Hi Team,
we are using aggregate function to collect all commands for a specific ssh session but recently our vendor changed the way to track session records and right now only start and stop records have the same task_id while before all records inside a session had the same task_id.
Does exit a way to work on the aggregate task to circumvent this ?
Thanks
Sep 28 10:36:26 10.143.137.30 **rosboccia** ssh xxxxxxx start task_id=359 start_time=1632825418 timezone=UTC
Sep 28 10:36:32 10.143.137.30 **rosboccia** pts/0 xxxxxxx stop task_id=177959 stop_time=1632825424 service=shell protocol=op-mode cmd=show cmd-arg=interfaces
Sep 28 10:36:51 10.143.137.30 **rosboccia** pts/1 unknown s top task_id=177970 stop_time=1632825443 service=shell protocol=conf-mode cmd=show
Sep 28 10:36:51 10.143.137.30 **rosboccia** pts/0 xxxxx stop task_id=177971 stop_time=1632825443 service=shell protocol=op-mode cmd=show cmd-arg=configuration cmd-arg=commands
Sep 28 10:37:54 10.143.137.30 **rosboccia** ssh xxxxxx stop task_id=359 stop_time=1632825506 timezone=UTC
aggregate {
task_id => "%{vyatta_ip}-%{task_id}"
code => 'if map["aggregate_commands"].nil?
map["aggregate_commands"] =
map["user_name"] = event.get("user_name")
map["config_timestamp"] = event.get("config_timestamp")
map["vyatta_ip"] = event.get("vyatta_ip")
map["from_host"] = event.get("from_host")
end
cmd_str = event.get("vyatta_cmd")
unless cmd_str.end_with? "\n"
cmd_str = cmd_str + "\n"
end
map["aggregate_commands"] << cmd_str
'
push_map_as_event_on_timeout => true
timeout_task_id_field => "task_id"
timeout => 300 # 5 minutes timeout
timeout_tags => ['_aggregatetimeout']
}