Cisco

Background

Cisco switch Analysis App automatically Collects - Reads - Parses - Analyzes - Reports all Cisco switches generated log data of the server and presents a comprehensive automatic predefined set of Reports, Dashboards and Widgets. Once you Setup and configure the Cisco App, you will be redirected to the dashboards where you will have graphs about: errors occurred, users behavior, interfaces utilization, logins, ssh connections and much more. You later use XpoLog built in Analytics features to zero in on errors and take actions to improve your system's up-time. Cisco switches system logs data can be viewed, filtered and searched via the main XpoLog console.

Steps

1. Add Log Data In XpoLog, When adding a log to XpoLog you can now select the Log Type (logtype) for Arista the are the following logtypes:
   
   

   1. syslog

   2. cisco

   3. switch

2. Once all required information is set click next and edit the log pattern, this step is crucial to the accuracy and deployment of the Cisco App. 

3. The pattern should be as follows:
   XPLG:[{timestamp:Timestamp,MM/dd/yyyy HH:mm:ss.SSS}] [{text:Facility,ftype=facility}] [{priority:Level,ftype=level,DEBUG;INFO;WARN;ERROR;FATAL}] [{text:Source Device,ftype=source-device}] {block,start,emptiness=true}{text:Application Name,ftype=app-name}[{text:Process Id,ftype=pid}]: {block,end,emptiness=true}{text:Record Number}: {text:Device Time}:{block,start,emptiness=true} %{text:Message Type,ftype=messagetype;,}:{block,end,emptiness=true} {regexp:Username,ftype=username;refName=Message,([U|u]ser\s'|[U|u]ser:\s|[U|u]ser:)[XPLG_PARAM([^'\u005D\s]+)].*}{regexp:Sourceip,ftype=sourceip;refName=Message,(Source:\s|from\s)[XPLG_PARAM(\d+\.\d+\.\d+\.\d+)]}{regexp:Status,ftype=status;refName=Message,Succeeded|closed|up|down|enabled|failed|Success|suspended}{regexp:Interface,ftype=interface;refName=Message,Interface\s([^,\s]+).*}{string:Message,ftype=message}{eoe}

4. In XpoLog, the log will be displayed as follows:
   
   

   Open