Skip to content

ANTA catalog for logging tests

VerifyLoggingAccounting

Verifies if AAA accounting logs are generated.

Expected Results
  • Success: The test will pass if AAA accounting logs are generated.
  • Failure: The test will fail if AAA accounting logs are NOT generated.
Examples 
anta.tests.logging:
  - VerifyLoggingAccounting:
Source code in anta/tests/logging.py 
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
class VerifyLoggingAccounting(AntaTest):
    """Verifies if AAA accounting logs are generated.

    Expected Results
    ----------------
    * Success: The test will pass if AAA accounting logs are generated.
    * Failure: The test will fail if AAA accounting logs are NOT generated.

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingAccounting:
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [AntaCommand(command="show aaa accounting logs | tail", ofmt="text")]

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingAccounting."""
        pattern = r"cmd=show aaa accounting logs"
        output = self.instance_commands[0].text_output
        if re.search(pattern, output):
            self.result.is_success()
        else:
            self.result.is_failure("AAA accounting logs are not generated")

VerifyLoggingErrors

Verifies there are no syslog messages with a severity of ERRORS or higher.

Expected Results
  • Success: The test will pass if there are NO syslog messages with a severity of ERRORS or higher.
  • Failure: The test will fail if ERRORS or higher syslog messages are present.
Examples 
anta.tests.logging:
  - VerifyLoggingErrors:
Source code in anta/tests/logging.py 
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
class VerifyLoggingErrors(AntaTest):
    """Verifies there are no syslog messages with a severity of ERRORS or higher.

    Expected Results
    ----------------
      * Success: The test will pass if there are NO syslog messages with a severity of ERRORS or higher.
      * Failure: The test will fail if ERRORS or higher syslog messages are present.

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingErrors:
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [AntaCommand(command="show logging threshold errors", ofmt="text")]

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingErrors."""
        command_output = self.instance_commands[0].text_output

        if len(command_output) == 0:
            self.result.is_success()
        else:
            self.result.is_failure("Device has reported syslog messages with a severity of ERRORS or higher")

VerifyLoggingHostname

Verifies if logs are generated with the device FQDN.

This test performs the following checks:

  1. Retrieves the device’s configured FQDN
  2. Sends a test log message at the informational level
  3. Retrieves the most recent logs (last 30 seconds)
  4. Verifies that the test message includes the complete FQDN of the device

Warning

EOS logging buffer should be set to severity level informational or higher for this test to work.

Expected Results
  • Success: If logs are generated with the device’s complete FQDN.
  • Failure: If any of the following occur:
    • The test message is not found in recent logs
    • The log message does not include the device’s FQDN
    • The FQDN in the log message doesn’t match the configured FQDN
Examples 
anta.tests.logging:
  - VerifyLoggingHostname:
Source code in anta/tests/logging.py 
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
class VerifyLoggingHostname(AntaTest):
    """Verifies if logs are generated with the device FQDN.

    This test performs the following checks:

      1. Retrieves the device's configured FQDN
      2. Sends a test log message at the **informational** level
      3. Retrieves the most recent logs (last 30 seconds)
      4. Verifies that the test message includes the complete FQDN of the device

    !!! warning
          EOS logging buffer should be set to severity level `informational` or higher for this test to work.

    Expected Results
    ----------------
    * Success: If logs are generated with the device's complete FQDN.
    * Failure: If any of the following occur:
        - The test message is not found in recent logs
        - The log message does not include the device's FQDN
        - The FQDN in the log message doesn't match the configured FQDN

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingHostname:
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [
        AntaCommand(command="show hostname", revision=1),
        AntaCommand(command="send log level informational message ANTA VerifyLoggingHostname validation", ofmt="text"),
        AntaCommand(command="show logging informational last 30 seconds | grep ANTA", ofmt="text", use_cache=False),
    ]

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingHostname."""
        output_hostname = self.instance_commands[0].json_output
        output_logging = self.instance_commands[2].text_output
        fqdn = output_hostname["fqdn"]
        lines = output_logging.strip().split("\n")[::-1]
        log_pattern = r"ANTA VerifyLoggingHostname validation"
        last_line_with_pattern = ""
        for line in lines:
            if re.search(log_pattern, line):
                last_line_with_pattern = line
                break
        if fqdn in last_line_with_pattern:
            self.result.is_success()
        else:
            self.result.is_failure("Logs are not generated with the device FQDN")

VerifyLoggingHosts

Verifies logging hosts (syslog servers) for a specified VRF.

Expected Results
  • Success: The test will pass if the provided syslog servers are configured in the specified VRF.
  • Failure: The test will fail if the provided syslog servers are NOT configured in the specified VRF.
Examples 
anta.tests.logging:
  - VerifyLoggingHosts:
      hosts:
        - 1.1.1.1
        - 2.2.2.2
      vrf: default

Inputs

Name Type Description Default
hosts list[IPv4Address]
List of hosts (syslog servers) IP addresses.
-
vrf str
The name of the VRF to transport log messages. Defaults to `default`.
'default'
Source code in anta/tests/logging.py 
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
class VerifyLoggingHosts(AntaTest):
    """Verifies logging hosts (syslog servers) for a specified VRF.

