efa notification subscribers add-syslog-relp

Registers a syslog subscriber to receive notifications over Reliable Event Logging Protocol (RELP) from the XCO Notification service.

Syntax

efa notification subscribers add-syslog-relp [ --address host:port ] [ --insecure ] [ --cacert local-path ] [ --conn-timeout seconds | --filter strings | --rfc5424 | --device-event strings | --minimum-severity string ]

Command Default

By default, subscribers do not receive syslog notifications over RELP.

Parameters

--address host:port
(Required) Specifies the address of the syslog server in host:port format. The default port is 514. Syslog server address can be IPv4 or IPv6.
--insecure
(Optional) Indicates that insecure SSL connection and transfers are used for sending notifications. By default, the SSL connection and transfers are secure.
--cacert local-path
(Optional) Specifies the local path to the cacert.pem file for SSL verification. Required only when the --insecure parameter is not specified.
--conn-timeout seconds
(Optional) Specifies the maximum amount of time allowed to open a connection to the syslog server before the request times out. The default is 10 seconds.
--filter strings
(Optional) Comma separated filter values. Possible values are “DEVICE_EVENTS” - RAS/auditlog events from devices, “APP_ALARMS” - fault alarms from application,“APP_ALERTS” - fault alerts from application, “APP_EVENTS” - task events from application. If no filters are provided it means all types. Example: --filters DEVICE_EVENTS,APP_ALARMS,APP_ALERTS,APP_EVENTS.
--rfc5424
(Optional) Enable RFC5424 message format for syslog subscribers. (Default: non-RFC5424 format)
--conn-timeout int
Timeout to open a connection to the server (default 10). (Optional)
--device-event strings
Comma separated filter values of allowed device event notifications. Possible values are "raslog", “audit-configuration”, “audit-firmware” and “audit-security”. If no sub-filters are provided it is equivalent to including all message types, e.g. --device-event raslog,audit-configuration,audit-firmware,audit-security. (Optional)
--minimum-severity string
Value of the minimum severity level value for all previously unfiltered DEVICE_EVENTS, APP_ALERTS, APP_EVENTS, and APP_ALARMS. Possible values are "critical", “error”, “warning” and “info”. If “info” or no sub-filter is provided then no filtering is done. Input of a higher level severity such as “critical”, “error” or “warning” results in all messages of lower severity to be filtered out. (Optional)

Usage Guidelines

Any external server that is configured with RELP can be registered as a subscriber to XCO notifications. For more information, see "Notification Service" in the ExtremeCloud Orchestrator Administration Guide.

Examples

The following example registers 10.x.x.x:20514 as a subscriber for insecure notifications.

$ efa notification subscribers add-syslog-relp --address 
10.x.x.x:20514 --insecure
Successfully registered subscriber.

+-----------+------------------------------------------------+
| attribute | value                                          |
+-----------+------------------------------------------------+
| id        | 1                         			 |
+-----------+------------------------------------------------+
| handler   | relp                                           |
+-----------+------------------------------------------------+
| endpoint  | 10.x.x.x:20514                                 |
+-----------+------------------------------------------------+
| config    | {"cacert":"","conn-timeout":10,"insecure":true}|
+-----------+------------------------------------------------+
Notification Subscriber ID=1
--- Time Elapsed: 2.399195253s ---

The following example enables rsyslog subscriber with only APP_ALERTS and DEVICE_EVENTS.

#efa notification subscribers add-syslog-relp --address 127.0.0.1:1601 --insecure
--filter APP_ALERTS,DEVICE_EVENTS 
Successfully registered subscriber. 
	 		
+-----------+----------------------------------------------------------------------------------+ 
| attribute | value                                                                            | 
+-----------+----------------------------------------------------------------------------------+ 
| id        | 19                                                                               | 
+-----------+----------------------------------------------------------------------------------+ 
| handler   | relp                                                                             | 
+-----------+----------------------------------------------------------------------------------+ 
| endpoint  | 127.0.0.1:1601                                                                   | 
+-----------+----------------------------------------------------------------------------------+ 
| config    | {"cacert":"","conn-timeout":10,"filters":["APP_ALERTS","DEVICE_EVENTS"],"insecur | 
|           | e":true}                                                                         | 
+-----------+----------------------------------------------------------------------------------+ 
Notification Subscriber ID=19 
--- Time Elapsed: 2.172557257s ---

The following example enables all notification types on rsyslog subscriber.

#efa notification subscribers add-syslog-relp --address 127.0.0.1:1601 --insecure  
Successfully registered subscriber. 
	 		
