Tag Archives: Logging

Notas Estudo BCVRE 170-010 parte 4

Chapter 9 Logging

Logging Basics

As Log messages são guardadas /var/log/messages, quando o ficheiro atinge 500kb
renomeia-o para messages.0 e abre um novo ficheiro.

O vRouter mantém os logs separados para bootup messages, PPP connection setup, IPsec connection setup, e outras features

[email protected]:~$ show log | match ERROR | more
May 16 13:30:50 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 16 13:31:20 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 18 00:10:55 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#1043:sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument

show log all
!Mostra as ultimas 10 entradas
show log tail

Feature-Specific Logging

Actvar o debugging

[email protected]:~$ monitor protocol ospf enable ?
Possible completions:
database-timer
Enable OSPF database-timer debugging
events        Enable OSPF event packet debugging
ifsm          Enable OSPF ifsm debugging
lsa           Enable OSPF lsa debugging
nfsm          Enable OSPF nfsm debugging
nsm           Enable OSPF nsm debugging
packet        Enable OSPF packet debugging
route         Enable OSPF route debugging

[email protected]:~$ monitor protocol ospf enable events ?
Possible completions:
<Enter>       Execute the current command
abr           Enable OSPF abr event debugging
asbr          Enable OSPF asbr event debugging
lsa           Enable OSPF lsa event debugging
nssa          Enable OSPF nssa event debugging
os            Enable OSPF os event debugging
router        Enable OSPF router event debugging
vlink         Enable OSPF vlink event debugging

Para realizar logs de tráfego em transito (NAT,Firewall,etc) é preciso activar o log nas respectivas rules

[email protected]# set nat source rule 10 log enable

As entradas sao guardadas em /var/log/messages

Monitor Real-Time

Monitorizar em real-time

monitor protocol ospf
monitor nat source

Crtl-C para sair da captura

Sample Log Output

OSPF Hello packets:

[email protected]:~$ monitor protocol ospf enable packet hello
[email protected]:~$ monitor protocol ospf
Apr  5 20:30:51 vRouter ospfd[1949]: Hello received from [172.24.42.53] v
[eth2:192.168.13.1]
Apr  5 20:30:51 vRouter ospfd[1949]:  src [192.168.13.3],
Apr  5 20:30:51 vRouter ospfd[1949]:  dst [224.0.0.5]
Apr  5 20:30:51 vRouter ospfd[1949]: Packet 172.24.42.53 [Hello:RECV]:
Options *|-|-|-|-|-|E|*
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth1:192.168.12.1
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth2:192.168.13.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth1:192.168.12.1].
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth3:192.168.101.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth2:192.168.13.1].
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth3:192.168.101.1].

NAT packets:

[email protected]# set nat source rule 30 log enable

[email protected]# run show log nat
Apr  5 18:17:01 vRouter kernel: [595980.330716] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=52504 PROTO=UDP SPT=7172 DPT=64544 LEN=36
Apr  5 18:17:01 vRouter kernel: [595980.341042] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=16918 PROTO=UDP SPT=7172 DPT=64545 LEN=36
Output omitted

Chapter 10 OSPF Single-Area

Configuring OSPF

[email protected]# show protocols ospf
area 0 {
network 10.1.1.0/24
network 10.10.1.0/24
network 10.10.2.0/24
}

[email protected]# show protocols
ospf {
area 0 {
network 10.0.0.0/8
}
default-information {
originate {
}
}
passive-interface eth1
passive-interface eth2
}

Verifying OSPF Operations

[email protected]:~$ show ip route
Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter
area
> – selected route, * – FIB route, p – stale info
Gateway of last resort is not set
O       10.1.1.0/24 [110/1] is directly connected, eth1, 00:02:57
C    *> 10.1.1.0/24 is directly connected, eth1
O    *> 10.2.1.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.2.2.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.3.1.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O    *> 10.3.2.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O       10.10.1.0/24 [110/1] is directly connected, eth2, 00:02:57
Output omitted

[email protected]:~$ show ip ospf neighbors
OSPF Process 0:
Neighbor ID     Pri State           Dead Time Address         Interface
172.24.42.52      1 Full/DR           31.721s 10.10.1.2       eth1
172.24.42.53      1 Full/DR           35.533s 10.10.2.2       eth2

[email protected]:~$ show ip ospf database
OSPF Router with ID (172.24.42.51) (Process ID 0)
Router Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum  Link count
172.24.42.51    172.24.42.51     869 0x80000005 0x1d44 3
172.24.42.52    172.24.42.52     884 0x80000005 0x84f7 3
172.24.42.53    172.24.42.53     836 0x80000005 0xe555 4
Net Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum
10.10.1.1       172.24.42.51     918 0x80000001 0x04a5
10.10.2.1       172.24.42.51     869 0x80000001 0x07a0
AS External Link States
Link ID         ADV Router      Age  Seq#       CkSum  Route              Tag
0.0.0.0         192.168.200.1     10 0x80000002 0xa3f1 E2 0.0.0.0/0       254

