue. Unfortunately, I am currently
> running rsyslogd 8.2102.0-7.el8_6.1 (aka 2021.02), on RHEL 8.6 and the
> pmciscoios module is missing. Through further research I was able to find
> the pmciscoios.c file through GITHUB but was unable to figure out how to
> convert it to a .so format in order to add it to /lib64/rsyslog and have it
> read properly. Has anyone dealt with this is
> sue previously, and do you have any suggestions for how I might be able
> to fix this? I would be very grateful for any assistance or feedback. Thank
> you in advance!
>
> Very Respectfully,
>
>
> Roy White, MBA
>
> SysOps Project Manager, Information Technology
>
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: PMCISCOIOS Module Issue [ In reply to ]
rsyslog at lists
Mar 19, 2024, 7:43 AM
Post #3 of 5 (77 views)
Permalink
if Redhat does not provide you with the pmciscoios module, then you need to
upgrade to a version that the community supports install that package from the
community repo.

see https://www.rsyslog.com/rhelcentos-rpms/ for instructions.

David Lang

P.S. this list is very much still alive and the primary way to get support from
the community.

On Tue, 19 Mar 2024, Roy White via rsyslog wrote:

> Good Morning,
>
> I am hopeful this mailing list is still monitored, and that this is not falling onto deaf ears. I am currently trying to implement an Rsyslog Remote Server to consolidate the logs of all of our Cisco switches. The server is collecting the data, however because of the format of the Cisco IOS logs, it is not properly parsing and recognizing the host and source of the remote logs. Rsyslog is prepending a its own IP address, and timestamp, and making the data difficult more difficult to read. I have dug through the documentation and found that there is a module called pmciscoios that is supposed to aide in fixing this issue. Unfortunately, I am currently running rsyslogd 8.2102.0-7.el8_6.1 (aka 2021.02), on RHEL 8.6 and the pmciscoios module is missing. Through further research I was able to find the pmciscoios.c file through GITHUB but was unable to figure out how to convert it to a .so format in order to add it to /lib64/rsyslog and have it read properly. Has anyone dealt with this
is
> sue previously, and do you have any suggestions for how I might be able to fix this? I would be very grateful for any assistance or feedback. Thank you in advance!
>
> Very Respectfully,
>
>
> Roy White, MBA
>
> SysOps Project Manager, Information Technology
>
>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: PMCISCOIOS Module Issue [ In reply to ]
rsyslog at lists
Mar 19, 2024, 8:12 AM
Post #4 of 5 (77 views)
Permalink
To David’s point it is a trivial process to replace/upgrade the RHEL default version of rsyslog with the packages maintained in the Addison repository, and folks should not be afraid of doing so as the RHEL versions can be notoriously out of date.



> On Mar 19, 2024, at 09:43, David Lang via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> if Redhat does not provide you with the pmciscoios module, then you need to upgrade to a version that the community supports install that package from the community repo.
>
> see https://www.rsyslog.com/rhelcentos-rpms/ for instructions.
>
> David Lang
>
> P.S. this list is very much still alive and the primary way to get support from the community.
>
> On Tue, 19 Mar 2024, Roy White via rsyslog wrote:
>
>> Good Morning,
>>
>> I am hopeful this mailing list is still monitored, and that this is not falling onto deaf ears. I am currently trying to implement an Rsyslog Remote Server to consolidate the logs of all of our Cisco switches. The server is collecting the data, however because of the format of the Cisco IOS logs, it is not properly parsing and recognizing the host and source of the remote logs. Rsyslog is prepending a its own IP address, and timestamp, and making the data difficult more difficult to read. I have dug through the documentation and found that there is a module called pmciscoios that is supposed to aide in fixing this issue. Unfortunately, I am currently running rsyslogd 8.2102.0-7.el8_6.1 (aka 2021.02), on RHEL 8.6 and the pmciscoios module is missing. Through further research I was able to find the pmciscoios.c file through GITHUB but was unable to figure out how to convert it to a .so format in order to add it to /lib64/rsyslog and have it read properly. Has anyone dealt with this
> is
>> sue previously, and do you have any suggestions for how I might be able to fix this? I would be very grateful for any assistance or feedback. Thank you in advance!
>>
>> Very Respectfully,
>>
>>
>> Roy White, MBA
>>
>> SysOps Project Manager, Information Technology
>>
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: PMCISCOIOS Module Issue [ In reply to ]
rsyslog at lists
Mar 19, 2024, 8:53 AM
Post #5 of 5 (77 views)
Permalink
Thank you all very much for your suggestions and support. I am amazed at how quickly these answers came and expected to be waiting for a few days to hear back. I am very grateful that I signed up for this mailing list. I am hopeful that the downloaded the community version fixes the problem and will share the resolution as we come to it.

