VyOS Rolling - Event Handler - No PID Exception

Bugs
1

Hi all,

I was testing using an event handler to restart a container which binds to an IP address that is retrieved with DHCP. This works fine.

I noticed that the logs are filled with exceptions from vyos-event-handler as it is unable to extract the PID of kernel messages like logs from the firewall. As an example:

Jul 08 13:10:09 kernel: [ipv6-NAM-WAN-Local-IPv6-default-D]IN=eth0 OUT= MAC=00:d0:b4:04:8b:a1:0e:a2:00:06:00:05:86:dd SRC=2400:cb00:0087:1000:2684:3c50:a241:d29b DST=24dd:dddd:dddd:dddd:000a:0000:0002:0053 LEN=80 TC=0 HOPLIMIT=48 FLOWLBL=251455 PROTO=TCP SPT=19552 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
Jul 08 13:10:09 vyos-event-handler[138401]: Unable to extract PID from message entry: {'_TRANSPORT': 'kernel', 'PRIORITY': 4, 'SYSLOG_FACILITY': 0, 'SYSLOG_IDENTIFIER': 'kernel', '_BOOT_ID': UUID('b39d8b40-0997-4d41-ae61-89aeeb9c55b7'), '_MACHINE_ID': UUID('82cbb5f9-9226-4c22-85b3-92b050b56d53'), '_HOSTNAME': '23a', '_RUNTIME_SCOPE': 'system', '_SOURCE_MONOTONIC_TIMESTAMP': datetime.timedelta(days=3, seconds=41381, microseconds=55340), 'MESSAGE': '[ipv6-NAM-WAN-Local-IPv6-default-D]IN=eth0 OUT= MAC=00:d0:b4:04:8b:a1:0e:a2:00:06:00:05:86:dd SRC=2400:cb00:0087:1000:2684:3c50:a241:d29b DST=24dd:dddd:dddd:dddd:000a:0000:0002:0053 LEN=80 TC=0 HOPLIMIT=48 FLOWLBL=251455 PROTO=TCP SPT=19552 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ', '__REALTIME_TIMESTAMP': datetime.datetime(2025, 7, 8, 13, 10, 9, 509114, tzinfo=datetime.timezone(datetime.timedelta(seconds=28800), 'AWST')), '__MONOTONIC_TIMESTAMP': journal.Monotonic(timestamp=datetime.timedelta(days=3, seconds=41385, microseconds=335012), bootid=UUID('b39d8b40-0997-4d41-ae61-89aeeb9c55b7')), '__CURSOR': 's=e7ca23b9203a4aba9da93461739f91da;i=a729e;b=b39d8b4009974d41ae6189aeeb9c55b7;m=45fc4838e4;t=63963f96d72fa;x=b95e178629cf13bf'}

I can see the exception logging was added in T6048: event-handler: T6048: handling exception when _PID is not found · vyos/vyos-1x@b678009 · GitHub

Should there be an exception made for firewall log events to prevent the logs getting filled with exception spam?

2

Yes, I think that we may need to add an exception for all messages from kernel here. Could you please create a bug report for this? While this is not a really technical bug, I feel that we need to consider it a logical bug.