Loki: cisco logs trimmed when shown in Grafana

Grafana Loki
22

last but not least: the configuration file is a YAML file. If you need to indent some of the stanzas from the lefthand margin, then use space characters for it. Do not use the tab character because YAML does not like them.

23

Looking at my answer, I noticed that the text of my YAML is being trimmed by the editor. I included it below as an image to preserve its contents

Captura de pantalla 2024-01-20 a la(s) 19.52.33
Captura de pantalla 2024-01-20 a la(s) 19.52.331968×1316 252 KB

24

Problem with syslog format is that there was implementation first (and each vendor has own version) and then there was a standard RFC. Actually, there are 2 RFCs for syslog format. And vendors still don’t implement those RFCs properly (for example also Grafana is doesn’t generate proper syslog format feature request: use rfc3164-compliant timestamps for syslog messages · Issue #72703 · grafana/grafana · GitHub).
So syslog format needs custom parsing usually.

Just for the record: also OpenTelemetry collector can be used instead of Promtail. There can be also implemented business logic to fix weird vendor, version specific syslog implementations.

25

Hello Jan:
I would like to start discarding many of the SYSLOG messages before they reach Loki (for example: interfaces being granted power by a PoE switch, users loging in/out devices, …). I know the pattern of the messages I want to discard. My doubts are:

  • which process would be the most powerful in terms of tools to acomplish this task
  • how filtering tasks may or may not overwhelm the process itself

For the time being, I know Promtail will allow me do this via the “keep/discard” actions. I do not know how easy would be to do this -if possible- in SYSLOG-NG (I just use it to wait for the messages in UDP514 and forward them to Promtail).

Âż Would you instead choose OpenTelemetry instead of Promtail from a performance point of view or perhaps because of the tools it provides for business logic? Âżor both?

I believe OpenTelemetry would be necessary if I start implementing telemetry in the network devices. For the time being I have not been requested a feature like that, perhaps it is a must in a service provider environment whereby SNMP does not provide the granularity to follow a parameter much more frequently than the usual period of 5 minutes.

Hints/advice will be greatly appreciated.
Best regards

Rogelio

26

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.