Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6641: Add vyos-network-event-logger Service #4216

Open
wants to merge 1 commit into
base: current
Choose a base branch
from
Open

T6641: Add vyos-network-event-logger Service #4216

wants to merge 1 commit into from

Conversation

HollyGurza
Copy link
Contributor

The service parses and logs network events for improved monitoring and diagnostics. Supported event types include:

  • RTM_NEWROUTE, RTM_DELROUTE
  • RTM_NEWLINK, RTM_DELLINK
  • RTM_NEWADDR, RTM_DELADDR
  • RTM_NEWNEIGH, RTM_DELNEIGH, RTM_GETNEIGH
  • RTM_NEWRULE, RTM_DELRULE

Added operational mode commands for filtered log retrieval:

  • show log network-event <event-type> <interface>: Retrieve logs filtered by event type and interface.
  • show interfaces <type> <name> event-log <event-type>: Display interface-specific logs filtered by event type.

Change Summary

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

Proposed changes

log examples:

run show log network-event interface eth1

Dec 03 09:23:34 vyos-network-event-logger[21158]: [LINK]   3: eth1:  <BROADCAST,MULTICAST>  mtu 1500  qdisc fq_codel  state DOWN  group 0  link/ether 0c:89:0a:2e:00:01  brd ff:ff:ff:ff:ff:ff  [altname enp0s4] [altname ens4]
Dec 03 09:23:34 vyos-network-event-logger[21158]: [NEIGH]  Deleted  ff02::16  dev eth1 lladdr 33:33:00:00:00:16    NOARP
Dec 03 09:23:40 vyos-network-event-logger[21158]: [LINK]   3: eth1:  <BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500  qdisc fq_codel  state UP  group 0  link/ether 0c:89:0a:2e:00:01  brd ff:ff:ff:ff:ff:ff  [altname enp0s4] [altname ens4]
Dec 03 09:23:40 vyos-network-event-logger[21158]: [ROUTE]  broadcast 10.0.0.255 tos 0  dev eth1 table local proto kernel scope link src 10.0.0.1
Dec 03 09:23:40 vyos-network-event-logger[21158]: [ROUTE]  unicast 10.0.0.0/24 tos 0  dev eth1 table main proto kernel scope link src 10.0.0.1
Dec 03 09:23:40 vyos-network-event-logger[21158]: [ROUTE]  multicast ff00::/8 tos 0  dev eth1 table local proto kernel metric 256  pref medium

How to test

To check the correct parsing you can use logs from ip monitor label
configure network-event logger to listen events:

conf
set service monitoring network-event event addr
set service monitoring network-event event link
set service monitoring network-event event neigh
set service monitoring network-event event route
set service monitoring network-event event rule
commit

you can use IP utils to manipulate the interface and check logs or use some set interface * commands e.g.

generate pki ca install test_ca

conf
set interfaces bonding bond1 address 11.11.11.11/32
commit
run show interfaces bonding bond1 event-log
del interfaces bonding bond1
commit

set interfaces bridge br1 address 11.11.11.11/32
commit
run show interfaces bridge br1 event-log
del interfaces bridge br1
commit

set interfaces dummy dum1 address 11.11.11.11/32
commit
run show interfaces dummy dum1  event-log
del interfaces dummy dum1
commit

sudo ip link set down dev eth1
sudo ip link set up dev eth1
run show interfaces ethernet eth1 event-log

set interfaces geneve gnv1  address 11.11.11.11/32
set interfaces geneve gnv1 remote 127.0.0.1
set interfaces geneve gnv1 vni 10
commit
run show interfaces geneve gnv1 event-log
del interfaces geneve gnv1
commit

set interfaces input ifb1 redirect eth1
commit
run show interfaces input ifb1  event-log
del interfaces input ifb1
commit

set interfaces loopback lo address 11.11.11.11/32
commit
run show interfaces loopback lo event-log
del interfaces loopback lo address
commit

set interfaces macsec macsec1 address '11.11.11.11/32'
set interfaces macsec macsec1 security cipher 'gcm-aes-128'
set interfaces macsec macsec1 source-interface 'eth1'
commit
run show interfaces macsec macsec1 event-log
del interfaces macsec macsec1
commit

set interfaces pseudo-ethernet peth1 address '11.11.11.11/32'
set interfaces pseudo-ethernet peth1 source-interface 'eth1'
commit
run show interfaces pseudo-ethernet peth1 event-log
del interfaces pseudo-ethernet peth1
commit

set interfaces sstpc sstpc1 server '127.0.0.1'
set interfaces sstpc sstpc1 ssl ca-certificate 'test_ca'
commit
run show interfaces sstpc sstpc1 event-log
del interfaces sstpc sstpc1
commit

set interfaces tunnel tun1 address '11.11.11.11/32'
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 source-interface 'eth1'
commit
run show interfaces tunnel tun1 event-log
del interfaces tunnel tun1
commit

set interfaces virtual-ethernet veth1 address '11.11.11.11/32'
set interfaces virtual-ethernet veth1 peer-name 'veth2'
set interfaces virtual-ethernet veth2 peer-name 'veth1'
commit
run show interfaces virtual-ethernet veth1 event-log
del interfaces virtual-ethernet veth1
del interfaces virtual-ethernet veth2
commit

set interfaces vti vti1 address 11.11.11.11/32
commit
run show interfaces vti vti1 event-log
del interfaces vti vti1
commit

set interfaces vxlan vxlan1 address '11.11.11.11/32'
set interfaces vxlan vxlan1 mtu '1400'
set interfaces vxlan vxlan1 source-interface 'eth1'
set interfaces vxlan vxlan1 vni '12'
commit
run show interfaces vxlan vxlan1 event-log
del interfaces vxlan
commit

Smoketest result

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_service_monitoring_network_event.py 
test_network_event_log (__main__.TestMonitoringNetworkEvent.test_network_event_log) ... ok

----------------------------------------------------------------------
Ran 1 test in 6.043s

OK

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@HollyGurza HollyGurza requested a review from a team as a code owner December 3, 2024 09:25
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 3, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

@jestabro
Copy link
Contributor

As mentioned on Slack, this should be rebased over current and pushed to sync with the changes in
#4226
vyos/vyos-build#824

A local build of this PR confirms a successful build and smoketests.