[email protected]:~$ show ip ospf database router 172.24.42.51
OSPF Router with ID (192.168.200.1) (Process ID 0)
Router Link States (Area 0.0.0.0)
LS age: 1587
Options: 0x2 (-|-|-|-|-|-|E|-)
Flags: 0x0
LS Type: router-LSA
Link State ID: 192.168.200.1
Advertising Router: 192.168.200.1
LS Seq Number: 80000005
Checksum: 0x1d44
Length: 60
Number of Links: 3
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.1.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.1.1
(Link Data) Router Interface address: 10.10.1.1
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.2.1
(Link Data) Router Interface address: 10.10.2.1
Number of TOS metrics: 0
TOS 0 Metric: 1

Referências:

Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Notas Estudo BCVRE 170-010 parte 3

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Notas estudo JNCIA-Junos parte 3

Interface Overview

fxp0 e me0 para management

fxp1 e em0 para a internal (interligação entre o Control e Forwarding Plane)

Interface Naming

es: Encryption interface;
gr: Generic route encapsulation tunnel interface;
ip: IP-over-IP encapsulat ion tunnel interface;
ls: Link services interface;
ml: Multilink interface;
mo: Passive monitoring interface;
mt: Multicast tunnel interface;
sp: Adaptive services interface;
vt: Virtual loopback tunnel interface.
lo0 : Loopback interface;
ae: Aggregated Ethernet interface;
as : Aggregated SONET interface;
vlan : VLAN interface

Algumas das interfaces internas criadas (não configuráveis)pelo JunOS:
• gre
• mtun
• ipip
• tap

FPC – Flexible PIC Concentrator
Line card (FPC) slot number
Interface card (PIC) slot number
Nota: A numberacao dos slots/portas comeca em 0
ge-0/2/3 = porta 3 na PIC slot 2 na PFC slot 0

Logical Units

Consideradas como subinterfaces, podem ter mais do que uma family pexemplo inet e inet6

Configurar Autenticação

Suporta Radius e Tacacs+

Definir uma class com privilégios

Existem 4 class por defeito operator,read-only,super-user e unauthorized
Um user só pode ser atribuído a uma class

set system login class juniper permissions reset permissions view permissions view-configuration
set system login user walter class juniper

Nota: A permissão de reset permite reiniciar processos, mas não fazer reboot pexemplo

[email protected]> show configuration
## Last commit: 2014-05-25 17:11:18 WEST by root
version /* ACCESS-DENIED */;
/* nao mudem o NTP */
system { /* ACCESS-DENIED */ };
/* n mudem interface */
interfaces { /* ACCESS-DENIED */ };
protocols { /* ACCESS-DENIED */ };

Definição do Radius Server

[email protected]#  set system radius-server 10.10.10.10  secret  Juniper
[edit]
[email protected]#  set system authentication-order radius tacplus+
[edit]
[email protected]#  commit

Pelo menos um dos métodos de authentication-order deve responder (alive), caso contrário é feita autenticação local

R1 (ttyp0)

login: nancy
Password:
Local password:

Logging

By default o ficheiro de logging primário e /var/messages

O syslog pode ser definido através dos comandos:

edit system syslog
edit routing-options options syslog

set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file config-changes change-log info
set system syslog host 10.1.1.1 any notice
set system syslog host 10.1.1.1 authorization info

Interpretar as mensagens do syslog

Timestamp, Host , Process ou PID , message code, message text

May 26 14:27:17  R1 mgd[1366]: UI_COMMIT_PROGRESS: Commit operation in progress:  notifying eventd(80)
commit complete

Para incluir a Severity é necessário configurar o comando explicit-priority
set system syslog file messages explicit-priority

May 26 14:38:13  R1 mgd[1366]: %INTERACT-6-UI_COMMIT_PROGRESS: Commit operation in progress: notifying daemons of new configuration

É possível obter ajuda na interpretação de uma mensagem de log através da própria CLI

[email protected]# help syslog UI_COMMIT_PROGRESS
Name:          UI_COMMIT_PROGRESS
Message:       Commit operation in progress:
Help:          mgd recorded step in commit operation
Description:   As it performed a commit operation, the management process (mgd)
recorded its execution of the indicated step.
Type:          Event: This message reports an event, not an error
Severity:      info

Traceoptions

*Equivalente ao Debug em Cisco*

O JunOS permite enviar o tracing para ficheiro/syslog

Para redefinir um syslog server diferente usar:

set system tracing destination-override syslog host 10.1.1.2

Exemplo Tracing Hello OSPF

O size pode ser representado por K,M,G indicando (KB, MB e GB)
Cao o trace exceda o size, o ficheiro é divido no numero de ficheiros indicados começando em trace-file.0 trace-file.1 …

set protocols ospf traceoptions file ospf-trace
set protocols ospf traceoptions file size 128m
set protocols ospf traceoptions file files 10
set protocols ospf traceoptions file world-readable
set protocols ospf traceoptions flag hello detail
set protocols ospf traceoptions flag error detail
set protocols ospf traceoptions flag event detail

