Displaying System Statistics on a Switch

You display system statistics on a server-switch using the system-stats-show command:

CLI network-admin@@Leaf1>system-stats-show layout vertical

switch:            Leaf-ONVL

uptime:            1h22m26s

used-mem:          27%

used-swap:         0%

swap-scan:         0

cpu-user:          0%

cpu-sys:           1%

cpu-idle:          98%

 

The swap-scan output displays the number of scans performed on the swap. A nonzero number indicates that memory is paged from the physical memory (RAM) to virtual memory (disk or swap). A consistently high value indicates that all memory, both physical and virtual, is exhausted and the system may stop responding.

Exceptions for Audit Logging

New commands log-audit-exception-create, log-audit-exception-delete, and log-audit-exception-show are used to control which CLI, shell and vtysh commands are subject to auditing. If a command is subject to auditing, the command is logged in the audit log and sent to the TACACS+ server as authorization and accounting messages.

CLI network-admin@Spine1>log-audit-exception-create

 

Create an audit logging exception.

cli|shell|vtysh

Specify the type of audit exception.

pattern pattern-string

Specify a regular expression to match exceptions.

any|read-only|read-write

Specify the access type to match exceptions.

scope local|fabric

Specify the scope of exceptions.

CLI network-admin@Spine1>log-audit-exception-delete

 

Delete an audit logging exception.

cli|shell|vtysh

Specify the type of audit exception.

pattern pattern-string

Specify a regular expression to match exceptions.

any|read-only|read-write

Specify the access type to match exceptions.

CLI network-admin@Spine1>log-audit-exception-show

 

Display audit logging exceptions.

cli|shell|vtysh

Display the type of audit exception.

pattern pattern-string

Display a regular expression to match exceptions.

any|read-only|read-write

Display the access type to match exceptions.

scope local|fabric

Display the scope of exceptions.

By default, every command is audited except for read-only CLI commands and ^/usr/bin/nvmore which is the pager for the Netvisor CLI:

CLI (network-admin@switch) > log-audit-exception-show

switch type  pattern          access    scope

------ ----- ---------------- --------- -----

switch cli                    read-only local

switch shell ^/usr/bin/nvmore any       local

 

To enable auditing of ALL CLI commands, you can delete the cli/read-only exception:

CLI (network-admin@switch) > log-audit-exception-delete cli read-only

Modifying User Roles to Allow Shell Access

You can add privileges to a user by adding new parameters available for roles. To add shell access to a user’s role, use the following syntax:

name name-string

Specify a name for the user role.

scope local|fabric

Specify a scope for the user role.

One or more of the following options:

access read-only|read-write

Specify the type of access for the user role. The default is read-write.

running-config|no-running-config   

Specify if the user role allows access to the switch running configuration.

shell|no-shell

Specify if the user role allows access to the shell.

sudo|no-sudo

Specify if the user role allows the sudo command.

 

The new parameters are also available for the role-modify command.

 

Configuring SNMP

Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health of network equipment such as routers, computer equipment and even devices such as UPS. SNMP v1, v2, and v3 are supported in Netvisor. The SNMP daemon runs as a service and is launched by using the following command:

CLI network-admin@@Leaf1>admin-service-modify if mgmt snmp

This command launches the daemon, sub-agents, and opens the firewall so that remote queries can reach the daemon.