The question: How do I give Claude Code direct access to NetBox, Grafana, PagerDuty, and our syslog database — so it can query live operational data without me pasting it into the prompt?
The MCP architecture
MCP servers are adapters. They sit between Claude Code and an external system, translating Claude's tool calls into API requests and returning structured data. When you connect a NetBox MCP server, Claude gains tools like "get device interfaces," "search IP addresses," and "query cable paths." When you connect a monitoring MCP server, Claude can check alert status, pull metric graphs, and query dashboards.
The key point: the MCP Host (Claude Code) can connect to multiple MCP servers simultaneously. Each server provides its own set of tools, resources, and prompts. Claude decides which server's tools to use based on the task.
NetBox — your IPAM/DCIM source of truth
claude mcp add --transport stdio netbox \
--env "NETBOX_URL=https://netbox.internal.company.com" \
--env "NETBOX_TOKEN=$NETBOX_TOKEN" \
-- npx -y @your-org/mcp-server-netboxYou: Query NetBox for all interfaces on core-nyc-01 that are
marked as "connected" but have no cable record.
These are documentation gaps.
Claude: [Calls NetBox MCP tool: list_interfaces(device=core-nyc-01)]
[Filters: status=connected, cable_id=null]
6 interfaces connected without cable documentation:
Ethernet3 — peer noted in description ("to access-nyc-05")
but no cable record
Ethernet7 — no peer info, no cable, no description
Ethernet12 — description: "TEMP LINK 2024-03-15"
Ethernet15 — description: "SPAN destination"
Ethernet21 — description empty
Ethernet22 — description empty
Ethernet7, Ethernet21, and Ethernet22 are highest risk —
completely undocumented connected interfaces. Ethernet12
is a "temporary" link that's been in place for 14 months.Claude queried NetBox directly. It didn't need you to export a CSV, paste it into the prompt, or write a Python script. The MCP server translated Claude's query into NetBox API calls and returned structured data.
Monitoring (Grafana/Prometheus)
claude mcp add --transport http grafana \
--header "Authorization: Bearer $GRAFANA_TOKEN" \
https://grafana.internal.company.com/mcp/You: Pull the packet loss metrics for the NYC-LAX transit
circuit over the last 4 hours. Is there a pattern?
Claude: [Calls Grafana MCP tool: query_metrics]
[metric=packet_loss, target=nyc-lax-transit, range=4h]
Packet loss pattern detected:
- 14:30–14:35 UTC: 0.3% loss (spike)
- 14:45–14:50 UTC: 0.4% loss (spike)
- 15:00–15:05 UTC: 0.5% loss (spike)
- 15:15–15:20 UTC: 0.3% loss (spike)
Pattern: 15-minute intervals, increasing baseline. This
matches a periodic congestion pattern — likely a scheduled
backup job or bulk transfer saturating the circuit every
15 minutes. Check the traffic utilization graph for the
same period to confirm.Git for change awareness
claude mcp add --transport stdio github \
-- npx -y @anthropic-ai/mcp-server-githubYou: Are there any open PRs in network-automation that modify
firewall configs? I'm about to push a firewall change
and need to check for conflicts.
Claude: [Calls GitHub MCP tool: list_pull_requests]
[repo=your-org/network-automation, state=open]
[Filters PRs touching configs/firewalls/]
2 open PRs modify firewall configs:
PR #347: "Add permit for monitoring subnet to fw-nyc-01"
- Adds 1 rule to configs/firewalls/fw-nyc-01.cfg
- Author: jsmith, opened 2 days ago, approved, awaiting merge
PR #352: "Block cryptomining pool IPs on all firewalls"
- Modifies configs/firewalls/fw-*.cfg (all 8 firewalls)
- Author: admin-team, opened today, review pending
PR #347 is safe — it touches only fw-nyc-01 and adds a rule.
PR #352 modifies all firewalls. If your change also touches
all firewalls, coordinate with admin-team to avoid merge conflicts.Syslog database for log correlation
claude mcp add --transport stdio postgres \
--env "DATABASE_URL=postgresql://readonly:pass@syslog-db.internal/logs" \
-- npx -y @anthropic-ai/mcp-server-postgresYou: Query the syslog database for BGP-related messages from
core-lax-01 and core-lax-02 in the last 6 hours.
Correlate events between the two devices.
Claude: [Calls Postgres MCP tool: execute_query]
[SQL: SELECT timestamp, device, message FROM syslogs
WHERE device IN ('core-lax-01','core-lax-02')
AND message ILIKE '%bgp%'
AND timestamp > NOW() - INTERVAL '6 hours'
ORDER BY timestamp]
22 BGP events found. Correlation:
15:32:02 — core-lax-01: BGP neighbor 10.0.0.5 state Established → Idle
15:32:02 — core-lax-02: BGP neighbor 10.0.0.1 state Established → Idle
[Simultaneous — both sides saw the session drop at the same instant]
15:32:17 — core-lax-01: Hold timer expired for neighbor 10.0.0.5
15:32:17 — core-lax-02: Hold timer expired for neighbor 10.0.0.1
15:32:19 — core-lax-01: BGP neighbor 10.0.0.5 state Idle → Active
15:32:20 — core-lax-02: BGP neighbor 10.0.0.1 state Idle → Active
15:32:45 — Both: session re-established
Analysis: Simultaneous drop rules out unilateral reset. Both
devices saw hold timer expire at the same time, which means
keepalives stopped crossing in both directions. This is a
transport-layer issue — either the interconnecting link dropped
briefly, or an intermediate device (check if there's a firewall
in the path) blocked port 179 transiently.MCP scope
claude mcp add --scope project ... # Shared with team via .mcp.json in repo
claude mcp add --scope user ... # Personal, stored in ~/.claude.jsonProject-scoped servers travel with the repo. Everyone who clones network-automation gets the same MCP connections. User-scoped servers are personal — your specific Grafana token, your personal NetBox access level.
Verify connected servers:
/mcpShows connected servers, tool counts per server, and flags any server that connected with zero tools (usually a credential or URL issue).