Are you looking to setup Smart Logging and Telemetry NetFlow (SLT) exports or to report on them? This blog covers how to enable SLT NetFlow exports.
Smart Logging and Telemetry Overview
Smart logging provides a mechanism to capture and export packet flows based on predefined or user-configured triggers. Beginning with Cisco IOS Release 12.2(58)SE, the switch supports smart logging for these events:
- DHCP snooping violations
- Dynamic ARP inspection violations
- IP source guard denied traffic
- ACL permitted or denied traffic
How to Configure Smart Logging and Telemetry
Before you configure SLT, make sure you clearly understand step two in the configure Flexible NetFlow video.
SLT processing creates a NetFlow packet for the configured event and sends the packet to the external NetFlow collector. Smart logging counters reflect the number of packets that are logged. This number is the same as the number of packets sent to the collector if no packets are dropped between the switch and the NetFlow collector.
You enable smart logging globally on the switch, and you can then configure specific events to be smart logged. See page 813 in this pdf on Cisco Smart Logging:
logging smartlog exporter export_to_scrutinizer ;step to of setting up Flexible NetFlow (FnF)
logging smartlog packet capture size 1024
show logging smartlog
Smart Logging can be enabled for:
- DHCP Snooping Violations
- Dynamic ARP Inspection Violations
- IP Source Guard Violations
- Port ACL Deny or Permit Actions
With the above, you won’t actually get any Netflow. You still need to do individual configurations on ACLs, DHCP snooping, ARP, DHCP… etc.
As a very simple example, I create an ACL that permits any traffic:
access-list 1 permit any smartlog
Now I have to apply this to an interface
ip access-group 1 in
The above provides an SLT record for each ACL permit that is seen on that interface. A more likely scenario would be to get the “deny” records in an ACL.
I think this is a pretty cool feature and it beats the heck out of using syslog, plus we get part of the packet!
Struggling? Contact us and we’ll help you get it configured.