Task 4—Using Syslog, NTP, and Modem Call Records to Isolate and Troubleshoot Faults

About NTP

About NTP

The Network Time Protocol (NTP):

Provides a synchronized time base for networked routers, servers, and other devices.

Coordinates the time of network events, which helps you understand and troubleshoot the time sequence of network events. For example, call records for specific users can be correlated within one millisecond.

Enables you to compare time logs from different networks, which is essential for:

`Tracking security incidents

`Analyzing faults

`Troubleshooting

Without precise time synchronization between all the various logging, debug output, management, and AAA functions in the network, you cannot make time comparisons.

For a list of NTP clients, go to http://www.eecis.udel.edu/~ntp/software.html

About Modem Call Records

A modem call record (MCR) is a type of syslog message that is:

Created when a user dials in and hangs up, but it is not generated until the end of the call.

Used to gather statistics and modem-performance logs on a per-call basis, such as:

`Modulation trends (V.90 verses V.34).

`Call time durations (consistent short connection times on a modem, regular Lost Carrier counts).

`Unavailable user IDs.

`PPP negotiation or authentication failures.

In this case study, the engineers filter modem call records out of syslog and store them into flat files on a Unix host. The records are sorted by using cron jobs and perl scripts. A web-based MCR viewer facility is used to:

Search the call records.

Extract historical and statistical information about individual users and access servers.

Basic Dial NMS Implementation Guide

$'

Page 69
Image 69
Cisco Systems Dial NMS manual About NTP, About Modem Call Records