- Community
- :
- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Monitor cisco router interfaces
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm looking for a way to monitor several router and several interfaces (physical, tunnel...).
I need to extract status (up/down), latency, throughput, ospf status, traffic (applications and/or port used) ecc.
Is syslog enough or i must use snmp?
Does anyone already used splunk in this scenario?
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At a bare minimum, you should have your Cisco routers sending syslog data to either Splunk directly or a Syslog server that has Splunk monitoring its logfiles. This will give you immediate access to various events such as interface up/down. And, IIRC, Cisco does include some syslog events around things like OSPF adjacency.
As joshd suggested, SNMP via a scripted input is a viable path to some of these measurements. Cisco exposes lots of data via the hundreds of SNMP MIBS supported by IOS. However, some data is a little more difficult to get at. Two good examples are latency and "traffic".
Concerning latency, typically a router does not know end-to-end latency of a specific path. This is just not in its area-of-knowledge, and could be difficult for a single router to know given asymmetric routing and other complications. To accurately measure latency requires something at each site that is actively measuring latency to its peer sites. Open source projects like SmokePing provide agents to accurately measure latency over a distributed network. It would take some effort to integrate SmokePing's measuring agents into Splunk, but it is possible.
For "traffic" -- I assume you mean you'd like to be able to get a reasonable accounting of the various sources and destinations of packets and the protocols/ports they are communicating on. Cisco's best tool for this job is usually Netflow. When configured properly, Cisco routers will send "flow event" records to a Netflow receiver, which can then be plugged in to Splunk. There is already a Splunk for Netflow app that has been developed to provide the necessary Splunk configs and dashboards for visualizing Netflow data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Get Your Company Setup in Dubai services from our top consultants.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am working as a network administrator in Web Design Dubai.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In any case, where you will see the worth of the pack is the point at which you ask the two about genuine situations like for what reason will a WIC-1DSU-T1 work in my 2610XM switch however it doesn't appear to be perceived in our Cisco 1841 switch as indicated by Cisco's site the card will work in all things considered. That is the place where as you are assembling you lab you will discover things like the 2610XM switch upholds the WIC-1DSU-T1 v1 module and the ISR 1841 switch upholds the WIC-1DSU-T1 v2 module. So there are huge loads of illustration of situations like that or then again if have a 1841 256/64 switch that goes down and you have two substitutions that are accessible; a 2801 switch and a 2811 switch. You are running IOS 15.1 Advanced IP Services so you should have redesigned DRAM in the switch yet both the 2801 and 2811 switches accompanied the stock measure of memory. What do you do? All things considered, since you have insight with genuine switches from your home lab, you will realize that the 1841 and the 2801 switches utilize a similar DRAM yet the 2811 doesn't. So you will pick the 2801 switch as your handy solution and move the memory from the 1841 to the 2801 and you are brilliant! Something reveals to me you would not have the foggiest idea about any of that from a test system.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At a bare minimum, you should have your Cisco routers sending syslog data to either Splunk directly or a Syslog server that has Splunk monitoring its logfiles. This will give you immediate access to various events such as interface up/down. And, IIRC, Cisco does include some syslog events around things like OSPF adjacency.
As joshd suggested, SNMP via a scripted input is a viable path to some of these measurements. Cisco exposes lots of data via the hundreds of SNMP MIBS supported by IOS. However, some data is a little more difficult to get at. Two good examples are latency and "traffic".
Concerning latency, typically a router does not know end-to-end latency of a specific path. This is just not in its area-of-knowledge, and could be difficult for a single router to know given asymmetric routing and other complications. To accurately measure latency requires something at each site that is actively measuring latency to its peer sites. Open source projects like SmokePing provide agents to accurately measure latency over a distributed network. It would take some effort to integrate SmokePing's measuring agents into Splunk, but it is possible.
For "traffic" -- I assume you mean you'd like to be able to get a reasonable accounting of the various sources and destinations of packets and the protocols/ports they are communicating on. Cisco's best tool for this job is usually Netflow. When configured properly, Cisco routers will send "flow event" records to a Netflow receiver, which can then be plugged in to Splunk. There is already a Splunk for Netflow app that has been developed to provide the necessary Splunk configs and dashboards for visualizing Netflow data.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you dwaddle, I supposed the same things.
At work now 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quick and dirty... I would use specific snmpget commands or a generic snmpwalk as a scripted input inside of Splunk to index the stats every-X minutes and then build your reports on that data. The snmpwalk will provide you a more generic way to pull data regardless of configuration changes on the device. I don't do this with my cisco devices specifically but with other devices I will do an snmpwalk like so:
snmpwalk -v 2c -c public 1.1.1.1 -O sQ system
This will return results like so:
sysDescr = "some string"
which easily allows for automatic mapping of fields to values, thus your reports are easily generated without any need for field extractions, etc...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In order to monitor Cisco router interfaces, you can log into the router and run the show interfaces command. This command will provide detailed status information for all interfaces on the router, including the interface type, status, data rate, and errors. Additionally, you can use a few other commands such as show ip traffic, show ip route, and show ip route to monitor, analyze, and troubleshoot various networking issues related to the router’s interfaces.
visit https://www.iteducationcentre.com/ccna-course-in-pune-area.php
Build Scalable Security While Moving to Cloud - Guide From Clayton Homes
Mission Control | Explore the latest release of Splunk Mission Control (2.3)
Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7
