Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T6641: Add vyos-network-event-logger Service #4216

Open
wants to merge 1 commit into
base: current
Choose a base branch
from
Open

T6641: Add vyos-network-event-logger Service #4216

wants to merge 1 commit into from

Conversation

HollyGurza
Copy link
Contributor

The service parses and logs network events for improved monitoring and diagnostics. Supported event types include:

  • RTM_NEWROUTE, RTM_DELROUTE
  • RTM_NEWLINK, RTM_DELLINK
  • RTM_NEWADDR, RTM_DELADDR
  • RTM_NEWNEIGH, RTM_DELNEIGH, RTM_GETNEIGH
  • RTM_NEWRULE, RTM_DELRULE

Added operational mode commands for filtered log retrieval:

  • show log network-event <event-type> <interface>: Retrieve logs filtered by event type and interface.
  • show interfaces <type> <name> event-log <event-type>: Display interface-specific logs filtered by event type.

Change Summary

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

Proposed changes

log examples:

run show log network-event interface eth1

Dec 03 09:23:34 vyos-network-event-logger[21158]: [LINK]   3: eth1:  <BROADCAST,MULTICAST>  mtu 1500  qdisc fq_codel  state DOWN  group 0  link/ether 0c:89:0a:2e:00:01  brd ff:ff:ff:ff:ff:ff  [altname enp0s4] [altname ens4]
Dec 03 09:23:34 vyos-network-event-logger[21158]: [NEIGH]  Deleted  ff02::16  dev eth1 lladdr 33:33:00:00:00:16    NOARP
Dec 03 09:23:40 vyos-network-event-logger[21158]: [LINK]   3: eth1:  <BROADCAST,MULTICAST,UP,LOWER_UP>  mtu 1500  qdisc fq_codel  state UP  group 0  link/ether 0c:89:0a:2e:00:01  brd ff:ff:ff:ff:ff:ff  [altname enp0s4] [altname ens4]
Dec 03 09:23:40 vyos-network-event-logger[21158]: [ROUTE]  broadcast 10.0.0.255 tos 0  dev eth1 table local proto kernel scope link src 10.0.0.1
Dec 03 09:23:40 vyos-network-event-logger[21158]: [ROUTE]  unicast 10.0.0.0/24 tos 0  dev eth1 table main proto kernel scope link src 10.0.0.1
Dec 03 09:23:40 vyos-network-event-logger[21158]: [ROUTE]  multicast ff00::/8 tos 0  dev eth1 table local proto kernel metric 256  pref medium

How to test

To check the correct parsing you can use logs from ip monitor label
configure network-event logger to listen events:

conf
set service monitoring network-event event addr
set service monitoring network-event event link
set service monitoring network-event event neigh
set service monitoring network-event event route
set service monitoring network-event event rule
commit

you can use IP utils to manipulate the interface and check logs or use some set interface * commands e.g.

generate pki ca install test_ca

conf
set interfaces bonding bond1 address 11.11.11.11/32
commit
run show interfaces bonding bond1 event-log
del interfaces bonding bond1
commit

set interfaces bridge br1 address 11.11.11.11/32
commit
run show interfaces bridge br1 event-log
del interfaces bridge br1
commit

set interfaces dummy dum1 address 11.11.11.11/32
commit
run show interfaces dummy dum1  event-log
del interfaces dummy dum1
commit

sudo ip link set down dev eth1
sudo ip link set up dev eth1
run show interfaces ethernet eth1 event-log

set interfaces geneve gnv1  address 11.11.11.11/32
set interfaces geneve gnv1 remote 127.0.0.1
set interfaces geneve gnv1 vni 10
commit
run show interfaces geneve gnv1 event-log
del interfaces geneve gnv1
commit

set interfaces input ifb1 redirect eth1
commit
run show interfaces input ifb1  event-log
del interfaces input ifb1
commit

set interfaces loopback lo address 11.11.11.11/32
commit
run show interfaces loopback lo event-log
del interfaces loopback lo address
commit

