telemetry-ops

Name: telemetry-ops
Author: automateyournetwork/netclaw

$npx mdskill add automateyournetwork/netclaw/telemetry-ops

Collects network telemetry via syslog, SNMP, IPFIX, and gNMI for unified monitoring

Enables comprehensive network monitoring across multiple telemetry protocols
Leverages syslog, SNMP traps, IPFIX/NetFlow, and gNMI for data collection
Aggregates and correlates events from diverse telemetry sources
Provides a unified interface for analyzing network health and behavior

SKILL.md

.github/skills/telemetry-opsView on GitHub ↗

---
name: telemetry-ops
description: "Comprehensive network telemetry and event collection across multiple protocols."
version: 1.0.0
license: Apache-2.0
author: netclaw
tags: []
---

# Unified Telemetry Operations Skill

Comprehensive network telemetry and event collection across multiple protocols.

## Skill ID

`telemetry-ops`

## Description

This meta-skill provides a unified interface to all NetClaw telemetry receivers: syslog, SNMP traps, IPFIX/NetFlow, and gNMI streaming telemetry. It enables holistic network monitoring by aggregating events from multiple sources.

## When to Use

- Setting up comprehensive network monitoring across multiple telemetry types
- Correlating events across syslog, SNMP traps, and flow data
- Investigating network issues using multiple data sources
- Understanding the full picture of network health and behavior
- Onboarding a new device to NetClaw monitoring

## Component Skills

| Skill | MCP Server | Protocol | Default Port |
|-------|------------|----------|--------------|
| `syslog-receiver` | syslog-mcp | RFC 5424/3164 UDP | 514 |
| `snmptrap-receiver` | snmptrap-mcp | SNMPv1/v2c/v3 UDP | 162 |
| `ipfix-receiver` | ipfix-mcp | IPFIX/NetFlow UDP | 2055 |
| `gnmi-telemetry` | gnmi-mcp | gNMI gRPC | 57400 |

## Example Workflows

### Full Device Onboarding

```
1. Configure device to send syslog to NetClaw (UDP 514)
2. Configure SNMP traps to NetClaw (UDP 162)
3. Configure NetFlow/IPFIX export to NetClaw (UDP 2055)
4. Add device to gNMI targets for streaming telemetry
5. Start all receivers
6. Verify data is being received from each source
```

### Multi-Source Incident Investigation

```
1. Query syslog for error messages around incident time
2. Check SNMP traps for linkDown events
3. Analyze flows for traffic anomalies
4. Subscribe to gNMI telemetry for real-time interface state
```

### Network Health Dashboard

```
1. Use syslog_get_severity_counts for error distribution
2. Use snmptrap_get_counts for trap type breakdown
3. Use ipfix_top_talkers for bandwidth consumers
4. Use gnmi_get for current device state
```

## Sample Prompts

- "Start all telemetry receivers on their default ports"
- "What events have we received from 192.168.1.1 across all sources?"
- "Show me a summary of network health from all telemetry"
- "Configure the Catalyst 9300 for full telemetry to NetClaw"
- "Investigate the network issue at 3pm - check all telemetry sources"

## Cisco Catalyst 9300 Configuration

### Syslog

```
logging host 10.0.0.1 transport udp port 514
logging trap informational
logging source-interface Loopback0
```

### SNMP Traps

```
snmp-server enable traps
snmp-server host 10.0.0.1 version 2c public
```

### NetFlow/IPFIX

```
flow exporter NETCLAW
 destination 10.0.0.1
 transport udp 2055
 export-protocol ipfix
```

### gNMI

```
netconf-yang
gnmi-yang
gnmi-yang secure-server
```

## Remote Access (UDP Tunneling)

Since ngrok doesn't support UDP, use these alternatives:

| Service | UDP Support | Best For |
|---------|-------------|----------|
| Pinggy | Yes | Quick tunnel setup |
| Tailscale | Yes | Persistent mesh VPN |
| LocalXpose | Yes | Full protocol support |

## Architecture

```
                    ┌─────────────────┐
                    │ Cisco Cat 9300  │
                    └────────┬────────┘
                             │
        ┌────────────────────┼────────────────────┐
        │         │          │          │         │
        ▼         ▼          ▼          ▼         │
   ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
   │ Syslog  │ │  SNMP   │ │  IPFIX  │ │  gNMI   │
   │ UDP 514 │ │ UDP 162 │ │UDP 2055 │ │TCP 57400│
   └────┬────┘ └────┬────┘ └────┬────┘ └────┬────┘
        │           │           │           │
        ▼           ▼           ▼           ▼
   ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐
   │syslog-  │ │snmptrap-│ │ ipfix-  │ │ gnmi-   │
   │  mcp    │ │   mcp   │ │   mcp   │ │   mcp   │
   └────┬────┘ └────┬────┘ └────┬────┘ └────┬────┘
        │           │           │           │
        └───────────┴─────┬─────┴───────────┘
                          │
                    ┌─────┴─────┐
                    │  NetClaw  │
                    │   Agent   │
                    └───────────┘
```

## Limitations

- All receivers use in-memory storage (data lost on restart)
- No cross-source correlation built-in (done by agent)
- Each receiver runs independently
- UDP tunneling required for remote testing

## Related Documentation

- `/mcp-servers/syslog-mcp/README.md`
- `/mcp-servers/snmptrap-mcp/README.md`
- `/mcp-servers/ipfix-mcp/README.md`
- `/mcp-servers/gnmi-mcp/README.md`

More from automateyournetwork/netclaw

Skill	Description
aap-automation	Red Hat Ansible Automation Platform — inventory management, job template execution, project SCM sync, ad-hoc commands, host management, Galaxy content discovery. Use when automating infrastructure with Ansible, running playbooks, managing inventories, or searching for Ansible collections and roles.
aap-eda	Event-Driven Ansible (EDA) — activation lifecycle, rulebook management, decision environments, event stream monitoring. Use when managing event-driven automation triggers, enabling/disabling activations, or reviewing EDA rulebooks.
aap-lint	ansible-lint playbook and role validation — syntax checking, best practice enforcement, project-wide analysis, rule filtering. Use when validating Ansible playbooks, checking code quality, or enforcing automation best practices before deployment.
aci-change-deploy	Safe ACI policy change deployment - ServiceNow CR lifecycle, pre/post-change fault baselines, APIC policy application, automatic rollback on fault delta, and GAIT audit trail. Use when deploying ACI policy changes, creating tenants or EPGs, pushing config to APIC, or running a change window with rollback protection.
aci-fabric-audit	Comprehensive Cisco ACI fabric health audit - node status, tenant/VRF/BD/EPG policy review, contract analysis, fault triage, and endpoint learning verification. Use when auditing ACI fabric health, checking for faults, reviewing tenant policies, or running pre/post-change baselines on APIC.
arista-cvp	Arista CloudVision Portal (CVP) automation via REST API — device inventory, events, connectivity monitoring, tag management (4 tools). Use when managing Arista devices, checking CloudVision events, monitoring network connectivity probes, or tagging devices in CVP.
aruba-cx-config	View and manage Aruba CX switch configurations, perform ISSU upgrades, and firmware operations
aruba-cx-interfaces	Monitor Aruba CX switch interface status, LLDP neighbors, and optical transceiver health
aruba-cx-switching	View and manage Aruba CX switch VLANs and MAC address tables for Layer 2 operations
aruba-cx-system	Discover Aruba CX switch system information, firmware versions, and VSF topology