Zenilith - Tech Blog: 2012

Saturday, 25 February 2012

Linux syslog server

Typically there are a large number of devices on the network (Firewalls, routers, switches, UNIX systems) that are generating logs and storing them locally. These fill up, rotate and eventually disappear, which can make diagnostics difficult and auditing impossible if there is only a small retention time for those logs.

Something I've used before for centralising these logs has been a small Linux installation (CentOS, RHEL or some other distribution) that runs a syslog server and stores all of those syslog entries centrally. Custom scripts can be used to archive, backup, delete or zip obsolete logs.

If you use the standard syslog server under linux, the logs get very messy and are just difficult to use, defeating the point of centralising in the first place. I've used the rsyslog package as it has enough configurability to allow you to separate logs based on the host and day that the logs were generated, perfect for viewing and archiving.

To get started, you'll need to perform an installation of Linux on something with enough space to store the logs data you expect to receive and intend to keep. If possible, create another filesystem and/or volume group for the logs to be stored in. Also, make sure that all of the devices will be able to reach the linux installation on the network.

Once you have a linux installation up and running with some basic configuration, download and install the rsyslog package.

[root@logger ~]# yum install rsyslog
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.swin.edu.au
* extras: ftp.swin.edu.au
<SNIP>
Running Transaction
Installing : rsyslog 1/1
Installed:
rsyslog.i386 0:3.22.1-3.el5_6.1
Complete!
[root@logger ~]#

Now that rsyslog is installed, you can configure the rsyslog service to log all data to the filesystem you created for syslogs, /data/logs in this example. My rsyslog.conf looks like the following:

# Provides kernel logging support (previously done by rklogd)
$ModLoad imklog
# Provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock

$ModLoad imudp
$UDPServerRun 514

$template DynFile, "/data/logs/system-%HOSTNAME%-%$NOW%.log
*.* ?DynFile

The last two lines are the most important as they specify to log everything to /data/logs and include the hostname and datestamp (YYYY-MM-DD) in the filename. The two lines before that enable rsyslog to listen on the standard syslog port (UDP/514).

Now that the configuration is done, disable the native syslog service, enable rsyslog and start it up.

[root@logger etc]# chkconfig --level 2345 syslog off
[root@logger etc]# chkconfig --level 2345 rsyslog on
[root@logger etc]# chkconfig --list | grep syslog
rsyslog      0:off   1:off   2:on    3:on    4:on    5:on    6:off
syslog       0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@logger etc]# service syslog stop
Shutting down kernel logger:                              [ OK ]
Shutting down system logger:                              [ OK ]
[root@logger logs]# service rsyslog start
Starting system logger:                                   [ OK ]
[root@logger logs]#

Assuming that the firewall rules are ok on the system (inbound UDP/514 allowed), you should be able to start receiving syslog entries from remote systems. Configure the remote systems to log to the rsyslog server and there should be a single syslog file generated per system per day.

Once you start to receive logs from remote systems, you'll also need to script something to backup logs, purge and zip them as required or the filesystem will eventually fill up. You can use a combination of the 'find' command and 'gzip' to reduce space requirements e.g.

find /data/logs -mtime +5 -type f -exec gzip -9 {} \;

Similar methods can be used to purge logs or send them off to a backup server for archival to tape.

Friday, 24 February 2012

Cisco IOS shortcut keys

I've always liked using the command line over the GUI and in UNIX there is nothing better than using the vi-style command line in ksh. Fortunately Cisco IOS also has some shortcut keys to make the command line more efficient (though not exactly on par with ksh and vi.)

Ctrl-R - Redraw line
This can be used to redraw the current line. Useful when console messages appear while typing a command.

<TAB> - Complete command
This will complete the remainder of the word if there is only a single possibility.

Example:

TestRTR(config)#show ip in<TAB>
TestRTR(config)#show ip in

Tab won't finish the rest of the word as there are two possibilities (inspect and interface). Complete enough of the word to make it distinct and TAB can complete it for you.

TestRTR(config)#show ip ins<TAB>
TestRTR(config)#show ip inspect

Ctrl-Z - Leave config mode
This shortcut key will take you out of config mode and back to privileged EXEC mode.

? - Context sensitive help
This will show you the available commands that you can enter based on the current line buffer.

TestRTR(config)#show ip in?
inspect interface
TestRTR(config)#show ip interface ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
<SNIP>

Ctrl-Shift-6 - Break command
This key sequence can be used to break a traceroute or ping command and if you add an 'x' to the end of the sequence, it will break a telnet or ssh session from IOS to another device.

Line control commands
There are some other key combinations that you can use to manipulate the text you type in to the console and to move around a little quicker. I use the shortcut keys above most, but the these commands are quite useful too.

Ctrl-E	Move to the end of the line
Ctrl-A	Move to the beginning of the line
Ctrl-U	Erase the current line
Esc-F	Move forward one word
Esc-B	Move the cursor back one word
Ctrl-W	Deletes the word to the left of the cursor
Esc-D	Deletes the full word to the right of the cursor
Ctrl-K	Deletes all characters to the right of the cursor
Ctrl-P	Same as using the UP key
Ctrl-N	Same as using the DOWN key
Ctrl-Y	Recall the last thing deleted
Ctrl-X	Deletes everything to the left of the cursor
Ctrl-F	Move the cursor one character forward
Ctrl-D	Deletes the character to the right of the cursor

The line control keys are probably less important to remember, but the first few shortcut keys (Ctrl-Shift-6, Ctrl-R, TAB, ?, etc.) will save you the most time when using IOS.

Sunday, 12 February 2012

Configuring DHCP server on IOS

Cisco IOS based switches and routers are capable of acting as DHCP client, servers and relays, where requests are forwarded to another DHCP server to be serviced. In this post I'm going to cover the configuration of an IOS device as a DHCP server.

Before configuring a DHCP pool, there are some things you should determine first

Networks - What network ranges do you want to perform DHCP server services on
Network Settings - DNS servers, domains and network gateways
Exclusions - What addresses should be excluded from the DHCP scope
DHCP database persistence - Are you going to have the DHCP database saved and updated somewhere?
Lease time - How long do you want leases to persist

Firstly, enter in the addresses that have been excluded from pools. Once you have configured addresses in the DHCP pool, IOS will start handing them out, so it's a good idea to do this first and avoid collisions.

TestRTR(config)#ip dhcp excluded-address ?
A.B.C.D Low IP address
TestRTR(config)#ip dhcp excluded-address 10.1.1.240 10.1.1.254
TestRTR(config)#

Now we can create the DHCP pool to lease out addresses. Create the DHCP pool using the ip dhcp pool pool_name command and enter in the network number and mask for the network you want to lease out addresses on.

TestRTR(config)#ip dhcp pool PoolA
TestRTR(config)#network 10.1.1.0 /24
TestRTR(config)#

Unlike other DHCP software, IOS is going to assume that all addresses in the network can be handed out to clients, excluding it's own IP address. Excluding addresses is the method in which you limit the scope of the IP address pool that IOS will use.

Next, we will configure the DNS server, domain name, lease time (days) and default gateway

TestRTR(dhcp-config)#domain-name lab.local
TestRTR(dhcp-config)#default-router 10.1.1.254
TestRTR(dhcp-config)#dns-server 10.1.1.254
TestRTR(dhcp-config)#lease 8
TestRTR(dhcp-config)#

These settings are passed to the client as options in the DHCP response to the client. Additional options can be specified with the option command in the dhcp sub-configuration context.

Lastly, DHCP database persistence can be configured so that the router can keep track of what addresses have been handed out after a reload. This database can be stored in any area accessible from something like the copy command (e.g. flash (not recommended), tftp, ftp, rcp, http).

To configure DHCP database persistence, use the ip dhcp database command and specify the URL location that the database should be stored in.

TestRTR(config)#ip dhcp database tftp://10.1.1.5/dhcp.log write-delay 120
TestRTR(config)#

Now that you have configured the DHCP server to provide addresses, we should have a look how the DHCP server is working and statistics on what has been handed out.

To view the pools that have been created, the number of addresses allocated and the hosts they are allocated to use both the show ip dhcp pool and show ip dhcp binding commands.

