cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4654
Views
15
Helpful
5
Replies

Event Streams

ericl42
Level 1
Level 1

Hello,

 

Previously I was using the AMP API and just pulling down all events on a 10 minute interval but it's not a very pretty process since you have to set bookmarks whenever you pull down the data. Therefore I'd like to move to the event stream process but I'm not as familiar with AMQPS and was wondering if anyone has some examples I could use. 

 

I've already setup the event stream on AMP's side with all of the relevant groups/IDs that I want. My issue now is figuring out how to pull down that data and put it into my syslog server. I've taken a look at some Python Pika code but still struggling through it right now so any help would be greatly appreciated.

1 Accepted Solution

Accepted Solutions

majacob2
Cisco Employee
Cisco Employee
ericl42,

I might have something to help. I work in TAC and I have a github with python code for this particular purpose. This code is something we designed in TAC, but is provided as-is.

https://github.com/walbit/AMP_API

There is a readme and some instructions for the additional libraries needed. I hope this helps you out!

View solution in original post

5 Replies 5

neipatel
Cisco Employee
Cisco Employee

ericl42,

 

Check out the code @ https://github.com/QuiLoxx/ATS-APIs/tree/master/amp4e/neipatel_event-stream

 

That is a functional example which dumps event data do the screen from AMP for endpoints, that may be a start and instead of dumping to the screen it could be adapted to push via syslog.

neipatel,

 

Thanks for the link. One quick question regarding the parameters.json file. Is there a way for me to use the same original API call I created for this? Basically I want all groups and all event IDs and I was able to do that with the string below. I didn't know if I could put in all event names and all groups names with your code and it accept it.

 

curl -X POST \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'authorization: Basic XXXXXXXXXXXXXXXXX' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-d '{"name":"Syslog_Feed","event_type":[553648130, 554696714, 554696715, 1091567628, 2165309453, 1090519054, 553648143, 2164260880, 553648145, 570425394, 553648149, 2164260884, 2181038130, 553648152, 2164260889, 553648151, 553648154, 553648155, 2164260892, 2164260893, 553648158, 2164260895, 553648166, 2164260903, 1003, 1004, 1005, 2164260866, 553648146, 553648147, 553648168, 553648150, 570425396, 570425397, 570425398, 570425399, 1090524040, 1090524041, 1090519084, 1107296257, 1107296258, 1107296260, 1107296261, 1107296262, 1107296263, 1107296264, 1107296265, 1107296266, 1107296267, 1107296268, 1107296269, 1107296270, 1107296271, 1107296272, 1107296273, 553648170, 553648171, 1107296274, 1107296275, 1107296276, 553648173, 2164260910, 554696756, 554696757, 1091567670, 2165309495, 2164260914, 553648179, 2164260911, 553648176, 1090519089, 1107296277, 1107296278, 1107296279, 1107296280, 1107296281, 1107296282, 1090519096, 1090519097, 2164260922, 553648137, 553648135, 553648136, 1107296284, 1107296283, 1090519103, 2164260931, 1090519107, 553648195, 553648196, 553648197, 1090519081, 1090519105]}' \
-u YYYYYYYYYYYYYY \
'https://api.amp.cisco.com/v1/event_streams'

Pull the code down again from the github, it can handle multiple events enter them in the parameters.json as you see in the readme (as an array). And make sure the value for "id_or_name" is equal to "id".

majacob2
Cisco Employee
Cisco Employee
ericl42,

I might have something to help. I work in TAC and I have a github with python code for this particular purpose. This code is something we designed in TAC, but is provided as-is.

https://github.com/walbit/AMP_API

There is a readme and some instructions for the additional libraries needed. I hope this helps you out!

Thank you very much. That is exactly what I needed. I made a slight modification to send it only to syslog and from there I'll have syslog-ng pick it up.

 

 

my_logger = logging.getLogger('MyLogger')
my_logger.setLevel(logging.INFO)
handler = logging.handlers.SysLogHandler(address = '/dev/log')
my_logger.addHandler(handler)

def callback(ch, method, properties, body):
    my_logger.info(body)

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: