Cisco Unified Border Element (CUBE)

If you use CUBE in your environment then you can absolutely pull this data into our app today and use it to troubleshoot calls and build reports. 

In the more specific case where your calls travel directly from CUBE to CUCM, the app will actually stitch the records together. the end result is almost as though the CUBE legs were just additional legs in the CallManager CDR. 

One note on SFTP vs FTP: If your CUBE version is 14.6 or newer, you will be able to use SFTP (as specified below). If however you have an older CUBE version that’s OK — just contact us and we can walk you through the older FTP steps. 

Steps to configure the file accounting server

Log into the router with an account with administrative permissions. Then, run the below listed commands to set up gw-accounting to file, change the cdr-format to ​“detailed”, configure the FTP server information, and tell the system to flush new data to file once per minute. 

In the below, adjust 10.0.0.1 to be the IP/​dns name of your ftp server and the sftpusername and sftppassword to be the username and password for the ftp user. The cube_​ that’s after the IP address in the example is quite important and should not be omitted. It is there to ensure that the filenames are prefixed with the word ​“cube” so we can more easily identify them in the next step, creating the input.

enable
configure terminal
gw-accounting file
cdr-format detailed
primary sftp 10.0.0.1/cube_ username sftpusername password sftppassword
maximum cdrflush-timer 1
end

This configuration accepts many of the default settings for buffer sizes and the number of reattempts. If you have any troubles at this layer, or if you’d like to confirm those settings more thoroughly, please see Cisco’s documentation on configuring file accounting.

Create a new Splunk input

We will now create a new ​“batch” input for the CUBE CDR files, similar to the ones you created for CUCM CDR and CMR.

Important note: this input will be set up to delete the files from disk as they go into Splunk. If you need this to not happen, please see the notes at the end of this section.

All these steps happen in your FTP server’s Splunk Universal Forwarder’s configuration files:

1) Create the monitor input by adding this config to an inputs.conf file located at “$SPLUNK_​HOME/​etc/​apps/​TA_​cisco_​cdr/​local/inputs.conf”. This file should exist already, but if it does not, you may need to create the folder ​“local” and the file itself. Make sure the user Splunk runs under has permissions to this file and folder.

If your Universal Forwarder is on Windows, the contents of your inputs.conf will look like this:

[batch://D:\path\to\files\cube_*]
index = cisco_cdr
sourcetype = cube_cdr
move_policy = sinkhole

If your Universal Forwarder is on Linux or Unix, the input will look like this:

[batch:///path/to/files/cube_*] 
index = cisco_cdr
sourcetype = cube_cdr 
move_policy = sinkhole 

It is critical that no mistakes be made here. Only the path (after ​“batch://”) and possibly the index need editing. All else should be left exactly as it is. Use the examples as a reference to make sure you are using the right number and direction of slashes/​backslashes, too. 

NOTE: As mentioned above, this is a sinkhole input, and it will delete each file matching the filename ube_​* as it indexes it. Any existing csv files that exist in this directory that start with cube_​will be indexed and deleted almost immediately, and any new files written to here will be indexed and deleted as they arrive. If you have other intentions for these files besides putting them in Splunk, please contact us, and we can help you come up with another solution.

Next Steps

Contact us to set up a Webex! We can help confirm everything is working properly and help you start using this data.

If you have any comments at all about the documentation, please send them to docs@​sideviewapps.​com.