# Log parsing - JUNOS messages log

Devang Patel  
NetOps  
Creating various functions to extract various log parameters from log string and based on matching event calling the appropriate remediation module. Remediation module will call the device connect module to capture appropriate data for further analysis.

In [210]:
'''
Importing required modules
'''
import re
from jnpr.junos import Device

In [211]:
'''
Extracting required data from JUNOS log messages
'''
def logParsing(log):
    '''
    Regex to break down junos log in chunk
    '''
    datetimestamp_log = r'(\w+\s+\d+)'
    timestamp_log = r'(\d+:\d+:\d+.\d+)'
    devicename_log = r'(\S+)'
    process_log = r'(\S+):'
    error_code_log = r'(\S+):'
    error_message_log = r'(.*)'
    separator_log = r'\s+'

    '''
    Complete log line from regex view
    '''
    syslog_re = (
        datetimestamp_log + separator_log + 
        timestamp_log + separator_log +
        devicename_log + separator_log + 
        process_log + separator_log +
        error_code_log + separator_log + 
        error_message_log)
    
    '''
    Parsing log line with regex
    '''
    matched = re.match(syslog_re,log)
    
    '''
    For debug only
    for i in range(1,(len(matched.groups())+1)):
        print(matched.group(i))
    '''
    '''
    Unpacking the matched group to individual variables to use further
    '''
    datestamp, timestamp, devicename, processname, errorcode, errormsg = (matched.groups())
    
    return(datestamp, timestamp, devicename, processname, errorcode, errormsg)

In [264]:
'''
Using PYEZ module to connect to lab router
'''
def junosDeviceConnect(cmd):
    hostname = '10.85.162.147'
    username = 'labroot'
    
    dev = Device(host=hostname, user=username, passwd='lab123')

    try:
        dev.open()
        print('Connected')
        
    except Exception as err:
        print(err)

    output = (dev.cli(cmd, warning=False))
    print(dev)
    dev.close()

    return(output)
    

In [260]:
def debugLinkDown(errormsg):
    down_intf = re.match(r'.+([x|g|e][e|t]-\d+\/\d+\/\d+)', errormsg)
    print('Please check the relatd circuit and router for inft:', down_intf.group(1))
    if down_intf:
        print(True, 'call remediation script or module by passing intf info')
        
    cmd = 'show interfaces terse'
    output = junosDeviceConnect(cmd)
    for line in (output.split('\n')):
        if down_intf.group(1) in line:
            print(line)
        #call remediation script or module 

In [261]:
def debugSchedSlip(errormsg):
    userslip = re.match(r'.+(user:\s+\d+ sec \d+ usec)', errormsg).group(1)
    systemslip = re.match(r'.+(system:\s+\d+ sec, \d+ usec)', errormsg).group(1)
    print('Check the CPU resources, who is hungry?', errormsg)
    print('User processes utilization:', userslip)
    print('Kernel utilization:', systemslip)
    
    '''
    Checking health of RPD on box
    '''
    cmd = 'show system processes extensive | match rpd'
    output = junosDeviceConnect(cmd)
    for line in (output.split('\n')):
        if 'rpd' in line:
            print(line)

In [262]:
log = "Dec 24 11:47:37.842  r1-re0 mib2d[6113]: SNMP_TRAP_LINK_DOWN: ifIndex 634, ifAdminStatus down(2), ifOperStatus down(2), ifName xe-0/1/0"
#log = "Dec 10 12:00:00.001  r1-re0 rpd[1234]: JTASK_SCHED_SLIP: 10 sec scheduler slip, user: 0 sec 0 usec, system: 0 sec, 123123123 usec"
datestamp, timestamp, devicename, processname, errorcode, errormsg = logParsing(log)


In [263]:
'''
Reporting of Intf down event and extracting the interface details
'''
if 'SNMP_TRAP_LINK_DOWN' in errorcode:
    print('#'*90)
    print('Calling LINK DOWN debugg routine')
    debugLinkDown(errormsg)

if 'JTASK_SCHED_SLIP' in errorcode:
    print('#'*90)
    print('Calling Resource utilization debugg routine')
    debugSchedSlip(errormsg)

##########################################################################################
Calling LINK DOWN debugg routine
Please check the relatd circuit and router for inft: xe-0/1/0
True call remediation script or module by passing intf info
Connected
Device(10.85.162.147)
i m in if of dev
xe-0/1/0                up    up
xe-0/1/0.0              up    up   inet     1.1.13.1/24     
