Question regarding profiles and parsing message

[felskrone]

Hi,

from what i gathered from testing and reading the code any message received must be

• matched to a vendor by its prefix
• must be present in a vendors profile in its own file with proper tag and variables (if required) to be properly parsed

then and only then it gets forwarded to a publisher. If any of the above it not the case, i can either configure to forward the raw message anyway, or have it discarded (the default).

So if i wanted to use napalm-logs for all our devices (Cisco, Arista, Juniper, Brocade) and have all syslogs parsed properly, i would need to have every single possible syslog message from each vendor in the vendors napalm-profile. Is that correct or am i missing something here?

[mirceaulinic]

Hi @felskrone - yes, you are correct: if you want a message to be parsed and published as a structured document, there needs to be a vendor & message profile added. We do have vendor profiles for the ones you mentioned (minus Brocade? there's a NetIron profile, but might not be compatible with other platforms).

Note however that a vast majority of the syslog messages don't really contain a lot of useful data, so I'd recommend you to check out which ones you'd require for your use case. That doesn't mean I would discourage you writing parsers for a large number of messages - on the contrary actually, please do if you are willing to. :-)

Let me know if you have any further questions.