DS files contain XML data to specify the event description, and these files include CLI commands or scripts
to perform required actions. These files are digitally signed by Cisco or a third party to certify their integrity,
reliability, and security.
The structure of a DS file can be one of the following formats.
•
Metadata-based simple signature. This format specifies the event type and contains other information
that can be used to match the event and perform actions such as collecting information by using the CLI.
The signature can also change configurations on the device as a workaround for certain bugs.
•
Embedded Event Manager (EEM) Tool Command Language (Tcl) script-based signature. This format
specifies new events in the event register line and additional action in the Tcl script.
•
Combination of both the preceding formats.
The following basic information is contained in a DS file:
• ID (unique number)—unique key that represents a DS file that can be used to search a DS.
• Name (ShortDescription)—unique description of the DS file that can be used in lists for selection.
• Description—long description about the signature.
• Revision—version number, which increments when the DS content is updated.
• Event & Action—defines the event to be detected and the action to be performed after the event happens.
Diagnostic Signature Downloading
To download the diagnostic signature (DS) file, you require the secure HTTP (HTTPS) protocol. If you have
already configured an email transport method to download files on your device, change your assigned profile
transport method to HTTPS to download and use DS.
Cisco software uses a PKI Trustpool Management feature. The PKI Trustpool Management is enabled by
default on devices to create a scheme to provision, store, and manage a pool of certificates from known
certification authorities (CAs). The trustpool feature installs the CA certificate automatically. The CA certificate
is required for the authentication of the destination HTTPS servers.
There are two types of DS update requests to download DS files: regular and forced-download.
Regular download requests DS files that were recently updated. You can trigger a regular download request
either by using a periodic configuration or by initiating an on-demand CLI. The regular download update
happens only when the version of the requested DS is different from the version of the DS on the device.
Periodic download is only started after there is any DS assigned to the device from DS web portal. After the
assignment happens, the response to the periodic inventory message from the same device will include a field
to notify device to start its periodic DS download or an update. In a DS update request message, the status
and revision number of the DS is included such that only a DS with the latest revision number is downloaded.
Forced-download downloads a specific DS or a set of DSes. You can trigger the forced-download update
request only by initiating an on-demand CLI. In a force-download update request, the latest version of the DS
file is downloaded irrespective of the current DS file version on the device.
The DS file is digitally signed, and signature verification is performed on every downloaded DS file to make
sure it is from a trusted source.
Cisco cBR Series Converged Broadband Routers Troubleshooting and Network Management Configuration
Guide for Cisco IOS XE Fuji 16.8.x
30
Call Home
Information About Diagnostic Signatures
To Next Page
Loading...
Need help?
General
