Code ExchangeSearchRepository
Search AI reposNEW
Submit project

Syslog Remediation

Log timestamp compliance check and auto-remediation for Cisco IOS/IOS-XE devices using Cisco pyATS and Genie.

This utility validates that devices are configured with the expected syslog timestamp command:

service timestamps log datetime msec localtime show-timezone

It can run a safe dry-run audit, remediate non-compliant devices, optionally save the running configuration, and export CSV compliance reports for audit evidence.

Overview

This code base uses Python, Cisco pyATS, and Genie to connect to devices from a testbed file, inspect the current service timestamps log configuration, remediate failed devices, and write a structured CSV report.

The workflow is designed for network operations teams that need a repeatable way to confirm syslog timestamp standards across a fleet of routers and switches.

Use Case Description

Accurate syslog timestamps are critical for troubleshooting, incident response, and event correlation across network infrastructure. This tool checks whether each device is using datetime-based local timestamps with milliseconds and timezone information, then applies the approved remediation command when required.

Contacts

Oluyemi Oshunkoya (yemi_o@outlook.com)

Solution Components

Python

Cisco pyATS

Cisco Genie

Unicon

CSV reporting

Repository contents

log_timestamp_remediate.py      Main CLI tool
requirements.txt                Python runtime dependencies
pyproject.toml                  Project metadata and formatting/lint configuration
LICENSE                         Apache 2.0 license
NOTICE                          Project notice
examples/testbed.example.yaml   Sanitized pyATS testbed template
testbed/                        Local testbed folder used by the default command
files/                          Generated report folder used by the script
.github/workflows/ci.yml        Lightweight GitHub Actions checks
tests/                          Unit tests for helper logic
CONTRIBUTING.md                 Contribution guidelines
SECURITY.md                     Security and responsible-use guidance

Prerequisites

  • Python 3.9 or newer
  • API/SSH reachability to the target network devices
  • Valid credentials in a pyATS/Genie testbed file
  • Cisco IOS/IOS-XE devices or compatible CLI behavior

Step 1 - Setting up the environment

This can be done either by using Cisco's pyATS Docker image or by using a local Python virtual environment.

Option A - Using the Docker Image

  1. Install Docker for your operating system:
https://docs.docker.com/get-docker/
  1. Download the latest pyATS image from Docker Hub:
docker pull ciscotestautomation/pyats:latest
  1. Run the Docker image:
docker run -it ciscotestautomation/pyats:latest /bin/bash
  1. Clone the repository:
git clone https://github.com/yzmar4real/syslog_remediation.git
  1. Change into the repository directory:
cd syslog_remediation
  1. Install the project requirements:
pip3 install -r requirements.txt

Option B - Using Git and a Python virtual environment

  1. Clone the repository:
git clone https://github.com/yzmar4real/syslog_remediation.git
  1. Change into the repository directory:
cd syslog_remediation
  1. Create a virtual environment:
python3 -m venv .venv
  1. Activate the virtual environment:
source .venv/bin/activate
  1. Install the project requirements:
python3 -m pip install --upgrade pip
python3 -m pip install -r requirements.txt

Step 2 - Defining the Testbed for devices to be audited

The script defaults to this testbed path:

testbed/testbed.yaml

Create it from the included sanitized example:

cp examples/testbed.example.yaml testbed/testbed.yaml

Edit testbed/testbed.yaml with your device hostnames, IP addresses, usernames, passwords, and connection settings.

Real testbed files are ignored by Git because they commonly contain sensitive operational data.

Step 3 - Executing the Script

Run a dry-run audit first. This checks compliance and writes a CSV report without changing device configuration:

python3 log_timestamp_remediate.py --dry-run

Run remediation:

python3 log_timestamp_remediate.py

Run remediation and save configuration after a device is confirmed compliant:

python3 log_timestamp_remediate.py --save

Usage

python3 log_timestamp_remediate.py [testbed] [options]

Arguments:

  • testbed: Optional path to a pyATS testbed YAML file. Defaults to testbed/testbed.yaml.

Options:

  • --workers <N>: Number of concurrent device workers. Default: 5.
  • --dry-run: Check compliance only. No configuration changes are made.
  • --save: Run write memory after a device is confirmed compliant.
  • --from-csv <PATH>: Re-run only devices that need attention from a previous CSV report.
  • --devices <NAME,...>: Process only the listed device names from the testbed.
  • -v, --verbose: Enable debug logging.

Examples:

# Check all devices without changes
python3 log_timestamp_remediate.py --dry-run

# Remediate all failed devices using 10 workers
python3 log_timestamp_remediate.py --workers 10

# Use a custom testbed
python3 log_timestamp_remediate.py testbed/production.yaml --dry-run

# Process only selected devices
python3 log_timestamp_remediate.py --devices router1,switch1 --dry-run

# Follow up only failed/error devices from a previous report
python3 log_timestamp_remediate.py --from-csv files/2026-06-22/log_timestamp_check/0_log_timestamp_compliance_20260622_120000.csv

Recommended workflow

  1. Run a dry run against all devices.
  2. Review the CSV report and console output.
  3. Run a targeted remediation from the dry-run CSV.
  4. Re-run dry-run mode to confirm compliance.
  5. Run with --save only when you are ready to persist the running configuration.

Example:

python3 log_timestamp_remediate.py --dry-run
python3 log_timestamp_remediate.py --from-csv files/<date>/log_timestamp_check/0_log_timestamp_compliance_<timestamp>.csv --save
python3 log_timestamp_remediate.py --dry-run

Output

CSV reports are written to:

files/<YYYY-MM-DD>/log_timestamp_check/<run_number>_log_timestamp_compliance_<timestamp>.csv

The CSV includes:

  • device
  • initial status and configuration
  • remediation status
  • final status and configuration
  • save status
  • sample log entry
  • connection errors

Safety notes

This tool can modify network device configuration. Always run --dry-run first and verify the target testbed before remediation.

Use --save carefully. It persists successful remediation by issuing write memory after a device is confirmed compliant.

The repository intentionally ignores generated reports and local testbed files because they may contain hostnames, addresses, usernames, or other sensitive operational details.

License

This project is licensed under the Apache License, Version 2.0. See LICENSE for details.

View code on GitHub
Related code repos

    Code Exchange Community

    Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
    Disclaimer:
    Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.