Task 4Using Syslog, NTP, and Modem Call Records to Isolate and Troubleshoot Faults
About NTP
$'
Basic Dial NMS Implementation Guide
About NTP
The Network Time Protocol (NTP):
Provides a synchronized time base for networked routers, servers, and other devices.
Coordinates the time of network events, which helps you understand and troubleshoot the time
sequence of network events. For example, call records for specific users can be correlated within
one millisecond.
Enables you to compare time logs from different networks, which is essential for:
`
Tracking security incidents
`
Analyzing faults
`
Troubleshooting
Without precise time synchronization between all the various logging, debug output, management,
and AAA functions in the network, you cannot make time comparisons.
For a list of NTP clients, go to http://www.eecis.udel.edu/~ntp/software.html
About Modem Call Records
A modem call record (MCR) is a type of syslog message that is:
Created when a user dials in and hangs up, but it is not generated until the end of the call.
Used to gather statistics and modem-performance logs on a per-call basis, such as:
`
Modulation trends (V.90 verses V.34).
`
Call time durations (consistent short connection times on a modem, regular Lost Carrier
counts).
`
Unavailable user IDs.
`
PPP negotiation or authentication failures.
In this case study, the engineers filter modem call records out of syslog and store them into flat files on
a Unix host. The records are sorted by using cron jobs and perl scripts. A web-based MCR viewer
facility is used to:
Search the call records.
Extract historical and statistical information about individual users and access servers.