Enhancements to Syslog Integration

At NetBeez, we are committed to providing seamless and customizable experiences for our customers. We wanted to keep you informed regarding some minor changes to the syslog integration payloads, aimed at enhancing flexibility and usability. The following post outlines these changes, and we invite feedback from those who use or plan to use this integration in the future.

Notification Types

The new syslog format will support three distinct notification types:

  1. Agent Device Alerts: Notifications related to the status of various agents.
  2. Test Alerts from Targets or WiFi Networks: Alerts triggered by tests on specific targets or WiFi networks.
  3. Agent, Target, and WiFi Incidents: Notifications related to incidents across various entities.

We have included an option to enable or disable these notifications to ensure that you only receive the ones you need.

Changes

Alerts

Test Alerts

We have restructured Test Alerts to provide clearer and more meaningful data. The changes include:

Before:

The previous format contained information such as the alert timestamp, severity, source agent name, target, and more.

Aug 15 00:09:00 8a09228aed80 nbmsg_master[30]: {
  "name":"netbeez-alert-stream",
  "hostname":"8a09228aed80",
  "pid":30,
  "level":30,
  "payload":{
    "alert_date_time":"Mon Aug 14 2023 20:08:58 GMT-0400 (Eastern Daylight Time)",
    "severity":6,
    "source_agent_name":"dev-testing",
    "target":"drive.google.com",
    "message":"Alert cleared",
    "test_type":"PingTest",
    "alert_ts":1692058138156
  },
  "msg":"",
  "time":"2023-08-15T00:09:00.270Z","v":0
}
After:

The new format introduces a specific notification type, your BeezKeeper’s actual hostname (as listed in the license), and a revised payload structure that includes an alert ID, destination, and the Target name.

Aug 16 13:53:00 192.168.86.49 netbeez-beezkeeper: {
  "name":"netbeez-notification-stream",
  "notification_type":"alert",
  "hostname":"192.168.86.49",
  "level":"50",
  "payload":{
    "alert_id":38673,
    "severity":1,
    "source_agent_name":"dev-testing",
    "target":"Google Workspace",
    "destination":"Main Portal (https://workspace.google.com)",
    "message":"Alert error message",
    "test_type":"HttpTest",
    "alert_ts":1692208378220
  },
  "msg":"",
  "time":"2023-08-16T13:53:00.729-04:00"
}

Device Alerts

We have also refined the Device Alerts to provide more clarity:

Before:

The old format included the severity, source agent name, target, and other details.

Aug  2 14:26:29 b5cdc5265542 nbmsg_master[30]: {
  "name":"netbeez-alert-stream",
  "hostname":"b5cdc5265542",
  "pid":30,
  "level":50,
  "payload":{
    "severity":1,
    "source_agent_name":"dev-testing",
    "target":null,
    "message":"Agent Unreachable",
    "test_type":"",
    "alert_ts":1690986389587
  },
  "msg":"",
  "time":"2023-08-02T14:26:29.881Z",
  "v":0
}
After:

The new format introduces a new stream name, your BeezKeeper’s hostname, and includes the agent’s IP and port details.

Aug 15 10:20:23 192.168.86.49 netbeez-beezkeeper: {
  "name":"netbeez-notification-stream",
  "notification_type":"device_alert",
  "hostname":"192.168.86.49",
  "level":"50",
  "payload":{
    "alert_id":31921,
    "severity":1,
    "source_agent_name":"[172.17.0.2-47:21]",
    "target":null,
    "destination":null,
    "message":"Agent Unreachable",
    "test_type":"",
    "alert_ts":1692098867971
  },
  "msg":"",
  "time":"2023-08-15T10:20:23.354-04:00"
}

Incidents

Incident notifications have been overhauled to be more descriptive and actionable:

Before:

The previous incident messages included the incident ID and reporting entity information.

Aug  2 18:36:19 b5cdc5265542 nbmsg_master[30]: {
  "name":"netbeez-alert-stream",
  "hostname":"b5cdc5265542",
  "pid":30,
  "level":30,
  "payload":{
    "id":305,
    "incident_reporting_entity_type":"WifiProfile",
    "incident_reporting_entity_id":1
  },
  "msg":"",
  "time":"2023-08-02T18:36:19.766Z",
  "v":0
}

After:

The new format introduces a notification type specifically for incidents and includes event ID, event timestamp, event type, and a more detailed event message. This change aims to provide a comprehensive view of the incident.

Aug 16 13:55:22 192.168.86.49 netbeez-beezkeeper: {
  "name":"netbeez-notification-stream",
  "notification_type":"incident",
  "hostname":"192.168.86.49",
  "level":"50",
  "payload":{
    "event_id":"6676-1692208521492",
    "event_timestamp":1692208521492,
    "event_type":"INCIDENT_OPEN",
    "event_message":"3 out of 3 (100%) Dns tests have issues.\n",
    "incident_reporting_entity_type":"Agent",
    "incident_reporting_entity_id":2,
    "incident_reporting_entity_name":"dev-testing"
  },
  "msg":"",
  "time":"2023-08-16T13:55:22.746-04:00"
}

Conclusion

These enhancements to our syslog integration reflect our commitment to continuous improvement and customer-centric innovation and will be released with version 13 in September. We believe these changes will offer a more streamlined and efficient experience for those who rely on our syslog notifications.

We earnestly request from those currently using and those planning to use this integration in the future to review these changes and provide feedback. Your insights are vital to our continuous growth and alignment with your needs.

For any queries or feedback, please reach out to our support team. We are here to assist you. Please note that this is work in progress so some more changes may come up in the near future.

2 Likes