Thank you again to John, David, and Sean!

Very Respectfully,

Roy White
________________________________
From: John Chivian <jchivian@chivian.com>
Sent: Tuesday, March 19, 2024 10:12 AM
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: David Lang <david@lang.hm>; Roy White <Roy_White@stuller.com>
Subject: Re: [rsyslog] PMCISCOIOS Module Issue

To David?s point it is a trivial process to replace/upgrade the RHEL default version of rsyslog with the packages maintained in the Addison repository, and folks should not be afraid of doing so as the RHEL versions can be notoriously out of date.



> On Mar 19, 2024, at 09:43, David Lang via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> if Redhat does not provide you with the pmciscoios module, then you need to upgrade to a version that the community supports install that package from the community repo.
>
> see https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rsyslog.com%2Frhelcentos-rpms%2F&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904955548%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=0T9O9gjxflIRAYtEAZYN6hMK9aViA9yGND%2FBtaUH0xk%3D&reserved=0<https://www.rsyslog.com/rhelcentos-rpms/> for instructions.
>
> David Lang
>
> P.S. this list is very much still alive and the primary way to get support from the community.
>
> On Tue, 19 Mar 2024, Roy White via rsyslog wrote:
>
>> Good Morning,
>>
>> I am hopeful this mailing list is still monitored, and that this is not falling onto deaf ears. I am currently trying to implement an Rsyslog Remote Server to consolidate the logs of all of our Cisco switches. The server is collecting the data, however because of the format of the Cisco IOS logs, it is not properly parsing and recognizing the host and source of the remote logs. Rsyslog is prepending a its own IP address, and timestamp, and making the data difficult more difficult to read. I have dug through the documentation and found that there is a module called pmciscoios that is supposed to aide in fixing this issue. Unfortunately, I am currently running rsyslogd 8.2102.0-7.el8_6.1 (aka 2021.02), on RHEL 8.6 and the pmciscoios module is missing. Through further research I was able to find the pmciscoios.c file through GITHUB but was unable to figure out how to convert it to a .so format in order to add it to /lib64/rsyslog and have it read properly. Has anyone dealt with this
> is
>> sue previously, and do you have any suggestions for how I might be able to fix this? I would be very grateful for any assistance or feedback. Thank you in advance!
>>
>> Very Respectfully,
>>
>>
>> Roy White, MBA
>>
>> SysOps Project Manager, Information Technology
>>
>>
>> _______________________________________________
>> rsyslog mailing list
>> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904963038%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=gTSLo3N1Z8Ts9u%2BmuOZB%2BroBCmQd63DLhtMOXzbN6qI%3D&reserved=0<https://lists.adiscon.net/mailman/listinfo/rsyslog>
>> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904966134%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=c%2FiI2oCRzEIf0n7xt7PbCXkzHBVAal1soR1%2FqBcxP1c%3D&reserved=0<http://www.rsyslog.com/professional-services/>
>> What's up with rsyslog? Follow https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904969031%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Go8yc8TorD%2FkKI9ISBOHg53pIEm8Y%2BJvrKZF5f4HuUc%3D&reserved=0<https://twitter.com/rgerhards>
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.adiscon.net%2Fmailman%2Flistinfo%2Frsyslog&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904971729%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=NMhOStqJmPG9D9RaB0ep643XRujzLEIm5rHUkukpRfo%3D&reserved=0<https://lists.adiscon.net/mailman/listinfo/rsyslog>
> https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.rsyslog.com%2Fprofessional-services%2F&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904974534%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=RFcxcULFmITh3vJGI7He9KybaYcE63H2%2BLYX3Xl71F0%3D&reserved=0<http://www.rsyslog.com/professional-services/>
> What's up with rsyslog? Follow https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Frgerhards&data=05%7C02%7CRoy_White%40stuller.com%7Ce053df1c54eb4bc1837808dc482714ef%7Ccb9664e85422433d8d60c396baf71196%7C0%7C0%7C638464579904977227%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=I839IWRnldeFle%2FIEkya01eotEc6wDp3JjTPb6Pc46k%3D&reserved=0<https://twitter.com/rgerhards>
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal