Monitoring the Cisco 678

Posted on
by bgrantrobus

My connection to the boundless cache of information called the “internet” is handled by my trusty Cisco 678. Unfortunately, the phone infrastructure in my building is less than top quality and my connection quality degrades over time. Part of my solution to this problem involves monitoring my 678 (running CBOS 2.4).

Configuring Syslog

The Cisco 67x has a built-in syslog facility, but it has limited memory and can be cumbersome to access. The Cisco has the capability to send syslog messages to a central syslog server, and I just happen to maintain such a server on my network. My syslog server currently runs Ubuntu Server 12.04.2 LTS (Precise Pangolin) and I use the provided rsyslogd (5.8.6). To configure it, edit /etc/rsyslog.conf and ensure UDP support is enabled (I had to uncomment the following lines).

$ModLoad imudp
$UDPServerRun 514

I also had to add a firewall rule to allow the traffic.

iptables -A INPUT -i eth1 -s <cisco ip>/32 -p udp --dport 514 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -d <cisco ip>/32 -p udp --sport 514 -m state --state RELATED,ESTABLISHED -j ACCEPT

Next, configure the Cisco to send its syslog messages to the remote server. This consists of connecting to the Cisco, configuring syslog, writing the config, rebooting, and testing.

User Access Verification
Password:********

cbos>enable
Password:********

cbos#set syslog enabled
SYSLOG is enabled

cbos#set syslog remote <syslog server ip>
SYSLOG will now send messages to <syslog server ip>

cbos#set syslog port 514
SYSLOG will now use port 514

cbos#write
Warning: traffic may pause while NVRAM is being modified
NVRAM written.

cbos#reboot

Obviously, you need to replace <syslog server ip> with an actual IP. Adjust the port if necessary. Once the reboot is complete, you can test it.

cbos#set syslog test testing syslog from cisco 678
Message: "testing syslog from cisco 678" sent via syslog

You should see the message appear in your logs on the central syslog server.

user@syslog$ tail /var/log/syslog.log
May 24 18:29:11 <cisco ip> "testing sysylog from cisco 678"

If the message doesn’t appear in the syslog logs, check for errors on the Cisco.

cbos#show errors
- Current Error Messages -
## Ticks Module Level Message
 0 000:00:00:00 SYSLOG Alarm Could not send message

If the error “Could not send message” appears, verify that the Cisco was configured correctly. Note: the Cisco will probably fail until the config is written and the device is rebooted.

Messages from the Cisco should now be appearing in your central syslog logs.

Configuring SNMP

The Cisco 678 has built-in support for SNMP, and it’s fairly straight-forward to enable. My goal is to use Net-SNMP to monitor the performance and general health of the Cisco. To setup the 678 to support SNMP, add a ‘manager’ (use “set snmp manager” for details). In my example, <client ip> is the IP of the machine generating SNMP requests, and “internal” is the name of my SNMP ‘community’.

cbos#set snmp manager <client ip> internal read enable all
Added SNMP Manager

cbos#set snmp enable
SNMP enabled

cbos#write
Warning: traffic may pause while NVRAM is being modified
NVRAM written.

cbos#reboot

The Cisco should now respond to SNMP requests originating from <client ip>. Net-SNMP includes several tools, such as snmpwalk, that can be used to test the setup. This can be done on an Ubuntu client as follows.

user$ sudo apt-get install -y snmp
user$ snmpwalk -r 0 -v1 -c internal <cisco ip>

The output of both commands has been omitted, but the system information for the Cisco should look similar to the following.

user$ snmpwalk -r0 -v1 -c internal <cisco ip> system
SNMPv2-MIB::sysDescr.0 = STRING: Cisco CPE SNMPv3 Agent
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.10.1.1
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (8835020) 1 day, 0:32:30.20
SNMPv2-MIB::sysContact.0 = STRING: Cisco Systems, Inc
SNMPv2-MIB::sysName.0 = STRING: CBOS675
SNMPv2-MIB::sysLocation.0 = STRING: Irvine
SNMPv2-MIB::sysServices.0 = INTEGER: 72

Note: Net-SNMP 5.4.3 was having problems translating OID numbers into more human-friendly strings. Eventually, Google led me to several articles explaining a bug in 5.4 that caused Net-SNMP to fail when reading MIB files to translate the OID numbers. It was necessary for me to build and install 5.7.1 to resolve this problem. If you’re using 5.4.3, then you may need to change your command, and the result will be different (and more cryptic).

user$ snmpwalk -r0 -v1 -c internal <cisco ip> .1.3.6.1.2.1.1
iso.3.6.1.2.1.1.1.0 = STRING: "Cisco CPE SNMPv3 Agent"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.9.10.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (8887560) 1 day, 0:41:15.60
iso.3.6.1.2.1.1.4.0 = STRING: "Cisco Systems, Inc"
iso.3.6.1.2.1.1.5.0 = STRING: "CBOS675"
iso.3.6.1.2.1.1.6.0 = STRING: "Irvine"
iso.3.6.1.2.1.1.7.0 = INTEGER: 72

Most of the examples I found online use mrtg (along with Apache, cron, and rrdtool) to generate web-accessible graphs of  data collected via SNMP. This isn’t the model I’m using, but Google can lead you to the answer; I’m using a custom tool to record specific parameters as part of my overall network monitoring.

A Final Thought

Between syslog and SNMP, it should be relatively easy to keep an eye on a Cisco 678 or 675. It’s worth noting that there are some security trade offs to consider when enabling SNMP. In my setup, I was able to disable my 678’s telnet server, but end up exposing its SNMP functionality. This may or may not be advisable in your environment.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>