HomeGuidesAPI Reference
GuidesAPI ReferenceGitHubAirheads Developer CommunityLog In

StackStorm with Ansible and Syslog

StackStorm differs from other automation tools in the sense that it was not designed for endpoint configuration or communication, but in conjunction with tools like Ansible, StackStorm becomes a catalyst for creating efficient and intelligent workflows. In this example we'll show how easy it is to execute an Ansible playbook in the event of an interface link coming up on an AOS-CX switch.


  • AOS-CX Switch
  • latest release version
  • Ansible Engine
  • If you're new to using Ansible it's recommended to walk through Getting Started with Ansible.
  • StackStorm
  • Have the following packs installed:
  • aoscx
  • core
    • should already be installed
    • verify with st2 pack list
  • Syslog server
    • following syslog install instructions for your Linux distribution

Syslog Server Configuration

In this workflow StackStorm is reading a syslog message file and based on matching on a text pattern that we set in StackStorm, an Ansible playbook will be executed. It's best practice to have our switch syslog messages being sent to a specific file so we know exactly what file to look for and it's not being overloaded with other messages. For CentOS 8 machines, after installing the rsyslog server for your add the following to your rsyslog configuration file /etc/rsyslog.conf:
if $fromhost-ip startswith '10.100' then /var/log/switch-log.log

Ansible Playbook and Inventory

In this workflow we're using Ansible and the AOS-CX Collection. For the inventory file, ensure it's specifying any required variables for the AOS-CX collection as well as any additional variables you desire for your workflow. In this example we're keeping it simple by configuring a VLAN on the switch, so we include the variable uplink_vlan to be later used in the playbook:

      ansible_user: admin
      ansible_password: password
      ansible_connection: httpapi  # REST API connection method
      ansible_network_os: arubanetworks.aoscx.aoscx
      ansible_httpapi_validate_certs: False
      ansible_httpapi_use_ssl: True
      ansible_acx_no_proxy: True
      uplink_vlan: 200 						 # To be used by playbook

Next define the playbook, in this case we're using the aoscx_vlan module to configure a VLAN on the switch:

-  hosts: all
     - arubanetworks.aoscx
     - name: Create VLAN on CX Switch
        vlan_id: "{{uplink_vlan}}"
        description: Uplink_VLAN

Define the StackStorm Rule and Trigger

Now that we have our Syslog server and Ansible set up, it's time to define our StackStorm rule and trigger that will execute the playbook upon a matched condition. We use regular expression to match on a specific syslog message regarding if an interface Link comes up, then for our action we use the core.remote action which allows us to SSH into our Ansible Tower machine and execute a tower-cli command to run an Ansible playbook.

Here's an example of the syslog message AOS-CX sends when an interface link is up:
2020-08-23T18:48:37.102022-07:00 8320-CX-188 intfd[1840] Event|403|LOG_INFO|||Link status for interface 1/1/30 is up

name: link_up_rule
pack: "aoscx"
description: Executes and Ansible playbook when a syslog message from AOS-CX is received that an interface link is up.
enabled: true

    file_path: /var/log/switch-log.log
  type: linux.file_watch.line

     pattern: 'intfd.*Link.*interface\s\d+\/\d+\/\d+\sis\sup'
     type: "iregex"

    ref: "core.remote"
        cmd: "ansible-playbook /home/admin/configure_vlan.yml -i /home/admin/cx_hosts.yml"
        hosts: "" 			# IP address of Ansible control machine
        username: "admin"						# SSH Login username of Ansible control machine
        password: "password"				# SSH Login password of Ansible control machine

What’s Next