3. Usage CLI¶
RSE CLI is usable for RSX and RSE. RSC CLI is only usable for RSC.
3.1 RSE viewer (rseview)¶
Usage rseview:
-h,--help Display help
-s,--search <search string> <buffer> Search through logging
-v,--view <buffer> View logging
-l,--live <buffer> View live logging
-ls,--livesearch <search string> <buffer> Search through live logging
-t,--testmessage Send a test message
-c,--clearlog Clear log index
-p,--lifecyclepolicy Change lifecycle policy
-ps,--pslifecyclepolicy View lifecycle policy
-xi,--indexinfo View indexes
-xh,--healthinfo View elasticsearch health
-u,--usage View disk / ram usage
3.1.1 Display help¶
rseview -h
Displays help menu with all available options.
3.1.2 Display logging with search string¶
rseview -s mysearch 90
Displays logging with the given search string. Output will be given in the console. Buffer of 90 gives the latest 90 results.
3.1.3 Display logging¶
rseview -v 90
Displays the latest logging. Output will be given in the console. Buffer of 90 gives the latest 90 results. Buffer is default 50.
3.1.4 Display live logging¶
rseview -l 90
Displays live logging. Output will be given in the console. Buffer of 90 gives the latest 90 results. Buffer is default 50.
3.1.5 Display live logging with search string¶
rseview -ls mysearch 90
Displays live logging with the given search string. Output will be given in the console. Buffer of 90 gives the latest 90 results. Buffer is default 50.
3.1.6 Generate test message¶
rseview -t
Generates a test message. Run “rseview -s test” to check if it was successfull.
3.1.7 Clear all logging¶
rseview -c
Clears all logging. Output will be given in the console.
3.1.8 Change policy¶
rseview -p
Sets a new lifecycly plocicy for the elasticsearch remote syslog index. Data is given in day and gigabyte. Output will be given in the console.
3.1.9 Display policy¶
rseview -ps
Displays the lifecycle policy. Output will be given in the console.
3.1.10 Display index / shard info¶
rseview -xi
Displays index / shard info. Output will be given in the console.
3.1.11 Display cluster / server info¶
rseview -xh
Displays cluster / server info. Output will be given in the console.
3.1.12 Display usage¶
rseview -u
Displays disk and RAM info. Output will be given in the console.
3.1.13 Authentication for RSEVIEW¶
If you setup authentication for Elasticsearch then the RSEVIEW gets a update with the username and password as well. You need to change the following files:
File 1: /usr/bin/rseview
Change with the username and password:
USERNAME=
PASSWORD=
File 2: /opt/RSEVIEW/rs_init.php
Change with the username and password:
'user' => '',
'pass' => ''
The default login is nothing. When changed, the login username is probably “elastic”
3.1.14 Filter on date and string¶
To filter a date and a string, use the following example:
rseview -s "R_ISODATE:2022-08-15T13\\:56 AND myswitch" 400
To filter the date we use the R_ISODATE field.
3.2 RSC viewer (rsview)¶
Usage rsview:
-h,--help Display help
-s,--search <search string> Search through logging
-v,--view View logging
-l,--live View live logging
-ls,--livesearch <search string> Search through live logging
-t,--testmessage Send a test message
-c,--clearlog Clear total log archive
3.2.1 Display help¶
rsview -h
Displays help menu with all available options.
3.2.2 Display logging with search string¶
rsview -s mysearch
Displays logging with the given search string. Output will be given in the console.
3.2.3 Display logging¶
rsview -v
Displays the latest logging. Output will be given in the console.
3.2.4 Display live logging¶
rsview -l
Displays live logging. Output will be given in the console.
3.2.5 Display live logging with search string¶
rsview -ls
Displays live logging with the given search string. Output will be given in the console.
3.2.6 Generate test message¶
rsview -t
Generates a test message. Run “rsview -s test” to check if it was successfull.
3.2.7 Clear all logging¶
rsview -c
Clears all logging. Output will be given in the console.