[email protected]# run file show /var/log/ospf-trace
May 26 14:52:47 trace_on: Tracing to “/var/log/ospf-trace” started
May 26 14:52:47.821578 Interface em5.101 area 0.0.0.0 event NeighborChange
May 26 14:52:47.835103 IFL em5.32767 iflchange 0x0
May 26 14:52:47.836167 IFL em5.110 iflchange 0x0
May 26 14:52:47.836334 IFL em5.102 iflchange 0x0
May 26 14:52:47.836498 IFL em5.101 iflchange 0x0
May 26 14:52:47.836643 IFL em5.0 iflchange 0x0
May 26 14:52:47.836793 IFL lo0.16385 iflchange 0x0
May 26 14:52:47.836891 IFL lo0.16384 iflchange 0x0
May 26 14:52:47.837115 IFL lo0.0 iflchange 0x0
*
*(omitido)
*
May 26 14:52:47.867410 OSPF updated PPM interface IFL 84, addr 172.20.110.1, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0
May 26 14:52:47.867614 OSPF cannot stop xmit from 172.20.101.1 to 224.0.0.5 (IFL 82, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0)
May 26 14:52:47.867816 OSPF cannot stop xmit from 172.20.110.1 to 224.0.0.5 (IFL 84, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0)
May 26 14:52:47.868182 OSPF cannot stop xmit from 172.20.101.1 to 224.0.0.5 (IFL 82, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0)
May 26 14:52:47.873156 OSPF cannot stop xmit from 172.20.110.1 to 224.0.0.5 (IFL 84, area 0.0.0.0, ID 0.0.0.0, rtbl idx 0)

Operadores AND e OR

Operador AND
[email protected]# run show log messages | find “May 26” | match “error”

Operador OR
[email protected]# run show log messages | match “May 26” | match “error|kernel”

Monitorizar as mensagens de log
[email protected]>  monitor start messages | match fail

Parar de receber mensagens
[email protected]>  monitor stop

NTP

set system ntp server 10.10.10.10
set system ntp boot-server 10.10.10.10

[email protected]# run show ntp associations
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*10.10.10.10         .INIT.          16 –  395 1024    0    0.000    0.000 4000.00

O * significa que é o host selecionado para sincronização
Archiving

Realizar backups via FTP/SCTP da configuração após commit, o uso de vários destinos permite  que caso o site primário falhe seja usado o 2 site e assim em diante

set system archival configuration transfer-on-commit
set system archival configuration archive-sites “ftp://[email protected]:/archive” password #FAZER!SEMPRE_BACKUP#
set system archival configuration archive-sites “sctp://[email protected]:/archive” password #FAZER!SEMPRE_BACKUP#

[email protected]# commit
[email protected]# run show log messages | match ftp
May 26 16:11:40  R1 fetch: %DAEMON-3: fetch: ftp://[email protected]:*: No route to host

As copias dos ficheiros são guardadas em /var/transfer/config

[email protected]# run file list /var/transfer/config/ detail

/var/transfer/config/:
total 28
-rw-r—–  1 root  wheel       1101 May 26 16:10 R1_juniper.conf.gz_20140526_151053
-rw-r—–  1 root  wheel       1101 May 26 16:11 R1_juniper.conf.gz_20140526_151127
-rw-r—–  1 root  wheel       1101 May 26 16:12 R1_juniper.conf.gz_20140526_151206
-rw-r—–  1 root  wheel       1101 May 26 16:12 R1_juniper.conf.gz_20140526_151254
-rw-r—–  1 root  wheel       1187 May 26 16:23 R1_juniper.conf.gz_20140526_152319

Para realizar backups regulares da config usar:

Nota: A cada 24 Horas (1440 minutos)

set system archival configuration transfer-interval 1440

SNMP

set snmp location LISDC-Rack122
set snmp contact “ip@cocheno.com”
set snmp community JUNIPER
set snmp trap-options source-address lo0
set snmp trap-group group-SNMP categories link
set snmp trap-group group-SNMP categories routing
set snmp trap-group group-SNMP targets 10.10.10.10
set snmp trap-group group-SNMP targets 10.10.10.11
set snmp trap-group group-SNMP version v2
set snmp community JUNIPER clients 192.168.20.0/24

Efetuar uma snmp walk (permite fazer decimal e ascii)

[email protected]> show snmp mib walk jnxOperatingDescr
jnxOperatingDescr.1.1.0.0 = midplane
jnxOperatingDescr.2.1.0.0 = PEM 0
jnxOperatingDescr.4.1.0.0 = SRX240 PowerSupply fan 1

Referências:

Notas estudo JNCIA-Junos parte 1

Notas estudo JNCIA-Junos parte 2