##
Monitoring & Management
Keeping the network observable: collecting metrics, logs and flows — and measuring against an SLA.
| Tool | Port | What it does |
|---|
| SNMP | 161 / 162 | Poll metrics & receive traps (MIB / OID) |
| Syslog | 514 | Centralized event logging (severity 0–7) |
| NetFlow / IPFIX | — | Flow records: who talked to whom |
| sFlow | — | Sampled flow export |
| NTP | 123 | Time sync — vital for logs & certs |
| SPAN / mirror | — | Copy port traffic to an analyzer |
// syslog severity
| 0 | Emergency |
| 1 | Alert |
| 2 | Critical |
| 3 | Error |
| 4 | Warning |
| 5 | Notice |
| 6 | Informational |
| 7 | Debug |
// SLA → downtime / yr
| 99% | 3.65 days / yr |
| 99.9% | 8.77 h / yr |
| 99.99% | 52.6 min / yr |
| 99.999% | 5.26 min / yr |
// facts
- Baseline normal behaviour to spot anomalies
- MTBF = reliability · MTTR = repair speed
- Observability = metrics + logs + traces
- SLA defines the uptime you promise/consume
// SNMP versions
| v1 | Cleartext community string; no integrity |
| v2c | Adds bulk gets; still a cleartext community |
| v3 | Auth + privacy (encryption) + integrity — use this |
// flow & capture
| NetFlow | Cisco flow records (v5/v9) — who talked to whom |
| IPFIX | IETF standard based on NetFlow v9 |
| sFlow | Packet sampling in switch ASICs — scalable |
| SPAN / mirror | Copy a port / VLAN to an analyzer |
snmpv3 + syslog + netflow · cisco ios
! SNMPv3 (auth + privacy)
snmp-server group NETADM v3 priv
snmp-server user mon NETADM v3 auth sha <key> priv aes 128 <key>
snmp-server host 10.0.0.50 version 3 priv mon
!
! Syslog + NTP
logging host 10.0.0.50
logging trap informational
service timestamps log datetime msec
ntp server 10.0.0.1
!
! NetFlow export
ip flow-export version 9
ip flow-export destination 10.0.0.50 2055
interface Gi0/0
ip flow ingress
verify
show snmp
show logging
show ntp status
show ip cache flow