set interfaces macsec macsec1 address '11.11.11.11/32'
set interfaces macsec macsec1 security cipher 'gcm-aes-128'
set interfaces macsec macsec1 source-interface 'eth1'
commit
run show interfaces macsec macsec1 event-log
del interfaces macsec macsec1
commit

set interfaces pseudo-ethernet peth1 address '11.11.11.11/32'
set interfaces pseudo-ethernet peth1 source-interface 'eth1'
commit
run show interfaces pseudo-ethernet peth1 event-log
del interfaces pseudo-ethernet peth1
commit

set interfaces sstpc sstpc1 server '127.0.0.1'
set interfaces sstpc sstpc1 ssl ca-certificate 'test_ca'
commit
run show interfaces sstpc sstpc1 event-log
del interfaces sstpc sstpc1
commit

set interfaces tunnel tun1 address '11.11.11.11/32'
set interfaces tunnel tun1 encapsulation 'gre'
set interfaces tunnel tun1 source-interface 'eth1'
commit
run show interfaces tunnel tun1 event-log
del interfaces tunnel tun1
commit

set interfaces virtual-ethernet veth1 address '11.11.11.11/32'
set interfaces virtual-ethernet veth1 peer-name 'veth2'
set interfaces virtual-ethernet veth2 peer-name 'veth1'
commit
run show interfaces virtual-ethernet veth1 event-log
del interfaces virtual-ethernet veth1
del interfaces virtual-ethernet veth2
commit

set interfaces vti vti1 address 11.11.11.11/32
commit
run show interfaces vti vti1 event-log
del interfaces vti vti1
commit

set interfaces vxlan vxlan1 address '11.11.11.11/32'
set interfaces vxlan vxlan1 mtu '1400'
set interfaces vxlan vxlan1 source-interface 'eth1'
set interfaces vxlan vxlan1 vni '12'
commit
run show interfaces vxlan vxlan1 event-log
del interfaces vxlan
commit

Smoketest result

vyos@vyos:~$ python3 /usr/libexec/vyos/tests/smoke/cli/test_service_monitoring_network_event.py 
test_network_event_log (__main__.TestMonitoringNetworkEvent.test_network_event_log) ... ok

----------------------------------------------------------------------
Ran 1 test in 6.043s

OK

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@HollyGurza HollyGurza requested a review from a team as a code owner December 3, 2024 09:25
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 3, 2024
edited
Loading

👍
No issues in PR Title / Commit Title

@jestabro
Copy link
Contributor

As mentioned on Slack, this should be rebased over current and pushed to sync with the changes in
#4226
vyos/vyos-build#824

A local build of this PR confirms a successful build and smoketests.

@HollyGurza
T6641: Add vyos-network-event-logger Service
b9e3eb8 
The service parses and logs network events for improved monitoring and diagnostics.
Supported event types include:

- `RTM_NEWROUTE`, `RTM_DELROUTE`
- `RTM_NEWLINK`, `RTM_DELLINK`
- `RTM_NEWADDR`, `RTM_DELADDR`
- `RTM_NEWNEIGH`, `RTM_DELNEIGH`, `RTM_GETNEIGH`
- `RTM_NEWRULE`, `RTM_DELRULE`

Added operational mode commands for filtered log retrieval:
- `show log network-event <event-type> <interface>`: Retrieve logs filtered by event type and interface.
- `show interfaces <type> <name> event-log <event-type>`: Display interface-specific logs filtered by event type.
@github-actions GitHub Actions
Copy link

CI integration ❌ failed!

Details

CI logs

  • CLI Smoketests (no interfaces) 👍 passed
  • CLI Smoketests (interfaces only) ❌ failed
  • Config tests 👍 passed
  • RAID1 tests 👍 passed
  • TPM tests 👍 passed

@c-po
Copy link
Member

c-po commented Dec 19, 2024

Is there any downside not enabling this service by default?

