CCNP - Event Syslog

 

Lab 27 Event Syslog

Syslog adalah protocol untuk computer message logging. dengan syslog ini membolehkan kita untuk mengirimkan system message sebuah komputer melewati network ke syslog server untuk ditampilkan, contohnya kita bisa menggunakan plugin cacti syslog sebagai syslog servernya. sebagai catatan kita dapat membangun out of band (OOB) untuk tujuan network seperti ini. OOB artinya traffic tersebut tidak akan disharekan pada path yang sama untuk traffic data user. intinya bisa bikin router/switch kita bekerja secara otomatis…apa aja sih yang di”otomatisasikan”?

Banyak…dari syslog, CLI automation, IP SLA, dll…ini contoh dari Cisco.com-nya

destination paling populer untuk syslog message:

1. Logging Buffer (didalam RAM, switch, Router)

2. Console Line

3. Terminal Line

4. Syslog Server

Pertama kita kasih IP terlebuh dahaulu

R1(config)# interface f0/0

R1(config-if)# ip address 12.12.12.1 255.255.255.0

R1(config-if)# no shutdown

R1(config-if)# exit

R1(config)# interface loopback0

R1(config-if)# ip address 1.1.1.1 255.255.255.255

R1(config-if)# exit

R2(config)# interface f0/0

R2(config-if)# ip address 12.12.12.2 255.255.255.0

R2(config-if)# no shutdown

R2(config-if)# exit

R2(config)# interface loopback0

R2(config-if)# ip address 2.2.2.2 255.255.255.255

R2(config-if)# exit

Selanjutnya kita buat OSPF

R1(config)# router ospf 10

R1(config-router)# network 1.1.1.1 0.0.0.0 area 0

R1(config-router)# network 12.12.12.0 0.0.0.255 area 0

R1(config-router)# exit

R2(config)# router ospf 10

R2(config-router)# network 2.2.2.2 0.0.0.0 area 0

R2(config-router)# network 12.12.12.0 0.0.0.255 area 0

R2(config-router)# exit

Coba buat custom syslog dengan EEM

R1(config)#event manager applet INTERFACE_DOWN

R1(config-applet)#event syslog pattern "Interface FastEthernet0/0, changed state to

down"

R1(config-applet)#action 1.0 cli command "enable"

R1(config-applet)#action 2.0 cli command "conf term"

R1(config-applet)#action 3.0 cli command "interface fa0/0"

R1(config-applet)#action 4.0 cli command "no shut"

Script diatas berarti kalo ada log dengan tulisan seperti ini “Interface FastEthernet0/0,

changed state to down" maka tolong tulis enable dan no shutdown interfacenya. Dan

coba lakukan debug untuk melihat prosesnya. Lalu shutdown interface f0/0

R1#debug event manager action cli Debug EEM action cli debugging is on

R1(config)#interface f0/0

R1(config-if)#shutdown

R1(config-if)#exit

Sekarang kita cek

R1

R1(config)#

*Feb 7 07:45:21.195: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to

administratively down

*Feb 7 07:45:22.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface

FastEthernet0/0, changed state to down

*Feb 707:45:22.247:%HA_EM-6-LOG:INTERFACE_DOWN:DEBUG(cli_lib)::CTL:cli_open

called.

*Feb 7 07:45:22.259: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT : R1>

*Feb 7 07:45:22.259: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :

R1>enable

*Feb 7 07:45:22.271: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT : R1#

*Feb 7 07:45:22.271: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :

R1#conf term

*Feb 7 07:45:22.291: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT : Enter

configuration commands, one per line. End with CNTL/Z.

*Feb 7 07:45:22.291: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT :

R1(config)#

R1(config)#45:22.291: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :

R1(config)#interface fa0/0

*Feb 7 07:45:22.315: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT :

R1(config-if)#

*Feb 7 07:45:22.315: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :

R1(config-if)#no shut

*Feb 7 07:45:22.407: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT :

R1(config-if)#

*Feb 7 07:45:22.407: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : CTL : cli_close

called.

*Feb 7 07:45:22.447: %SYS-5-CONFIG_I: Configured from console by vty0 R1(config)#

*Feb 7 07:45:24.315: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Feb 7 07:45:25.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,

changed state to up

R1(config)#

*Feb 7 07:45:27.435: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on FastEthernet0/0 from

LOADING to FULL, Loading Done

dengan ini perangkat kita langsung menjalankan script untuk menghidupkan

kembali interface f0/0.