cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1778
Views
14
Helpful
0
Comments
aeguiart
Cisco Employee
Cisco Employee

Tool available at: https://cway.cisco.com/tools/NxosLogFinder/

Description:

The nxoslogfinder tool finds event logs inside a `show tech-support` (including feature show techs) output or any output of an NXOS command from a Nexus platform within a time range (between a start timestamp and an end timestamp) and provides the event logs found in two different reports:

  • NXOS Log Report
  • Chronological NXOS Log Report

Features

  • The timestamp range may include Year, Month, Day and Time (including microseconds).
  • Keyword Search for Well-Known Patterns Logs with known keywords such as 'FSM' or 'Module' are added to the NXOS Log Report for better readability
  • Merged Chronological report
    • If the merge_chono option is checked the script will merge the chronological reports from all files found in the archive. Every command found will have the hostname of the Nexus switch prepended to it.
  • Supported files: show tech-support and non-show tech-support outputs
  • Supported formats: gz, tar, tgz, rar, zip, txt
  • Supports Complete or Partial NXOS commands (like 'sh ver')
  • Recognizes most event logs from all Nexus platforms
  • Optionally the user can specify how many event logs per show command are to be captured and how many context lines per event log will be saved.
  • Returns:
    • A hyperlink to download the NXOS Log Report.
    • A hyperlink to download the Chronological NXOS Log Report
    • A hyperlink to download the Merged Chronological NXOS Log Report (if checked)
    • On-screen view of the NXOS Log Reports

NXOS Log Reports

Both types of NXOS Log Reports include the following:

  • NXOS Command under which the event logs with a timestamp within the specified time range were found
  • Event Logs with a timestamp in specified time range
  • Context Log lines (before and after each event log with a timestamp in specified time range)
  • The Chronological NXOS Log Report is the same NXOS Log Report but in chronological order and it includes a normalized timestamp for each log found.

Use Cases

  • Find all event logs that occurred around the time of hardware failures of the following events that occurred on a Nexus switch including:
    • A crash, reset or failure of a Supervisor, Linecard Module, Fabric Module, PSU, Fan and any other component reporting event logs to the Nexus sysmgr. This is particularly useful when it is important to determine if there is a hardware or a software failure at hand.
    • A restart, crash or panic of a NXOS Process:
  • Find all event logs around the time of a network outage in order to find an RCA for a problem. The investigation usually starts with a timestamp for events like the start of a Spanning-tree loop, a drop of an interface, drop/flap of a protocol (routing protocol, HSRP).
    • The nxoslogfinder tool allows the user to merge the logs found from various files in an archive (tar, gz, zip, 7z) which may belong to different Nexus switches involved in an outage.
    • The Chronological NXOS Log Report can be used to correlate the events from the different NXOS components. This feature is specially useful when understanding the sequence of events is critical.
  • Although `show tech-support` files provide valuable information for diagnosing a failure, it is known the size could range from a few MB to hundreds of MB and may approach or even exceed 1GB for a fully loaded Nexus 7000 or Nexus 9500. Therefore, reviewing these files manually by using the search features in Notepad or TextWrangler or using grep in Unix/Linux for finding patterns is a time consuming task.
    • The nxoslogfinder tool makes it easy and fast to correlate event logs from multiple `show tech` and from multiple Nexus platforms.
    • The chronological order of the event logs can be generated facilitating the analysis when the sequence of events is important

Technology

The nxoslogfinder can be used to filter and find logs within show tech-support and also non-show tech-support outputs from any Nexus Platforms used in the Data Center including: Nexus 3000, Nexus 5000, Nexus 5600/Nexus 6000, Nexus 7000 and Nexus 9000.

Tool Developers:

  • Ryan Bolenbaugh - High Touch Engineer, FTS
  • Nikolay Karpyshev - Customer Support Engineer, TAC
  • Alejandro Eguiarte - Technical Leader, Services.

Guidelines

 When using the nxoslogfinder tool on CCO or the development site the following would be the minimum necessary to parse a file:

  • Provide a file with the `show tech-support` output or a file with miscellaneous NXOS commands
  • Enter the desired Start and End Timestamps

The rest of the parameters are optional:

  • Maximum Number of Timestamp Logs. The default is 5 log lines with a timestamp.
  • Maximum Number of Context Logs Before TS. The default is 2 log lines before a timestamp within the specified range.
  • Maximum Number of Context Logs After TS. The default is 5 log lines after a timestamp within the specified range.
  • Keywords. List of relevant characters to find. The default is none.
  • Merge Chrono. If enabled, the tool will generate a Chronological NXOS Log Report merging all Timestamp Logs found from all Nexus switches detected.

Here is a sample output of the tool after parsing is completed:

Feedback

Your feedback is valuable to help us improve the tool. Please do not hesitate in adding a comment using the icon in the upper right corner of this page.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: