Friday, July 16, 2021

Generate Syslog messages on Cisco Viptela OS devices

 

Introduction

If you are familiar with IOS XE and system monitoring tools, you might have used the command "send log." We have used this command to test if our syslog gets forwarded to the appropriate server and actions are taken on the server-side (Generate ticket, notify people...etc). In Viptela OS, there is a similar way to generate those syslog messages. In this article, I will show you how I managed to send syslog messages using logger to a remote server from a vEdge in my lab.

 

Logger

From the logger online man page:

https://man7.org/linux/man-pages/man1/logger.1.html 

NAME         

       logger - enter messages into the system log

SYNOPSIS        

       logger [options] [message]

DESCRIPTION        

       logger makes entries in the system log.

       When the optional message argument is present, it is written to
       the log.  If it is not present, and the -f option is not given
       either, then standard input is logged.

 

Generate the log

The reason you want to generate a log is to test if the device is capable of reaching the remote logging server. I am going to demonstrate how I managed to generate a log in the file /var/log/messages and receive that log on a Linux box with logging server.

 

To generate a log, run the command: logger <insert-text> Note: you need to activate the shell by using the vshell command

From vManage:
OmarsVManage# vshell
OmarsVManage:~$ logger Test
OmarsVManage:~$ grep "Test" /var/log/messages
user.notice: Jun 10 13:46:33 OmarsVManage omar: Test
OmarsVManage:~$ 
From Linux box:
[root@localhost 50.0.0.1]# ls
CFGMGR.log confd.log dhclient.log omar.log sshd.log SYSMGR.log
[root@localhost 50.0.0.1]# cat omar.log 
Jun 9 22:17:27 50.0.0.1 omar: Test
[root@localhost 50.0.0.1]#

From the linux box, you can see that there is a file name omar.log. While in the vManage itself, the command logged the message in /var/log/messages, in the remote server it is logged under omar.log. The file is named after the user who generated this log. In other words, because I logged into vMangage with the user "omar" and generated the log, it was logged to omar.log file.

 

Options with logger

To modify the facility.level parameter, you can use the command logger with the option -p <facility.level>.

From vManage:
OmarsVManage# vshell
OmarsVManage:~$ logger "Test with error and local7" -p local7.err
OmarsVManage:~$ grep "Test with error and local7" /var/log/messages
local7.err: Jun 10 14:02:54 OmarsVManage omar: Test with error and local7
OmarsVManage:~$
From Linux box:
[root@localhost 50.0.0.1]# cat omar.log 
Jun 9 22:17:27 50.0.0.1 omar: Test
Jun 9 22:33:48 50.0.0.1 omar: Test with error and local7
[root@localhost 50.0.0.1]#

 

You can also add a Tag to your log using the -t:

 

From vManage:
OmarsVManage# vshell
OmarsVManage:~$ logger -t [TEST] "Test tag"
OmarsVManage:~$ grep "TEST" /var/log/messages
user.notice: Jun 10 14:23:35 OmarsVManage [TEST]: Test tag
OmarsVManage:~$
From Linux box:
[root@localhost 50.0.0.1]# cat omar.log 
Jun 9 22:17:27 50.0.0.1 omar: Test
Jun 9 22:33:48 50.0.0.1 omar: Test with error and local7
[root@localhost 50.0.0.1]# ls
CFGMGR.log confd.log dhclient.log kernel.log _.log omar.log sshd.log SYSMGR.log
[root@localhost 50.0.0.1]# grep "TEST" ./*
./_.log:Jun 9 22:54:29 50.0.0.1 [TEST]: Test tag
[root@localhost 50.0.0.1]#

Note: Not sure why the log was logged to _.log on the remote server. 

at No comments:

Sunday, July 11, 2021

NCS55 SPAN to File(New Feature)

 一直以来SPAN都是作为排查丢包问题很好用的feature, 但是在XR低版本上存在很多的限制,比如只支持local SPAN, 只能要求现场有人协助连个PC,将流量SPAN到PC上进行抓包,现在从XR 7.1.2 版本开始我们支持将SPAN的流量保存成一个文件,可以直接远程从设备上copy 出来。

SPAN Feature Support

ASR9kDNXSpitFire
Local SPANSupported-3.9.1NCS5500: Supported-6.1.1Being targetted for 7.2.1
Remote SPANSupported-3.9.1
Sampled SPANSupported-5.1.0
ERSPANNoNCS5500: Supported- 6.1.31Supported-7.2.1
MPLS-ERSPAN
PW-SPANSupported- 4.0.1Supported- 7.0.1  ( no support in 71x)No
ACL Based Traffic MirroringSupported-4.0.1NCS5500: Supported-6.1.1NCS560:  SupportedNCS540: SupportedSupported
SPAN to File7.1.27.1.27.2.2
SPAN to File PCAPngNo7.3.1No
CloudSpanNoNoNo

配置说明

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#### 不同版本或许有些许出入, 一切以CCO文档为准
monitor-session [span_name] ethernet
 destination file size [size] [buffer-type linear]
interface [interface_name]
 monitor-session [span_name] ethernet [direction rx-only] port-level
  
buffer type 有两种, Linear/Circular, 默认不配置是Circular。
Linear:一旦缓冲区已满,就不会记录更多数据包。
Circular:一旦缓冲区已满,开始覆盖存储数据包。
 
SPAN to File 提供了 1000-1000000 KB 的缓冲区范围。默认缓冲区大小设置为 1000 KB。
  
### Start/stop packet capture
默认配置完以上的配置是不会自动开启capture的,需要额外命令start/stop
 
monitor-session <name> packet-collection start
monitor-session <name> packet-collection stop [ discard-data | write directory <dir> filename <filename> ]
 
如果添加discard-data选项,则简单地清除缓冲区,而如果write指定了该选项,则在清除之前将缓冲区写入磁盘。
官方文档

示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
IXIA ---Ten0/0/0/1--- NCS55A1---- Other Router
 
IXIA 会持续发送100Mbps的穿越流量给NCS55, 100Mbps = 12.5MB/s
 
RP/0/RP0/CPU0:NCS-55A2-12#monitor interface TenGigE0/0/0/0 TenGigE0/0/0/1     
Sun Jun  6 05:54:07.887 UTC
NCS-55A2-12          Monitor Time: 00:00:40          SysUptime: 75:42:59
 
Protocol:General
Interface             In(bps)      Out(bps)     InBytes/Delta  OutBytes/Delta
Te0/0/0/0              1000/  0%   100.4M/  1%    48.5M/0         37.3G/25.0M      <<<<<<<
Te0/0/0/1             99.6M/  0%        0/  0%   304.1G/24.8M      8.0G/170  
 
Quit='q',     Clear='c',    Freeze='f', Thaw='t',
Next set='n', Prev set='p', Bytes='y',  Packets='k'
(General='g', IPv4 Uni='4u', IPv4 Multi='4m', IPv6 Uni='6u', IPv6 Multi='6m')
 
RP/0/RP0/CPU0:NCS-55A2-12#show run monitor-session
% Incomplete command.
RP/0/RP0/CPU0:NCS-55A2-12#show run monitor-session  span_to_file
Sun Jun  6 06:06:37.404 UTC
monitor-session span_to_file ethernet
 destination file size 1000000
!
RP/0/RP0/CPU0:NCS-55A2-12#show run int tenGigE 0/0/0/1
Sun Jun  6 06:06:50.713 UTC
interface TenGigE0/0/0/1
 cdp
 vrf GLOBAL
 ipv4 address 100.1.1.1 255.255.255.0
 ipv6 address 2012::1/64
 monitor-session span_to_file ethernet port-level
 !
 load-interval 30
!
 
RP/0/RP0/CPU0:NCS-55A2-12#monitor-session span_to_file packet-collection start
Sun Jun  6 05:51:48.480 UTC
RP/0/RP0/CPU0:NCS-55A2-12#monitor-session span_to_file packet-collection stop write directory /misc/disk1 filename span_to_file
Sun Jun  6 05:52:22.473 UTC
 
</misc/disk1>  为harddisk:, Ten0/0/0/1 属于板卡0/0/CPU0 ,所以文件会存储在node0_0_CPU0 中
[xr-vm_node0_RP0_CPU0:~]$cd /misc/disk1/node0_0_CPU0
[xr-vm_node0_RP0_CPU0:/misc/disk1/node0_0_CPU0]$ls -lh
total 157M
-rw-r--r--. 1 root root 157M Jun  6 05:52 span_to_file.pcap
[xr-vm_node0_RP0_CPU0:/misc/disk1/node0_0_CPU0]$
 
或者
RP/0/RP0/CPU0:NCS-55A2-12#dir harddisk:/node0_0_CPU0
Sun Jun  6 06:20:03.560 UTC
 
Directory of harddisk:/node0_0_CPU0
783365 -rw-r--r--. 1 164039152 Jun  6 05:52 span_to_file.pcap

把文件从设备上COPY出来, 这里用了SCP

1
2
3
4
5
6
xuxing@XUXING-WT1:/mnt/c/Users/xuxing.CISCO/Desktop$ scp admin@10.122.166.235:/misc/disk1/node0_0_CPU0/span_to_file.pcap .
Password:
span_to_file.pcap                                                                                        4% 7088KB 225.7KB/s   11:18 ETA
 
 
span_to_file.pcap

注意

  • 2021-06-06

测试发现, SPAN采集了34s, 理论上应该是34X12.5=425MB的流量被存储下来, 但是只生成的157MB的文件,是有些数据包没有被dump下来, 因为我使用的软件版本是测试版本,不确认这个情况为该feature的问题还是因为我这个测试版本不完善导致, 后续如果有时间再找个设备测试下。


the blog from link: http://imxing.cn/?p=1195

at No comments:
Subscribe to: Posts (Atom)