TestRTR(config)#sh ip dhcp pool
Pool home_pool :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 5
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.1.1.6             10.1.1.1         - 10.1.1.254        5
TestRTR#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address   Client-ID/          Lease expiration        Type
             Hardware address/
              User name
10.1.1.1    0100.17ab.ef13.bb    Feb 18 2012 09:33 PM    Automatic
10.1.1.2    0188.c663.b7e1.55    Feb 17 2012 09:03 PM    Automatic
10.1.1.3    0100.24d7.d5c5.38    Feb 18 2012 06:09 AM    Automatic
10.1.1.4    0100.22fa.96d7.84    Feb 18 2012 09:32 PM    Automatic
10.1.1.5    0100.21c5.18de.7a    Feb 17 2012 10:54 AM    Automatic
TestRTR#

The above commands will show you the mapping from addresses to MAC addresses for DHCP clients and lease expiration. To view statistics on the DHCP server for things like leases, memory usage and offers, use the show ip dhcp server statistics command.

TestRTR(config)#sh ip dhcp server statistics
Memory usage         25085
Address pools        1
Database agents      0
Automatic bindings   5
Manual bindings      0
Expired bindings     0
Malformed messages   0
Secure arp entries   0

Message              Received
BOOTREQUEST          0
DHCPDISCOVER         6
DHCPREQUEST          389
DHCPDECLINE          0
DHCPRELEASE          0
DHCPINFORM           25

Message              Sent
BOOTREPLY            0
DHCPOFFER            6
DHCPACK              409
DHCPNAK              2
TestRTR(config)#

In most environments, DHCP leasing services are handled by a windows server and the IOS device either is not involved or acts as a DHCP relay. DHCP server on IOS generally gets most use in small branch office environments where they may not have a dedicated server to run DHCP, but still need to function semi-autonomously.

Wednesday, 8 February 2012

Cisco IOS Configuration Register

To control various startup and operating parameters, Cisco IOS devices have the concept of a configuration register. The configuration register is quite often used to perform password resets, but can be used for some other things as well.

The configuration register is 16-bits of storage that is carved up to represent different configuration options and exists outside of the configuration you create and save to flash. The values in the configuration register can be altered through IOS and also through the ROMmon boot loader.

To view the current configuration register value, you can use show version command through IOS and confreg through the ROMmon boot loader.

IOS:

TestRTR#show version
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T7, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 29-Nov-06 00:43 by kellythw

<snip>

5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

ROMmon:

rommon 4 > confreg

Configuration Summary
(Virtual Configuration Register: 0x2102)
enabled are:
load rom after netboot fails
console baud: 9600
boot: image specified by the boot system commands
or default to: cisco2-

do you wish to change the configuration? y/n [n]:

In the examples above, the configuration register is 0x2102, which signifies

Fall back to booting ROM if network boot fails (0x2000)
The break key will be ignored during standard operation (0x100)
Use the image specified with the 'boot' command in IOS (0x2)

Most of the bits in the configuration register represent individual settings, which are based on their position within the register. The default configuration register setting (0x2102) is represented below in binary.

Bits 13 (0x2000), 8 (0x100) and 2 (0x2) are enabled, which represent the settings covered earlier. In the example below, different settings have been enabled.

Bits 15 (0x8000), 13 (0x2000), 8 (0x100), 7 (0x40) and 1 (0x1) have been set, which will change the function of the router when it starts up. Compared to the default, these settings will cause diagnostic messages will be displayed, the startup config in flash to be ignored and the first image available in flash to be loaded, ignoring the 'boot' directive.

The settings in these examples above can be referenced in the table below

Bits	Hex	Description
0-3	0x0-0xF	Boot configuration (0 - Stay in ROMmon boot loader, 1 - Load first image on flash, 2- use the image specified with the boot system command)
6	0x0040	Ignore the startup config in NVRAM
7	0x0080	Disable boot messages on startup
8	0x0100	Disable the usage of the 'break' key during normal IOS operation
9	0x0200	Uses secondary bootstrap (obsolete ?)
10	0x0400	Enable IP broadcast with all zeros (old broken BSD method of broadcast)
5,11,12		Configure the console line speed
13	0x2000	Boots default image if the network boot fails
14	0x4000	Do not include network number in broadcast packets
15	0x8000	Enable diagnostic messages on startup and ignore startup config in NVRAM (like bit 6)

To modify the current value in the configuration register the config-register command can be used through IOS and the confreg command can be used through ROMmon.