3.3 RSE user management (rseuser)¶
Usage rseuser:
Please use the command as: rseuser <username> <rm or add> <web-only>
3.3.1 Add user¶
rseuser tom add web-only
Creates a user tom for the webinterface only. Drop the web-only option to setup a user for CLI.
3.3.2 Remove user¶
rseuser tom rm
Removes the user tom.
3.4 RSC user management (rsuser)¶
Usage rsuser:
Please use the command as: rsuser <username> <rm or add> <web-only>
3.4.1 Add user¶
rsuser tom add web-only
Creates a user tom for the webinterface only. Drop the web-only option to setup a user for CLI.
3.4.2 Remove user¶
rsuser tom rm
Removes the user tom.
3.5 Python module¶
Remote Syslog rslogger can be used to write important lines of informational logging from a python script to a remote syslog server. We found it usefull as we run multiple scripts on different hosts. With this we track the given info on a central / remote server. Example use case: automation scripts for device configuration.
3.5.1 Requirements¶
Remote Syslog core or other syslog listener must be running as minimum
Python script below has the same path as the running python script
3.5.2 Installation¶
Install the python socket module using the following command:
pip install socket
Get a local copy of this repo:
git clone https://github.com/tslenter/rslogger
cd rslogger
#On Windows:
copy rslogger <Directory of the project>
#On Linux
cp rslogger <Directory of the project>
3.5.3 Example with Cisco DNA Controller¶
The following is a demo example that extracts data from a Cisco DNA controller and sends the data string to a syslog socket:
import requests
import os
from requests.auth import HTTPBasicAuth
import urllib3
import argparse
from rslogger import syslog
from rslogger import fcl
from rslogger import lvl
#Disable HTTPS validation
urllib3.disable_warnings()
#Set variables to None
hostname = None
username = None
password = None
#Create HTTP header
headers = {
'content-type': "application/json",
'x-auth-token': ""
}
#Global information
print('Running from directory: ', os.getcwd())
#Add arguments
parser = argparse.ArgumentParser()
parser.add_argument('-n', '--hostname', help='Enter a hostname or ip of the Cisco DNA Controller', required=True)
parser.add_argument('-u','--username', help='Add a username', required=True)
parser.add_argument('-p', '--password', help='Add a password', required=True)
args = parser.parse_args()
#Extract variables from namespace to global
globals().update(vars(args))
#Generate token for DNA Controller
def dnac_login(host, passwrd, user):
# Generate token
BASE_URL = 'https://' + host
AUTH_URL = '/dna/system/api/v1/auth/token'
USERNAME = user
PASSWORD = passwrd
response = requests.post(BASE_URL + AUTH_URL, auth=HTTPBasicAuth(USERNAME, PASSWORD), verify=False)
token = response.json()['Token']
return token
#Extract data from DNA controller
def network_device_list(token, host):
url = "https://" + host + "/api/v1/network-device"
headers["x-auth-token"] = token
response = requests.get(url, headers=headers, verify=False)
data = response.json()
for item in data['response']:
#Feel free to list more information: item["hostname"],item["platformId"],item["softwareType"],item["softwareVersion"],item["upTime"], item["serialNumber"], item["managementIpAddress"]
message = str("hostname: ")+item["hostname"]
syslog(message, level=lvl['notice'], facility=fcl['log_audit'], host='172.16.201.2', port=514)
#Login to DNA Controller
if hostname or username or password != None:
print("Started session on: " + hostname)
print("Started session with user: " + username)
login = dnac_login(hostname, password, username)
network_device_list(login, hostname)
else:
print("Did you use the parameters to run this command?")