@HollyGurza
Copy link
Contributor Author

Is there any downside not enabling this service by default?

at least, you must remember to turn it on to analyze some situations and reproduce these? otherwise logs will not stored.
I'm not sure if this should be enabled by default

dmbaturin
dmbaturin requested changes Jan 6, 2025
View reviewed changes
Copy link
Member

@dmbaturin dmbaturin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a bunch of suggestions for improvement.

op-mode-definitions/include/show-interface-type-event-log.xml.i
<properties>
<help>Show interface network event log</help>
</properties>
<command>journalctl --no-hostname --boot --unit vyos-network-event-logger.service | grep "\b$4\b"</command>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

journalctl has a built-in --grep= option that supports PCRE, so I think there is no need to use an external filter here. The built-in will be faster and will preserve coloring, etc.

op-mode-definitions/include/show-interface-type-event-log.xml.i
<properties>
<help>Show log for route network events</help>
</properties>
<command>journalctl --no-hostname --boot --unit vyos-network-event-logger.service | grep "$(echo "\[$6\]" | tr '[:lower:]' '[:upper:]')" | grep "\b$4\b"</command>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The journalctl command is duplicated a lot here. Should we make it a script?

I'm also not convinced about the value of the tr call here.

op-mode-definitions/include/show-interface-type-event-log.xml.i
<!-- included start from show-nht.xml.i -->
<node name="event-log">
<properties>
<help>Show interface network event log</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<help>Show interface network event log</help>
<help>Show network interface change event log</help>

interface-definitions/service_monitoring_network_event.xml.in
<interfaceDefinition>
<node name="service">
<children>
<node name="monitoring">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably make a skeleton node for monitoring and include everything else into it, although it's a topic for a different PR.

src/services/vyos-network-event-logger
logger.setLevel(logging.INFO)


# https://github.com/torvalds/linux/blob/adc218676eef25575469234709c2d87185ca223a/include/uapi/linux/neighbour.h#L46
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we move the constants to a separate module? There may be more places in the future where they might be useful for handling netlink events.

op-mode-definitions/include/show-interface-type-event-log.xml.i
</leafNode>
<leafNode name="rule">
<properties>
<help>Show log for rule network events</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<help>Show log for rule network events</help>
<help>Show log for PBR rule change events</help>

op-mode-definitions/show-log.xml.in
</tagNode>
<node name="route">
<properties>
<help>Show log for route network events</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<help>Show log for route network events</help>
<help>Show log for route events</help>

op-mode-definitions/show-log.xml.in
</node>
<node name="link">
<properties>
<help>Show log for link network events</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<help>Show log for link network events</help>
<help>Show log for network link events</help>

op-mode-definitions/show-log.xml.in
</node>
<node name="addr">
<properties>
<help>Show log for addr network events</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<help>Show log for addr network events</help>
<help>Show log for network address events</help>

op-mode-definitions/show-log.xml.in
</node>
<node name="neigh">
<properties>
<help>Show log for neigh network events</help>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<help>Show log for neigh network events</help>
<help>Show log for neighbor table events</help>

@c-po
Copy link
Member

c-po commented Jan 8, 2025

Another reason for having this running always in the background:

From FRR show interface eth0

Interface eth0 is up, line protocol is up
  Link ups:       1    last: 2025/01/08 08:03:49.20
  Link downs:     0    last: (never)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmbaturin dmbaturin dmbaturin requested changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev was automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc was automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro was automatically assigned from vyos/reviewers

@c-po c-po Awaiting requested review from c-po c-po was automatically assigned from vyos/reviewers

@nicolas-fort nicolas-fort Awaiting requested review from nicolas-fort nicolas-fort was automatically assigned from vyos/reviewers

@sever-sever sever-sever Awaiting requested review from sever-sever sever-sever is a code owner

@fett0 fett0 Awaiting requested review from fett0 fett0 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@HollyGurza HollyGurza

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@HollyGurza @jestabro @c-po @dmbaturin