Public Repository

Last pushed: 4 days ago
Short Description
Telemetry Receiver to handle switch data and send it to splunk, elasticsearch
Full Description

#Setup

##Example Configuration on Cisco Nexus 3000/9000
Below Configuration is monitoring Ethernet2/1 Interface counters and information is sent to the Telemetry Receiver at (172.31.219.148:50001)

telemetry
  destination-group 1
    ip address 172.31.219.148 port 50001 protocol gRPC encoding GPB 
  sensor-group 1
    path sys/intf/phys-[eth2/1]/dbgIfIn depth 0 
  sensor-group 2
    path sys/intf/phys-[eth2/1]/phys depth 0 
  subscription 1
    dst-grp 1
    snsr-grp 1 sample-interval 5000
  subscription 2
    dst-grp 1
    snsr-grp 1 sample-interval 0
!!! Configuration to stream MO and all it's children (Push all interface statistics every 30 seconds over GPRC)
telemetry
  destination-group 1
    ip address 172.31.219.148 port 50001 protocol gRPC encoding GPB 
  sensor-group 1
    path sys/intf depth unbounded
  subscription 1
    dst-grp 1
    snsr-grp 1 sample-interval 30000
!!! TLS secure configuration to stream MO and all it's children (Push all interface statistics every 30 seconds over GPRC)
telemetry
  certificate /bootflash/server.crt localhost
  destination-group 1
    ip address 172.31.219.148 port 50001 protocol gRPC encoding GPB 
  sensor-group 1
    path sys/intf depth unbounded
  subscription 1
    dst-grp 1
    snsr-grp 1 sample-interval 30000

#Telemetry Receiver

##1. Running Receiver and Forwarder

#####Pull the Receiver from Docker Hub

$docker pull dockercisco/telemetryreceiver:latest

#####Run the docker container

docker run –it –p <port mapping>:<port mapping> <image id> bash

#####Example

$sudo docker run -p 50001:50001 -it c7b476917147 bash

#####Change Directory To The Location Of The Receiver

$cd /grpc/telemetry/src

#####Start the Telemetry Receiver

./telemetry_receiver <port to listen on> <destination IP> <destination port> 1

#####Start the secure Telemetry Receiver

./telemetry_receiver <port to listen on> <destination IP> <destination port> 1 2 <server private key> <server public certificate>

#####Example

$./telemetry_receiver 50001 172.31.219.148 9200 1 
Enter Elasticsearch index[telemetry]: 
Enter Elasticsearch type[d852e3c1]: 
Index: telemetry type:d852e3c1
Server listening on 0.0.0.0:50003

The receiver is now listening on port 50001 and forwarding data to 172.31.219.148 on port 9200 in the above example.

#ELK Stack

$docker pull dockercisco/elklat

#####Run the docker container

docker run –it –p <port mapping>:<port mapping> -p <port mapping>:<port mapping> <image id> bash

#####Example
In this example, we map the Kibana and Elasticsearch ports on the host to the ports on the docker container

docker run -p 5601:5601 -p 9200:9200 -it 02ae097bd96d bash

#####Start both Elasticsearch and Kibana

$service elasticsearch start                                                                               
$service kibana start

##Kibana

Once Elasticsearch and Kibana are running

  1. In the server browser type http://localhost:5601 which will load kibana web page.

  2. Goto settings-->indices-->configure an index pattern.

  3. Type in your index name in the "index name or pattern" textbox. The forwarder above sends data to the index 'telemetry'
  4. If you have checked the "index contains time-based events" then select the respective "Time-field-event" (postDate) and click create. This will create the index in kibana with all the fields.
  5. Go to Discover and you should see the telemetry data streamed from the telemetry enabled switches in kibana.
  6. Now, go to Visualize and build visualizations based on the streaming telemetry configured on your devices.

#References
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x_chapter_011011.html

https://www.elastic.co/guide/en/kibana/current/index.html

Docker Pull Command
Owner
dockercisco