Cisco Systems CSR 1000V Diagnostic Signatures Overview, Diagnostic Signature Downloading

12-31

Cisco CSR 1000V Series Cloud Services Router Software Configuration Guide

OL-27477-07

Chapter12 Configuring Call Home for the Cisco CSR 1000V

Configuring Diagnostic Signatures

Diagnostic Signatures Overview

Diagnostic signatures (DS) for the Call Home system provides a flexible framework that allows the

defining of new events and corresponding CLIs that can analyze these events without upgrading the

Cisco software.

DSs provide the ability to define more types of events and trigger types than the standard Call Home

feature supports. The DS subsystem downloads and processes files on a device as well as handles

callbacks for diagnostic signature events.

The Diagnostic Signature feature downloads digitally signed signatures that are in the form of files to

devices. DS files are formatted files that collate the knowledge of diagnostic events and provide methods

to troubleshoot these events.

DS files contain XML data to specify the event description, and these files include CLI commands or

scripts to perform required actions. These files are digitally signed by Cisco or a third party to certify

their integrity, reliability, and security.

The structure of a DS file can be one of the following formats:

•Metadata-based simple signature that specifies the event type and contains other information that

can be used to match the event and perform actions such as collecting information by using the CLI.

The signature can also change configurations on the device as a workaround for certain bugs.

•Embedded Event Manager (EEM) Tool Command Language (Tcl) script-based signature that

specifies new events in the event register line and additional action in the Tcl script.

•Combination of both the formats above.

The following basic information is contained in a DS file:

•ID (unique number): unique key that represents a DS file that can be used to search a DS.

•Name (ShortDescription): unique description of the DS file that can be used in lists for selection.

•Description: long description about the signature.

•Revision: version number, which increments when the DS content is updated.

•Event & Action: defines the event to be detected and the action to be performed after the event

happens.

Diagnostic Signature Downloading

To download the diagnostic signature (DS) file, you require the secure HTTP (HTTPS) protocol. If you

have already configured an email transport method to download files on your device, you must change

your assigned profile transport method to HTTPS to download and use DS.

Cisco software uses a PKI Trustpool Management feature, which is enabled by default on devices, to

create a scheme to provision, store, and manage a pool of certificates from known certification

authorities (CAs). The trustpool feature installs the CA certificate automatically. The CA certificate is

required for the authentication of the destination HTTPS servers.

There are two types of DS update requests to download DS files: regular and forced-download. Regular

download requests DS files that were recently updated. You can trigger a regular download request either

by using a periodic configuration or by initiating an on-demand CLI. The regular download update

happens only when the version of the requested DS is different from the version of the DS on the device.

Periodic download is only started after there is any DS assigned to the device from DS web portal. After

the assignment happens, the response to the periodic inventory message from the same device will