@c-po
Copy link
Member

c-po commented Dec 19, 2024

Is there any downside not enabling this service by default?

@HollyGurza
Copy link
Contributor Author

Is there any downside not enabling this service by default?

at least, you must remember to turn it on to analyze some situations and reproduce these? otherwise logs will not stored.
I'm not sure if this should be enabled by default

dmbaturin
dmbaturin requested changes Jan 6, 2025
View reviewed changes
Copy link
Member

@dmbaturin dmbaturin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a bunch of suggestions for improvement.

op-mode-definitions/include/show-interface-type-event-log.xml.i Outdated Show resolved Hide resolved
op-mode-definitions/include/show-interface-type-event-log.xml.i Outdated
<properties>
<help>Show log for route network events</help>
</properties>
<command>journalctl --no-hostname --boot --unit vyos-network-event-logger.service | grep "$(echo "\[$6\]" | tr '[:lower:]' '[:upper:]')" | grep "\b$4\b"</command>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The journalctl command is duplicated a lot here. Should we make it a script?

I'm also not convinced about the value of the tr call here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is too simple a command to make a script, in the case of a script we will also duplicate the script call with approximately the same parameters

op-mode-definitions/include/show-interface-type-event-log.xml.i Outdated Show resolved Hide resolved
interface-definitions/service_monitoring_network_event.xml.in
<interfaceDefinition>
<node name="service">
<children>
<node name="monitoring">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably make a skeleton node for monitoring and include everything else into it, although it's a topic for a different PR.

src/services/vyos-network-event-logger Outdated
logger.setLevel(logging.INFO)


# https://github.com/torvalds/linux/blob/adc218676eef25575469234709c2d87185ca223a/include/uapi/linux/neighbour.h#L46
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we move the constants to a separate module? There may be more places in the future where they might be useful for handling netlink events.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved a few constants to the vyos library, but it would probably be better to make a PR for the pyroute2 library in future

op-mode-definitions/include/show-interface-type-event-log.xml.i Outdated Show resolved Hide resolved
op-mode-definitions/show-log.xml.in Outdated Show resolved Hide resolved
op-mode-definitions/show-log.xml.in Outdated Show resolved Hide resolved
op-mode-definitions/show-log.xml.in Outdated Show resolved Hide resolved
op-mode-definitions/show-log.xml.in Outdated Show resolved Hide resolved
@c-po
Copy link
Member

c-po commented Jan 8, 2025

Another reason for having this running always in the background:

From FRR show interface eth0

Interface eth0 is up, line protocol is up
  Link ups:       1    last: 2025/01/08 08:03:49.20
  Link downs:     0    last: (never)

@HollyGurza
T6641: Add vyos-network-event-logger Service
392e545 
The service parses and logs network events for improved monitoring and diagnostics.
Supported event types include:

- `RTM_NEWROUTE`, `RTM_DELROUTE`
- `RTM_NEWLINK`, `RTM_DELLINK`
- `RTM_NEWADDR`, `RTM_DELADDR`
- `RTM_NEWNEIGH`, `RTM_DELNEIGH`, `RTM_GETNEIGH`
- `RTM_NEWRULE`, `RTM_DELRULE`

Added operational mode commands for filtered log retrieval:
- `show log network-event <event-type> <interface>`: Retrieve logs filtered by event type and interface.
- `show interfaces <type> <name> event-log <event-type>`: Display interface-specific logs filtered by event type.
@HollyGurza HollyGurza requested a review from dmbaturin January 16, 2025 10:46
@github-actions GitHub Actions
Copy link

CI integration ❌ failed!

Details

CI logs

  • CLI Smoketests (no interfaces) 👍 passed
  • CLI Smoketests (interfaces only) ❌ failed
  • Config tests 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

sever-sever
sever-sever requested changes Jan 17, 2025
View reviewed changes
op-mode-definitions/include/log/network-event-type-interface.xml.i
@@ -0,0 +1,11 @@
<!-- included start from isis-common.xml.i -->
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does it relate to isis-common?

src/services/vyos-network-event-logger
Comment on lines +1066 to +1067
# rtnl.RTM_NEWADDRLABEL: {'parser': AddrlabelFormatter, 'event': 'addrlabel'},
# rtnl.RTM_DELADDRLABEL: {'parser': AddrlabelFormatter, 'event': 'addrlabel'},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this?

src/services/vyos-network-event-logger
Comment on lines +1074 to +1075
# rtnl.RTM_NEWNETCONF: {'parser': NetconfFormatter, 'event': 'netconf'},
# rtnl.RTM_DELNETCONF: {'parser': NetconfFormatter, 'event': 'netconf'},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sever-sever sever-sever sever-sever requested changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

@c-po c-po Awaiting requested review from c-po c-po was automatically assigned from vyos/reviewers

@nicolas-fort nicolas-fort Awaiting requested review from nicolas-fort nicolas-fort was automatically assigned from vyos/reviewers

@fett0 fett0 Awaiting requested review from fett0 fett0 is a code owner

@dmbaturin dmbaturin Awaiting requested review from dmbaturin dmbaturin is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@HollyGurza HollyGurza

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@HollyGurza @jestabro @c-po @dmbaturin @sever-sever