Support for Huawei VRP syslog "Config changed" in syslog-notify-oxidized.php

Hello

I would need to commit support for the syslog sent on Huawei VRP devices when the config changes. I implemented if in our current (28th of March) librenms system. The user is unfortunately not provided by the syslog so the value is fixed so far in my syslog-notify-oxidized.php

Here is the patch against our current (28th of March) librenms system.

-bash-4.2$ git diff
diff --git a/scripts/syslog-notify-oxidized.php b/scripts/syslog-notify-oxidized.php
index 6eab39d…3451ef3 100755
— a/scripts/syslog-notify-oxidized.php
+++ b/scripts/syslog-notify-oxidized.php
@@ -41,4 +41,7 @@ if (preg_match(‘/(SYS-(SW[0-9]±)?5-CONFIG_I|VSHD-5-VSHD_SYSLOG_CONFIG_I): Confi
} elseif (preg_match(’/startup-config was changed by (?P.+) from telnet client .*/‘, $msg, $matches)) {
$username = $matches[‘user’];
oxidized_node_update($hostname, $username, $msg);
-}
+} elseif (preg_match(’/HWCM/4/CFGCHANGE/', $msg, $matches)) {
+$username = ‘not_provided’;
+oxidized_node_update($hostname, $username, $msg);
+}

Here is an example of syslog:

00 deviceName HWCM/4/CFGCHANGE:OID 1.3.6.1.4.1.2011.6.10.2.1 Configure changed. (EventIndex=295, CommandSource=1, ConfigSource=2, ConfigDestination=4)

Could somebody review the patch and commit it ?

Thanx

You can commit this yourself. Just submit a pull request and we’ll discuss the code there.

Hello laf

I need to setup a dedicated “test” machine for this to occur, which will be done in a few days. Then I saw in the documentation that the process for pull requests is described, so it should be OK.

Thanx for reply and Bye

Hello

The pull request is on it’s way :

Bye

This is not working for me. What message do you gettting to librenms ?

I am getting this

This is not the one we match so far.

We expect HWCM/4/CFGCHANGE .

What is your exact device ?

huawei s5720-32x-ei-ac

which firmware do you have ?

Some info:
The patches are also applied on top of the VRP image (if not, there is a VLAN SNMP bug)

@PipoCanaja Please help me with this hooks, for me it is still doesnt work.

here is the conf on my switches

<snp>dis cur | inc info
info-center filter-id bymodule-alias VTY ACL_DENY
info-center filter-id bymodule-alias SSH SSH_FAIL
info-center filter-id bymodule-alias SNMP SNMP_FAIL
info-center filter-id bymodule-alias SNMP SNMP_IPLOCK
info-center filter-id bymodule-alias SNMP SNMP_IPUNLOCK
info-center filter-id bymodule-alias HTTP ACL_DENY
info-center loghost x.x.x.x
info-center timestamp debugging short-date without-timezone
info-center timestamp log short-date
info-center timestamp trap short-date

here is the info about switch

<snp>dis ver
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.170 (S5720 V200R010C00SPC600)
Copyright (C) 2000-2016 HUAWEI TECH CO., LTD
HUAWEI S5720-32X-EI-24S-AC Routing Switch uptime is 52 weeks, 1 day, 2 hours, 38 minutes

ES5D2S32S002 0(Master)  : uptime is 52 weeks, 1 day, 2 hours, 37 minutes
DDR    Memory Size      : 2048       M bytes
FLASH  Memory Size      : 344        M bytes
Pcb           Version   : VER.A
BootROM       Version   : 020a.0001
BootLoad      Version   : 020a.0001
CPLD          Version   : 0107
Software      Version   : VRP (R) Software, Version 5.170 (V200R010C00SPC600)

I installed syslog-ng rather than rsyslog and i getting these messages from huawei in syslog

2019-04-23 12:51:30 notice [hostname]%%01HWCM/5/TRAPLOG(S) OID 1.3.6.1.4.1.2011.6.10.2.1 configure changed. (EventIndex=138, CommandSource=1, ConfigSource=2, ConfigDestination=4)

so i am not getting HWCM/4/CFGCHANGE . but HWCM/5/TRAPLOG(S) if I save configuration on huawei switch …

here is the script in syslog-notify-oxidized.php

elseif (preg_match('/HWCM\/4\/CFGCHANGE/', $msg, $matches)) { //Huawei VRP devices CFGCHANGE syslog
    oxidized_node_update($hostname, $msg)

so if i will change it to my message what i getting i believe than it can work or not ?

elseif (preg_match('/HWCM\/5\/TRAPLOG(S)/', $msg, $matches)) { //Huawei VRP devices CFGCHANGE syslog
        oxidized_node_update($hostname, $msg)

I have working hooks for cisco, but this is still doesnt work. Maybe i have a mistake in my syslog_hook in config.php

# HUAWEI
$config['os']['vrp']['syslog_hook'][] = Array('regex' => '/OID 1.3.6.1.4.1.2011.6.10.2.1 configure changed./', 'script' => '/opt/librenms/scripts/syslog-notify-oxidized.php');

How can you see syslogs program from huawei devices ? here is how i can see it

Please help

Thank you.

I’ll have a look tomorrow. I don’t remember exactly those traps, ‘configure changed’ may occur every time you exit system-view, which is a little bit too much I would say.

Does not work either in my config right now … Running the version V200R011C10SPC600 now, and it seems the syslog changed.
Cannot dig this now. Oxidized is anyway configured to process each device every 2 hours.