    Expected Results
    ----------------
    * Success: The test will pass if the provided syslog servers are configured in the specified VRF.
    * Failure: The test will fail if the provided syslog servers are NOT configured in the specified VRF.

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingHosts:
          hosts:
            - 1.1.1.1
            - 2.2.2.2
          vrf: default
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [AntaCommand(command="show logging", ofmt="text")]

    class Input(AntaTest.Input):
        """Input model for the VerifyLoggingHosts test."""

        hosts: list[IPv4Address]
        """List of hosts (syslog servers) IP addresses."""
        vrf: str = "default"
        """The name of the VRF to transport log messages. Defaults to `default`."""

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingHosts."""
        output = self.instance_commands[0].text_output
        not_configured = []
        for host in self.inputs.hosts:
            pattern = rf"Logging to '{host!s}'.*VRF {self.inputs.vrf}"
            if not re.search(pattern, _get_logging_states(self.logger, output)):
                not_configured.append(str(host))

        if not not_configured:
            self.result.is_success()
        else:
            self.result.is_failure(f"Syslog servers {not_configured} are not configured in VRF {self.inputs.vrf}")

VerifyLoggingLogsGeneration

Verifies if logs are generated.

This test performs the following checks:

  1. Sends a test log message at the informational level
  2. Retrieves the most recent logs (last 30 seconds)
  3. Verifies that the test message was successfully logged

Warning

EOS logging buffer should be set to severity level informational or higher for this test to work.

Expected Results
  • Success: If logs are being generated and the test message is found in recent logs.
  • Failure: If any of the following occur:
    • The test message is not found in recent logs
    • The logging system is not capturing new messages
    • No logs are being generated
Examples 
anta.tests.logging:
  - VerifyLoggingLogsGeneration:
Source code in anta/tests/logging.py 
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
class VerifyLoggingLogsGeneration(AntaTest):
    """Verifies if logs are generated.

    This test performs the following checks:

      1. Sends a test log message at the **informational** level
      2. Retrieves the most recent logs (last 30 seconds)
      3. Verifies that the test message was successfully logged

    !!! warning
        EOS logging buffer should be set to severity level `informational` or higher for this test to work.

    Expected Results
    ----------------
    * Success: If logs are being generated and the test message is found in recent logs.
    * Failure: If any of the following occur:
        - The test message is not found in recent logs
        - The logging system is not capturing new messages
        - No logs are being generated

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingLogsGeneration:
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [
        AntaCommand(command="send log level informational message ANTA VerifyLoggingLogsGeneration validation", ofmt="text"),
        AntaCommand(command="show logging informational last 30 seconds | grep ANTA", ofmt="text", use_cache=False),
    ]

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingLogsGeneration."""
        log_pattern = r"ANTA VerifyLoggingLogsGeneration validation"
        output = self.instance_commands[1].text_output
        lines = output.strip().split("\n")[::-1]
        for line in lines:
            if re.search(log_pattern, line):
                self.result.is_success()
                return
        self.result.is_failure("Logs are not generated")

VerifyLoggingPersistent

Verifies if logging persistent is enabled and logs are saved in flash.

Expected Results
  • Success: The test will pass if logging persistent is enabled and logs are in flash.
  • Failure: The test will fail if logging persistent is disabled or no logs are saved in flash.
Examples 
anta.tests.logging:
  - VerifyLoggingPersistent:
Source code in anta/tests/logging.py 
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
class VerifyLoggingPersistent(AntaTest):
    """Verifies if logging persistent is enabled and logs are saved in flash.

    Expected Results
    ----------------
    * Success: The test will pass if logging persistent is enabled and logs are in flash.
    * Failure: The test will fail if logging persistent is disabled or no logs are saved in flash.

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingPersistent:
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [
        AntaCommand(command="show logging", ofmt="text"),
        AntaCommand(command="dir flash:/persist/messages", ofmt="text"),
    ]

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingPersistent."""
        self.result.is_success()
        log_output = self.instance_commands[0].text_output
        dir_flash_output = self.instance_commands[1].text_output
        if "Persistent logging: disabled" in _get_logging_states(self.logger, log_output):
            self.result.is_failure("Persistent logging is disabled")
            return
        pattern = r"-rw-\s+(\d+)"
        persist_logs = re.search(pattern, dir_flash_output)
        if not persist_logs or int(persist_logs.group(1)) == 0:
            self.result.is_failure("No persistent logs are saved in flash")

VerifyLoggingSourceIntf

Verifies logging source-interface for a specified VRF.

