Are you looking to setup Smart Logging and Telemetry NetFlow (SLT) exports or to report on them? This blog covers how to enable SLT NetFlow exports.

Cisco SLT NetFlow Report

 


Smart Logging and Telemetry Overview

Smart logging provides a mechanism to capture and export packet flows based on predefined or user-configured triggers. Beginning with Cisco IOS Release 12.2(58)SE, the switch supports smart logging for these events:

  • DHCP snooping violations
  • Dynamic ARP inspection violations
  • IP source guard denied traffic
  • ACL permitted or denied traffic

How to Configure Smart Logging and Telemetry

Before you configure SLT, make sure you clearly understand step two in the configure Flexible NetFlow video.

SLT processing creates a NetFlow packet for the configured event and sends the packet to the external NetFlow collector. Smart logging counters reflect the number of packets that are logged. This number is the same as the number of packets sent to the collector if no packets are dropped between the switch and the NetFlow collector.

SLT Commands

You enable smart logging globally on the switch, and you can then configure specific events to be smart logged. See page 813 in this pdf on Cisco Smart Logging:

Configure terminal
logging smartlog
logging smartlog exporter export_to_scrutinizer    ;step to of setting up Flexible NetFlow (FnF)
logging smartlog packet capture size 1024
end
show logging smartlog

Smart Logging can be enabled for:

  • DHCP Snooping Violations
  • Dynamic ARP Inspection Violations
  • IP Source Guard Violations
  • Port ACL Deny or Permit Actions

With the above, you won’t actually get any Netflow.  You still need to do individual configurations on ACLs, DHCP snooping, ARP, DHCP… etc.

As a very  simple example, I create an ACL that permits any traffic:

access-list 1 permit any smartlog

Now I have to apply  this  to an interface

Interface gi1/0/0
   ip access-group 1 in

The above provides an SLT record for each ACL permit that is seen on that interface. A more likely scenario would be to get the “deny” records in an ACL.

I think this is a pretty cool feature and it beats the heck out of using syslog, plus we get part of the packet!

Struggling?  Contact us and we’ll help you get it configured.

Patti Angers author pic

Patricia

Patti is our International Partner Manager she assists International partners by driving marketing and sales plans from lead assignment through the sales cycle. Patti is also responsible to identify potential global markets to determine demand for partner management in those applicable areas. When Patti is not helping partners spread the Good news about how much Scrutinizer can help their customers she enjoys spending time with her children and grandchildren, evangelizing, hiking, fishing , beekeeping and gardening

Related

Leave a Reply