IOS:

TestRTR(config)#config-register ?
<0x0-0xFFFF> Config register number

TestRTR(config)#config-register 0xA141
TestRTR(config)#

ROMmon:

rommon 1 > confreg 0xA141
You must reset or power cycle for new config to take effect
rommon 2 >

Once the configuration register has been modified, the system will need to be restarted for the changes to take effect.

Thursday, 2 February 2012

UCS Platform Emulator Install

As far as management interfaces go, the UCS management interface is pretty good, however there is a steeper learning curve compared to other management interfaces. If you don't get a chance to do some hands on training before working with the system (and even if you do), then you should have a look at the Cisco UCS Platform Emulator (UCSPE) before you work on a live system.

The UCS Platform Emulator provides the management interface for the UCS without the hardware backend. This can be useful if you want to work on a design, test a concept or get some familiarity with the system before actually having to work with a live system.

To run the emulator, you'll need to make sure you have some things ready first:

VMware environment - You can use workstation, player or fusion to run the emulator. ESX is supported, but requires conversion of the virtual machine. My testing was done on VMware workstation. Player can be downloaded free at http://www.vmware.com/go/player
System Requirements - Cisco requirements for the emulator are 8GB disk space, 1GB memory and 1.8 GHz CPU. The unpacked and powered on system took just under 4 GB of disk space.
Firefox or Chrome - The 'Hardware Designer' requires Firefox or Chrome to display properly. This is specific to the platform emulator as the manager interface runs entirely through the java interface and is all you will see on a live system.
Java Runtime Environment 1.6 - This is required to run the UCS Manager interface
UCSPE Image - The platform emulator can be downloaded from the cisco developer site (http://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload) and comes as a virtual machine in a 7-zip archive. The latest version at the time of writing is 2.0, which is the version I am using for testing. Unzip this and you will have the UCSPE VM and a readme file.

Once you have extracted the UCSPE image locally, open the 'UCSPE.vmx' file through your chosen VMware product and power on the virtual machine.

The virtual machine itself runs a copy of CentOS Linux with the UCS Manager code running on top of it. If your VMware installation is setup up correctly, the virtual machine should get an address via DHCP during startup, which you can use to connect to via a web browser. The address that the VM is using can be seen in the VMware console window (below.)

If you want to change the IP address that the emulator is using before connecting via a web browser, you can log in on the console using 'config' and 'config' to change the network settings.

Using Firefox or Chrome, connect to the address of the emulator and if all is working correctly, you should see something similar to the following.

Before you launch the UCS manager interface, you'll need to check a couple of settings:

Number of Uplinks - How many uplinks from the fabric interconnects?
Database Persistence - Do you want the configuration to persist when you restart the VM?
High Availability - Do you want dual fabric or a single fabric interconnect?
Addressing - You can change the addressing here if you didn't do it earlier

Once you've made your changes, restart the UCS Manager through the interface for the changes to take effect.

Lastly, before you start the UCS Manager interface, have a look through the 'Hardware Catalog' and 'Start-up Inventory'. The Hardware Catalog contains details on the UCS hardware available and the Startup Inventory can be used to change the hardware available through the UCS Manager. You can leave these at the defaults as there is enough there to get started with the interface.

Now we can start the UCS Manager interface. Go back to 'UCS Manager', 'UCS Manager Home' and select 'Launch UCS Manager'. This will start a download of a JNLP (Java Network Launch Protocol) file which runs the UCS Manager interface. When prompted, login as 'config' and 'config'.

You should now see the UCS Manager interface (below) which you can use to get some familiarity with the UCS Manager interface or test configurations.

If you're not sure where to go from here, have a look at the UCS Configuration Guides from the Cisco site for ideas on what can be configured.

Links:
UCS Platform Emulator Guide - http://developer.cisco.com/web/unifiedcomputing/docs
UCS Configuration Guides - http://www.cisco.com/en/US/products/ps10281/products_installation_and_configuration_guides_list.html