Expected Results
  • Success: The test will pass if the provided logging source-interface is configured in the specified VRF.
  • Failure: The test will fail if the provided logging source-interface is NOT configured in the specified VRF.
Examples 
anta.tests.logging:
  - VerifyLoggingSourceIntf:
      interface: Management0
      vrf: default

Inputs

Name Type Description Default
interface str
Source-interface to use as source IP of log messages.
-
vrf str
The name of the VRF to transport log messages. Defaults to `default`.
'default'
Source code in anta/tests/logging.py 
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
class VerifyLoggingSourceIntf(AntaTest):
    """Verifies logging source-interface for a specified VRF.

    Expected Results
    ----------------
    * Success: The test will pass if the provided logging source-interface is configured in the specified VRF.
    * Failure: The test will fail if the provided logging source-interface is NOT configured in the specified VRF.

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingSourceIntf:
          interface: Management0
          vrf: default
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [AntaCommand(command="show logging", ofmt="text")]

    class Input(AntaTest.Input):
        """Input model for the VerifyLoggingSourceIntf test."""

        interface: str
        """Source-interface to use as source IP of log messages."""
        vrf: str = "default"
        """The name of the VRF to transport log messages. Defaults to `default`."""

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingSourceIntf."""
        output = self.instance_commands[0].text_output
        pattern = rf"Logging source-interface '{self.inputs.interface}'.*VRF {self.inputs.vrf}"
        if re.search(pattern, _get_logging_states(self.logger, output)):
            self.result.is_success()
        else:
            self.result.is_failure(f"Source-interface '{self.inputs.interface}' is not configured in VRF {self.inputs.vrf}")

VerifyLoggingTimestamp

Verifies if logs are generated with the appropriate timestamp.

This test performs the following checks:

  1. Sends a test log message at the informational level
  2. Retrieves the most recent logs (last 30 seconds)
  3. Verifies that the test message is present with a high-resolution RFC3339 timestamp format
    • Example format: 2024-01-25T15:30:45.123456+00:00
    • Includes microsecond precision
    • Contains timezone offset

Warning

EOS logging buffer should be set to severity level informational or higher for this test to work.

Expected Results
  • Success: If logs are generated with the correct high-resolution RFC3339 timestamp format.
  • Failure: If any of the following occur:
    • The test message is not found in recent logs
    • The timestamp format does not match the expected RFC3339 format
Examples 
anta.tests.logging:
  - VerifyLoggingTimestamp:
Source code in anta/tests/logging.py 
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
class VerifyLoggingTimestamp(AntaTest):
    """Verifies if logs are generated with the appropriate timestamp.

    This test performs the following checks:

      1. Sends a test log message at the **informational** level
      2. Retrieves the most recent logs (last 30 seconds)
      3. Verifies that the test message is present with a high-resolution RFC3339 timestamp format
        - Example format: `2024-01-25T15:30:45.123456+00:00`
        - Includes microsecond precision
        - Contains timezone offset

    !!! warning
          EOS logging buffer should be set to severity level `informational` or higher for this test to work.

    Expected Results
    ----------------
    * Success: If logs are generated with the correct high-resolution RFC3339 timestamp format.
    * Failure: If any of the following occur:
        - The test message is not found in recent logs
        - The timestamp format does not match the expected RFC3339 format

    Examples
    --------
    ```yaml
    anta.tests.logging:
      - VerifyLoggingTimestamp:
    ```
    """

    categories: ClassVar[list[str]] = ["logging"]
    commands: ClassVar[list[AntaCommand | AntaTemplate]] = [
        AntaCommand(command="send log level informational message ANTA VerifyLoggingTimestamp validation", ofmt="text"),
        AntaCommand(command="show logging informational last 30 seconds | grep ANTA", ofmt="text", use_cache=False),
    ]

    @AntaTest.anta_test
    def test(self) -> None:
        """Main test function for VerifyLoggingTimestamp."""
        log_pattern = r"ANTA VerifyLoggingTimestamp validation"
        timestamp_pattern = r"\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{6}[+-]\d{2}:\d{2}"
        output = self.instance_commands[1].text_output
        lines = output.strip().split("\n")[::-1]
        last_line_with_pattern = ""
        for line in lines:
            if re.search(log_pattern, line):
                last_line_with_pattern = line
                break
        if re.search(timestamp_pattern, last_line_with_pattern):
            self.result.is_success()
        else:
            self.result.is_failure("Logs are not generated with the appropriate timestamp format")

_get_logging_states 

_get_logging_states(
    logger: logging.Logger, command_output: str
) -> str

Parse show logging output and gets operational logging states used in the tests in this module.

Parameters:

Name Type Description Default
logger Logger

The logger object.

 required
command_output str

The show logging output.

 required

Returns:

Type Description
str

The operational logging states.
Source code in anta/tests/logging.py 
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
def _get_logging_states(logger: logging.Logger, command_output: str) -> str:
    """Parse `show logging` output and gets operational logging states used in the tests in this module.

    Parameters
    ----------
    logger
        The logger object.
    command_output
        The `show logging` output.

    Returns
    -------
    str
        The operational logging states.

    """
    log_states = command_output.partition("\n\nExternal configuration:")[0]
    logger.debug("Device logging states:\n%s", log_states)
    return log_states