+-----------+--------------------------------------------------------------+ 
| attribute | value                                                        | 
+-----------+--------------------------------------------------------------+ 
| id        | 20                                                           | 
+-----------+--------------------------------------------------------------+ 
| handler   | relp                                                         | 
+-----------+--------------------------------------------------------------+ 
| endpoint  | 127.0.0.1:1601                                               | 
+-----------+--------------------------------------------------------------+ 
| config    | {"cacert":"","conn-timeout":10,"filters":[],"insecure":true} | 
+-----------+--------------------------------------------------------------+ 
Notification Subscriber ID=20 
--- Time Elapsed: 2.042797885s ---

The following example enables RFC-5424 format.

#efa notification subscribers add-syslog-relp --address 127.0.0.1:1601  --insecure --rfc5424 
Successfully registered subscriber. 
	 			
+-----------+-----------------------------------------------------------------------------+ 
| attribute | value                                                                       | 
+-----------+-----------------------------------------------------------------------------+ 
| id        | 7                                                                           | 
+-----------+-----------------------------------------------------------------------------+ 
| handler   | relp                                                                        | 
+-----------+-----------------------------------------------------------------------------+ 
| endpoint  | 134.141.21.190:1601                                                         | 
+-----------+-----------------------------------------------------------------------------+ 
| config    | {"cacert":"","conn-timeout":10,"filters":[],"insecure":true,"rfc5424":true} | 
+-----------+-----------------------------------------------------------------------------+ 
Notification Subscriber ID=7
The following example enables rsyslog subscriber with only APP_ALARMS, APP_ALERTS, and DEVICE_EVENTS. 
#efa notification subscribers add-syslog-relp --address 127.0.0.1:1601 --insecure 
--filter APP_ALARMS,APP_ALERTS,DEVICE_EVENTS 
Successfully registered subscriber. 
	 			
+-----------+----------------------------------------------------------------------------------+ 
| attribute | value                                                                            | 
+-----------+----------------------------------------------------------------------------------+ 
| id        | 19                                                                               | 
+-----------+----------------------------------------------------------------------------------+ 
| handler   | relp                                                                             | 
+-----------+----------------------------------------------------------------------------------+ 
| endpoint  | 127.0.0.1:1601                                                                   | 
+-----------+----------------------------------------------------------------------------------+ 
| config    | {"cacert":"","conn-timeout":10,"filters":["APP_ALARMS”,"APP_ALERTS",             | 
|           | "DEVICE_EVENTS"], "insecure":true}                                               | 
+-----------+----------------------------------------------------------------------------------+ 
Notification Subscriber ID=19 
--- Time Elapsed: 2.172557257s ---
The following example enables rsyslog subscriber with only notifications of warning or higher of APP_ALERTS and DEVICE_EVENTS, with DEVICE_EVENTS only including audit-security and audit-configuration. 
#efa notification subscribers add-syslog-relp --address 127.0.0.1:1601 --insecure 
--filter APP_ALERTS,DEVICE_EVENTS --device-event audit-security,audit-configuration 
--minimum-severity warning 
Successfully registered subscriber. 
	 			
+-----------+----------------------------------------------------------------------------------+ 
| attribute | value                                                                            | 
+-----------+----------------------------------------------------------------------------------+ 
| id        | 19                                                                               | 
+-----------+----------------------------------------------------------------------------------+ 
| handler   | relp                                                                             | 
+-----------+----------------------------------------------------------------------------------+ 
| endpoint  | 127.0.0.1:1601                                                                   | 
+-----------+----------------------------------------------------------------------------------+ 
| config    | {"cacert":"","conn-timeout":10,"filters":["APP_ALERTS","DEVICE_EVENTS"],         | 
|           | ”device-event”:[”audit-security”,”audit-configuration”],                         | 
|           } ”minimum-severity”,”warning”,"insecure":true}                                    | 
+-----------+----------------------------------------------------------------------------------+ 
Notification Subscriber ID=19 
--- Time Elapsed: 2.172557260s ---
The following example enables all notification types on rsyslog subscriber of severity error or higher. 
#efa notification subscribers add-syslog-relp --address 127.0.0.1:1601 
--insecure --minimum-severity error 
Successfully registered subscriber. 
	 			
+-----------+----------------------------------------------------------------------------------+ 
| attribute | value                                                                            | 
+-----------+----------------------------------------------------------------------------------+ 
| id        | 20                                                                               | 
+-----------+----------------------------------------------------------------------------------+ 
| handler   | relp                                                                             | 
+-----------+----------------------------------------------------------------------------------+ 
| endpoint  | 127.0.0.1:1601                                                                   | 
+-----------+----------------------------------------------------------------------------------+ 
| config    | {"cacert":"","conn-timeout":10,"filters":[],”minimum-severity”,”error”,          | 
|           | “device-event”:[],"insecure":true}                                               | 
+-----------+----------------------------------------------------------------------------------+ 
Notification Subscriber ID=20 
--- Time Elapsed: 2.042797881s ---
9037727-01 Rev AA