3.5.4 Available facility¶
kern, user, mail, daemon, auth, syslog, lpr, news, uucp, cron, authpriv, ftp, ntp, log_audit, log_alert, clock_daemon, local0, local1, local2, local3, local4, local5, local6, local7
3.5.5 Available levels¶
emerg, alert, crit, err, warning, notice, info, debug
3.5.6 Most basic code (Example)¶
from rslogger import syslog
from rslogger import fcl
from rslogger import lvl
Run test message to localhost (a syslog server is needed)
syslog()
Expected output:
Jul 5 17:02:21 localhost daemon: notice: Test is RS test message to localhost
Run with variables:
message=str('Hello world')
syslog(message, level=lvl['alert'], facility=fcl['daemon'], host='172.16.201.2', port=514)
Expected output (syslog server):
Jul 5 17:02:21 comp0001.remotesyslog.com rslogger: daemon: alert: rslogger_output: Hello world
3.6 Remote Syslog Programmer¶
Remote Syslog Programmer is a ssh connector written in python to configure device with SSH support. This connector can be used on multiple vendors. Tested for Ubiquiti and Cisco devices.
Capabilities: Configure multiple devices with the same configuration. All output will be written to a plain text file.
Created for: To update logging configuration for all network devices of the same type. Can be used for other configurations!
3.6.1 Installation¶
Copy to repo to the local machine:
git clone https://www.github.com/tslenter/RSPROGRAMMER
cd RSPROGRAMMER
3.6.2 Usage¶
Run as single cli command with multiple remote commands do:
python ssh_connect.py -n 172.16.9.1,172.16.10.1 -u <username> -p <strong_pw> -f commands.txt
Or for 1 host:
python ssh_connect.py -n 172.16.9.1 -u <username> -p <strong_pw> -f commands.txt
Run as single cli command with a single commands do:
python ssh_connect.py -n 172.16.9.1,172.16.10.1 -u <username> -p <strong_pw> -f "sh int status"
Or for 1 host:
python ssh_connect.py -n 172.16.9.1 -u <username> -p <strong_pw> -f "sh int status"
Run in interactive mode:
python ssh_connect.py
=================================
Interactive mode is loaded!
Enter switch: mysw001,mysw002
Enter username: <username>
Enter password: <strong_pw>
Enter filename or press enter for single command option: <enter file name like command.txt or press enter>
If you pressed enter the next question appears:
Enter command: <Type command>
The output of the commands will be written to: output.txt.
All options for ssh_connect.py:
python ssh_connect.py -h
Script is created by T.Slenter
The switches input is as following: hostname or ip,hostname or ip,hostname or ip
Running from directory: F:\ssh_connector\ssh_connector
usage: ssh_connect.py [-h] [-n HOST] [-u USERNAME] [-p PASSWORD] [-s SINGLECOMMAND] [-f FILE]
optional arguments:
-h, --help Show this help message and exit
-n HOST, --host HOST Enter a hostname or ip, multiple hostname and ips are supported use seperator=,
-u USERNAME, --username USERNAME Add a username
-p PASSWORD, --password PASSWORD Add a password
-s SINGLECOMMAND, --singlecommand SINGLECOMMAND Enter a single command
-f FILE, --file FILE Add file with commands
3.7 RSEDUMPER¶
RSEDUMPER is a small tool that can dump the default RSE index with color style.
3.7.1 Installation¶
Copy to repo to the local machine:
git clone https://www.github.com/tslenter/RSEDUMPER
cd RSEDUMPER
cp rsedumper /usr/bin/
3.7.2 Usage¶
Run as single cli command with multiple remote commands do:
ubuntu@rssyslog001:~$rsedumper
##################################################
#Remote Syslog Elasticsearch Dumper #
#More information: https://www.remotesyslog.com #
#Remote Syslog dumper for Elasticsearch #
#Version: RSEDUMPER 0.1 #
#URL: https://github.com/tslenter/RSEDUMPER #
#Donation: https://github.com/tslenter/RS #
##################################################
Usage rseview:
-h,--help Display help
-c,--color Dump default RSE index in color
-n,--nocolor Dump default RSE index without color
Start the dump with:
without color:
rsedumper -n
or with color:
rsedumper -c