SRX Services Gateway
Highlighted
SRX Services Gateway

Help needed configuring srx320 snmp

‎07-02-2020 05:06 AM
Hey junos experts.I need help configuring snmp alert of configuration change. In newBie.. Im configuring first time . Can anyone guide me? Or anyone can give me syntax of configuration change alert . i have junos space as nms.

Thanx in advance
5 REPLIES 5
Highlighted
SRX Services Gateway

Re: Help needed configuring srx320 snmp

‎07-02-2020 07:52 AM

Hello,

All You need is to configure a trap-group with category "configuration" as described here

https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/snmp-trap-groups-configu...

- and specify a target IP address within this trap group to send the traps to.

The trap-group name serves as community for v2c traps.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
SRX Services Gateway

Re: Help needed configuring srx320 snmp

[ Edited ]
‎07-02-2020 08:07 AM

thanx for reply alex. can you please tell what config will be done at junos space  side for notification ?  and can i configure trap groups from GUI in SRX320 ?

 

 

thanx

erfan

Highlighted
SRX Services Gateway

Re: Help needed configuring srx320 snmp

‎07-02-2020 09:29 PM

Hello,

 

Please see if this helps

https://www.juniper.net/documentation/en_US/junos-space17.2/topics/task/operational/junos-space-serv...

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
SRX Services Gateway

Re: Help needed configuring srx320 snmp

‎07-03-2020 12:21 AM

Hi Erfanxp,

 

Good day!!

 

Tracking Router Configuration Changes

 

Problem

You want an NMS system to track when the router’s configuration has been changed.

 

Solution

First, define the NMS system and its password:

 

       [edit snmp v3]

       aviva@router1# set 

usm local-engine user nms2 authentication-sha authentication-

        password $0212roZH

       aviva@router1# set usm local-engine user nms2 privacy-des privacy-password 0212roZH

 

Then, define two views that allow the NMS access to the configuration information. The first view defines what the NMS can read from the MIB:

 

       [edit snmp v3]

       aviva@router1# set view config-info-read oid jnxCfgMgmt include

 

The second view sets what the router includes in notifications sent to the NMS:

       [edit snmp v3]

       aviva@router1# set view config-info-notify oid jnxCfgMgmt include

       aviva@router1# set view config-info-notify oid jnxCmNotifications include

       aviva@router1# set view config-info-notify oid snmpMIBObjects include

       aviva@router1# set view config-info-notify oid system include

 

Finally, create groups and their users and assign access privileges for the groups:

       [edit snmp v3]

       aviva@router1# set vacm security-to-group security-model usm security-name nms2 group

        config-only

       aviva@router1# set vacm access group config-only default-context-prefix security-

        model usm security-level privacy read-view config-info-read

       aviva@router1# set vacm access group config-only default-context-prefix security-

        model usm security-level privacy notify-view config-info-notify

 

Discussion

To use SNMP to extract the router configuration, use the Juniper Networks configuration management MIB extension, which tracks who made changes to the configuration and when. This recipe gives the NMS system called nms2 access to configuration information.

The first commands in this recipe configure USM for security, with SHA1 authentication and DES message payload encryption. You then create two views, one that defines what nms2 can read from the MIB and a second that sets what the router can include in notifications. The final commands configure the VACM to provide access to desired groups.

Again, this recipe is somewhat involved, so here’s what the resulting configuration looks like after you issue the commands in this recipe, with some added comments:

 

       aviva@router1# show | except SECRET-DATA

       v3 {

           usm { # <-- which NMS systems can access the router

               local-engine {

                   user nms2 {

                       authentication-sha {

                       privacy-des {

                       }

                   }

               }

           }

           vacm { # <-- what the NMS systems can access on the router

               security-to-group { # <-- which access group each NMS is in

                   security-model usm {

                       security-name nms2 {

                           group config-only;

                       }

                   }

                }

                access { # <-- which MIB views the NMS systems can access

                    group config-only {

                         default-context-prefix {

                             security-model usm {

                                 security-level privacy {

                                     read-view config-info-read;

                                     notify-view config-info-notify;

                                 }

                             }

                         }

                    }

                }

           }

       }

       view config-info-read { # <-- view of enterprise configuration management objects

       oid jnxCfgMgmt include;

       }

       view config-info-notify { # <-- view for objects used by SNMPv3 traps

           oid jnxCfgMgmt include;

           oid jnxCmNotifications include;

           oid snmpMIBObjects include;

           oid system include;

       }

 

https://www.oreilly.com/library/view/junos-cookbook/0596100140/ch04.html  

 

Please mark "Accepted Solution" if this helps you solve your query. Kudos are always appreciated.

 

Thanks

Suraj 

 

Highlighted
SRX Services Gateway

Re: Help needed configuring srx320 snmp

[ Edited ]
‎07-03-2020 04:08 AM
Thankyou suraj for such a detail explaining . I have few questions. First commands which you mentioned will run on srx320 ? and I’m using snmp v2 and using junos space NMS
Feedback