If you are having high CPU issues on your routers there is a way to see exactly what is causing it.
My issue was causing EIGRP to drop neighbors then come back online.
The problem is catching it fast enough to get the needed output especially when the spikes happen for only 1 second or 2. I don’t know about you but i can’t type that fast.
To solve this issue we’ll use our friendly EEM script.
event manager session cli username “XXX” ——-This line may only be used if you have AAA configured and this “algo” must be a username that you already have in AAA
event manager applet HIGH_CPU
event snmp oid 126.96.36.199.188.8.131.52.184.108.40.206.1.3.1 get-type exact entry-op ge entry-val 85 exit-op lt exit-val 75 poll-interval 7
action 1.01 syslog msg “——HIGH CPU DETECTED—-, CPU:$_snmp_oid_val%”
action 1.02 cli command “enable”
action 1.03 cli command “term length 0”
action 1.04 cli command “debug netdr cap rx”
action 1.05 cli command “show netdr cap | append disk0:HIGH_CPU.txt”
action 1.06 cli command “show proc cpu sort | append disk0:HIGH_CPU.txt”
action 1.07 cli command “Show users | append disk0:HIGH_CPU.txt”
action 1.08 cli command “Show proc cpu history | append disk0:HIGH_CPU.txt”
action 1.09 cli command “show logging | append disk0:HIGH_CPU.txt”
action 1.10 cli command “show spanning-tree detail | append disk0:HIGH_CPU.txt”
action 1.11 cli command “show ip traffic | append disk0:HIGH_CPU.txt”
action 1.12 cli command “show clock | append disk0:HIGH_CPU.txt”
action 1.13 cli command “undebug all”
action 1.14 cli command “term length 24”
action 1.15 cli command “exit”
Depending on your platform you may need to change disk0: to flash: or something else.
It will trigger when there is 85% CPU or greater and write a file to the destination.
With this output you can put it into a beta cisco tool https://cway.cisco.com/tools/netdr which will decode it for you.
Here is what one of mine looked like: