Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

internal Syslog not working #3343

Open
kclimie opened this issue Dec 10, 2024 · 0 comments
Open

internal Syslog not working #3343

kclimie opened this issue Dec 10, 2024 · 0 comments

Comments

@kclimie
Copy link

kclimie commented Dec 10, 2024

I have installed oxidized in a docker container on ubuntu 22.04.1 and is working perfectly with the exception of the built-in syslog. It does not appear to be binding to the UDP port and no messages are logged.

Here is my compose.yaml file:

---

services:
  oxidized:
    image: oxidized/oxidized:latest
    container_name: oxidized
    networks:
      - frontend
    ports:
      - 8888:8888/tcp
      - 1514:1514/udp
    environment:
      - CONFIG_RELOAD_INTERVAL=21600
      - TZ=America/New_York
    volumes:
      - /opt/docker/oxidized/data:/home/oxidized/.config/oxidized
      - /opt/docker/oxidized/ssh:/home/oxidized/.ssh
    restart: unless-stopped

networks:
  frontend:
    external: true

I can see that UDP port 1514 is being bound on the host:

user@host:/opt/docker/oxidized$ netstat -an | grep 1514
udp        0      0 0.0.0.0:1514            0.0.0.0:*                          
udp6       0      0 :::1514                 :::*                               
user@host:/opt/docker/oxidized$ 

I have also verified that the port is mapped to the container within docker:

user@host:/opt/docker/oxidized/data$ docker ps | grep oxidiz
e8fed242965c   oxidized/oxidized:latest          "/sbin/my_init"          7 minutes ago   Up 2 minutes          0.0.0.0:1514->1514/udp, :::1514->1514/udp, 0.0.0.0:8888->8888/tcp, :::8888->8888/tcp   oxidized
user@host:/opt/docker/oxidized/data$ 

tcpdump shows messages are received on the network-facing interface:

user@host:/opt/docker/oxidized$ sudo tcpdump -i enp6s18 -n dst port 1514
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp6s18, link-type EN10MB (Ethernet), snapshot length 262144 bytes
08:52:28.406593 IP 192.168.0.1.51368 > 192.168.0.14.1514: UDP, length 116
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel
user@host:/opt/docker/oxidized$ 

As well as within the container:

root@e8fed242965c:/# tcpdump -n dst port 1514
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
08:54:28.178595 IP 192.168.0.1.51368 > 172.18.0.9.1514: UDP, length 116
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel
root@e8fed242965c:/# 

Here is the oxidized config:

---
username: ios-user
password: Cisco123
model: ios
resolve_dns: true
interval: 600
use_syslog: false
debug: false
run_once: false
threads: 30
use_max_threads: false
timeout: 20
retries: 3
prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/
rest: 0.0.0.0:8888
syslogd:
  port: 1514
#  file: "/home/oxidized/.config/oxidized/messages.log"
  resolve: false
next_adds_job: false
#vars: {}
vars:
  auth_methods: ["password"]
groups: {}
group_map: {}
models: {}
pid: "/home/oxidized/.config/oxidized/pid"
crash:
  directory: "/home/oxidized/.config/oxidized/crashes"
  hostnames: false
stats:
  history_size: 10
input:
  default: ssh, telnet
  debug: false
  ssh:
    secure: false
  ftp:
    passive: true
  utf8_encoded: true

output:
  default: file
  file:
    directory: "/home/oxidized/.config/oxidized/configs"

source:
  default: csv
  csv:
    file: "/home/oxidized/.config/oxidized/router.db"
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1
      ip: 2
    gpg: false

model_map:
  juniper: junos
  cisco: ios

Within the container, nothing is bound to UDP port 1514:

root@e8fed242965c:/# netstat -an | grep udp
udp        0      0 127.0.0.11:44790        0.0.0.0:*                          
root@e8fed242965c:/# 

Finally, here is the output of the container console:

user@host:/opt/docker/oxidized$ docker compose up
[+] Running 1/0
 ✔ Container oxidized  Created                                                                                    0.0s 
Attaching to oxidized
oxidized  | *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
oxidized  | *** Running /etc/my_init.d/10_syslog-ng.init...
oxidized  | Dec 10 09:08:28 e8fed242965c syslog-ng[13]: syslog-ng starting up; version='4.3.1'
oxidized  | *** Booting runit daemon...
oxidized  | *** Runit started as PID 22
oxidized  | Dec 10 09:08:29 e8fed242965c cron[28]: (CRON) INFO (pidfile fd = 3)
oxidized  | Dec 10 09:08:29 e8fed242965c cron[28]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
oxidized  | I, [2024-12-10T09:08:29.734643 #29]  INFO -- : Oxidized starting, running as pid 29
oxidized  | I, [2024-12-10T09:08:29.735309 #29]  INFO -- : lib/oxidized/nodes.rb: Loading nodes
oxidized  | I, [2024-12-10T09:08:29.843359 #29]  INFO -- : lib/oxidized/nodes.rb: Loaded 1 nodes
oxidized  | Puma starting in single mode...
oxidized  | * Puma version: 6.4.2 (ruby 3.2.3-p157) ("The Eagle of Durango")
oxidized  | *  Min threads: 0
oxidized  | *  Max threads: 5
oxidized  | *  Environment: development
oxidized  | *          PID: 29
oxidized  | * Listening on http://0.0.0.0:8888
oxidized  | Use Ctrl-C to stop
oxidized  | I, [2024-12-10T09:08:39.087231 #29]  INFO -- : Configuration updated for /cisco-router

So it appears as if syslog-ng is loading, but not binding to anything, and as a result no messages are being logged, so the scripts aren't firing off.

I have tried setting the "use_syslog: true" in the oxidized config, but that didn't solve it either (though the container logs did go to the containers /var/log/messages file).

Can someone point me in the right direction to get it working?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant