feature: Add syslog scoping

  Allow administrators to toggle between viewing all
  syslog events from inbound messages, regardless of
  scope, or restricting the syslog viewer to nodes
  belonging to the selected cluster.

Fixes: #387
Sponsored-by: credativ GmbH (https://credativ.de)

Author: gyptazy

pegaprox/api/helpers.py

@@ -80,6 +80,9 @@ def load_server_settings():
         # MK Apr 2026 — when true, /api/metrics needs no auth. Useful for setups
         # where a reverse proxy/mutual-TLS already gates scrapes. Default off.
         'metrics_public': False,
+        # When enabled, the Syslog viewer only shows hostnames belonging to
+        # the currently selected cluster instead of all collected syslog rows.
+        'syslog_filter_by_selected_cluster': False,
         # Webhook alert channels (Slack, Discord, Teams, ntfy, generic)
         # Each: {id, name, type, url, enabled, ...type-specific fields}
         'alert_webhooks': [],

pegaprox/api/reports.py

@@ -7,6 +7,7 @@
 import re
 import sqlite3
 import threading
+from urllib.parse import urlparse
 from datetime import datetime, timedelta
 from flask import Blueprint, jsonify, request
 
@@ -16,7 +17,7 @@
 
 from pegaprox.utils.auth import require_auth, load_users
 from pegaprox.utils.rbac import get_user_clusters
-from pegaprox.api.helpers import check_cluster_access
+from pegaprox.api.helpers import check_cluster_access, load_server_settings
 from pegaprox.background.metrics import load_metrics_history, start_metrics_collector
 from pegaprox.background.syslog_server import DB_FILE, SEVERITY_MAP
 from pegaprox.api.schedules import start_scheduler
@@ -57,6 +58,53 @@ def _syslog_like_clause(search_text):
         [like, like, like, like, like, like],
     )
 
+
+def _syslog_hostname_tokens(value):
+    value = str(value or '').strip().lower()
+    if not value:
+        return set()
+    if '://' in value:
+        parsed = urlparse(value)
+        value = parsed.hostname or value
+    value = value.split('/')[0].split('@')[-1]
+    if value.startswith('[') and ']' in value:
+        value = value[1:value.index(']')]
+    elif ':' in value and value.count(':') == 1:
+        value = value.rsplit(':', 1)[0]
+    value = value.strip('.')
+    if not value:
+        return set()
+    tokens = {value}
+    if '.' in value:
+        tokens.add(value.split('.', 1)[0])
+    return tokens
+
+
+def _syslog_cluster_hostnames(cluster_id):
+    manager = cluster_managers.get(cluster_id)
+    if not manager:
+        return set()
+
+    hostnames = set()
+    config = getattr(manager, 'config', None)
+    for value in (
+        getattr(manager, 'host', ''),
+        getattr(config, 'host', '') if config else '',
+        getattr(config, 'name', '') if config else '',
+    ):
+        hostnames.update(_syslog_hostname_tokens(value))
+
+    try:
+        node_status = manager.get_node_status() or {}
+        for node_name in node_status.keys():
+            hostnames.update(_syslog_hostname_tokens(node_name))
+    except Exception as exc:
+        logging.debug(f"[Syslog] Could not load nodes for cluster filter {cluster_id}: {exc}")
+        for node_name in getattr(manager, 'ha_node_status', {}).keys():
+            hostnames.update(_syslog_hostname_tokens(node_name))
+
+    return hostnames
+
 @bp.route('/api/reports/summary', methods=['GET'])
 @require_auth()
 def get_reports_summary():
@@ -180,6 +228,7 @@ def get_integrated_syslog_events():
     hostname = (request.args.get('hostname') or '').strip()
     source_ip = (request.args.get('source_ip') or '').strip()
     facility = (request.args.get('facility') or '').strip()
+    cluster_id = (request.args.get('cluster_id') or '').strip()
 
     sort_map = {
         'id': 'logs.id',
@@ -267,6 +316,22 @@ def get_integrated_syslog_events():
         except ValueError:
             pass
 
+    if cluster_id and load_server_settings().get('syslog_filter_by_selected_cluster', False):
+        ok, err = check_cluster_access(cluster_id)
+        if not ok:
+            return err
+        cluster_hostnames = sorted(_syslog_cluster_hostnames(cluster_id))
+        if cluster_hostnames:
+            cluster_hostname_where = []
+            for value in cluster_hostnames:
+                cluster_hostname_where.append("LOWER(logs.hostname) = ?")
+                params.append(value)
+                cluster_hostname_where.append("LOWER(logs.hostname) LIKE ?")
+                params.append(f"{value}.%")
+            where.append(f"({' OR '.join(cluster_hostname_where)})")
+        else:
+            where.append("1 = 0")
+
     where_sql = f"WHERE {' AND '.join(where)}" if where else ''
     joins_sql = f"{' '.join(joins)}" if joins else ''
     offset = (page - 1) * per_page

pegaprox/api/settings.py

@@ -1152,6 +1152,12 @@ def update_server_settings():
                 settings['alert_update_available'] = bool(data['alert_update_available'])
             if 'metrics_public' in data:
                 settings['metrics_public'] = bool(data['metrics_public'])
+            if 'syslog_filter_by_selected_cluster' in data:
+                old_val = settings.get('syslog_filter_by_selected_cluster', False)
+                settings['syslog_filter_by_selected_cluster'] = bool(data['syslog_filter_by_selected_cluster'])
+                if old_val != settings['syslog_filter_by_selected_cluster']:
+                    log_audit(request.session.get('user', 'admin'), 'settings.syslog',
+                              f"Syslog cluster hostname filter {'enabled' if settings['syslog_filter_by_selected_cluster'] else 'disabled'}")
             if 'strict_session_ip' in data:
                 settings['strict_session_ip'] = bool(data['strict_session_ip'])
 
@@ -1381,6 +1387,12 @@ def update_server_settings():
                 settings['alert_cooldown'] = max(60, min(86400, int(request.form['alert_cooldown'])))
             if 'alert_update_available' in request.form:
                 settings['alert_update_available'] = request.form['alert_update_available'] in ('true', '1', 'on')
+            if 'syslog_filter_by_selected_cluster' in request.form:
+                old_syslog_filter = settings.get('syslog_filter_by_selected_cluster', False)
+                settings['syslog_filter_by_selected_cluster'] = request.form['syslog_filter_by_selected_cluster'] in ('true', '1', 'on')
+                if old_syslog_filter != settings['syslog_filter_by_selected_cluster']:
+                    log_audit(request.session.get('user', 'admin'), 'settings.syslog',
+                              f"Syslog cluster hostname filter {'enabled' if settings['syslog_filter_by_selected_cluster'] else 'disabled'}")
 
             # Handle certificate upload
             if 'ssl_cert' in request.files:
@@ -4574,4 +4586,3 @@ def test_ldap():
     return jsonify(results)
 
 
-