SRX Services Gateway
Highlighted
SRX Services Gateway

SNMP ObjectsTable per logical-system

‎07-14-2016 03:54 AM

Hi everybody!

I have an SRX divided in 3 logical systems: I would like to grab the SNMP values of the string jnxJsSPUMonitoringObjectsTable for each of the logical system I have configured.

If I walk that string I can just get the result per node

 

show snmp mib walk jnxJsSPUMonitoringObjectsTable

jnxJsSPUMonitoringFPCIndex.1 = 1
jnxJsSPUMonitoringFPCIndex.9 = 1
jnxJsSPUMonitoringSPUIndex.1 = 0
jnxJsSPUMonitoringSPUIndex.9 = 0
jnxJsSPUMonitoringCPUUsage.1 = 0
jnxJsSPUMonitoringCPUUsage.9 = 0
jnxJsSPUMonitoringMemoryUsage.1 = 66
jnxJsSPUMonitoringMemoryUsage.9 = 66
jnxJsSPUMonitoringCurrentFlowSession.1 = 421
jnxJsSPUMonitoringCurrentFlowSession.9 = 244
jnxJsSPUMonitoringMaxFlowSession.1 = 819200
jnxJsSPUMonitoringMaxFlowSession.9 = 819200
jnxJsSPUMonitoringCurrentCPSession.1 = 284
jnxJsSPUMonitoringCurrentCPSession.9 = 242
jnxJsSPUMonitoringMaxCPSession.1 = 1048576
jnxJsSPUMonitoringMaxCPSession.9 = 1048576
jnxJsSPUMonitoringNodeIndex.1 = 0
jnxJsSPUMonitoringNodeIndex.9 = 1
jnxJsSPUMonitoringNodeDescr.1 = node0
jnxJsSPUMonitoringNodeDescr.9 = node1
jnxJsSPUMonitoringFlowSessIPv4.1 = 418
jnxJsSPUMonitoringFlowSessIPv4.9 = 241
jnxJsSPUMonitoringFlowSessIPv6.1 = 3
jnxJsSPUMonitoringFlowSessIPv6.9 = 3
jnxJsSPUMonitoringCPSessIPv4.1 = 281
jnxJsSPUMonitoringCPSessIPv4.9 = 238
jnxJsSPUMonitoringCPSessIPv6.1 = 3
jnxJsSPUMonitoringCPSessIPv6.9 = 4

 

As "Best Practice" suggests I can also run jnxJsSPUMonitoringCurrentTotalSession but that will give only for the system-level total session. The correspondig CLI for the trap I'm looking for is:

 

show security flow session summary logical-system ls-application
node0:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 93
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 290
Valid sessions: 93
Pending sessions: 0
Invalidated sessions: 197
Sessions in other states: 0
Maximum-sessions: 819200

node1:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 95
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 106
Valid sessions: 95
Pending sessions: 0
Invalidated sessions: 11
Sessions in other states: 0
Maximum-sessions: 819200

 

Any suggestion? 🙂

 

 

 

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: SNMP ObjectsTable per logical-system

‎07-14-2016 10:16 AM

Hello,

 

 

Please check the below KB article and see if it helps in meeting your requirements:-

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28526&actp=search

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

 

 

Highlighted
SRX Services Gateway

Re: SNMP ObjectsTable per logical-system

‎07-15-2016 01:54 AM

Hi Pulkit,

Thank you very much for your reply. That is what I was looking for!.Unfortunately, seems not working for my firewall (perhaps I' m not doig in the right way or I misunderstood something)

 

I have 3 logical system configured on my firewall. Let's take as example my logical system "ls-application" As you can see from the output below I have 2 nodes with session in use with 324 and 100 packets

.

federico@fw1.r2.thw> show security flow session summary logical-system ls-application
node0:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 94
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 324
Valid sessions: 94
Pending sessions: 0
Invalidated sessions: 230
Sessions in other states: 0
Maximum-sessions: 819200

node1:
--------------------------------------------------------------------------

Flow Sessions on FPC1 PIC0:
Unicast-sessions: 94
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 100
Valid sessions: 99
Pending sessions: 0
Invalidated sessions: 1
Sessions in other states: 0
Maximum-sessions: 819200

 

However, when I walk for that logical sustem, the values that come back to me are different

federico@fw1.fw.mgmt.thw:~$ snmpwalk -v2c -c ls-application/default@yocomm 10.32.123.10 .1.3.6.1.4.1.2636.3.39.1.17.6
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.2.108.115.45.97.112.112.108.105.99.97.116.105.111.110 = STRING: "ls-application-profile"
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.3.108.115.45.97.112.112.108.105.99.97.116.105.111.110 = Gauge32: 0
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.4.108.115.45.97.112.112.108.105.99.97.116.105.111.110 = Gauge32: 2100
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.5.108.115.45.97.112.112.108.105.99.97.116.105.111.110 = Gauge32: 1572864

 

Also, if I walk for another logical system I have the same values

 

federico@fw1.fw.mgmt.thw:~$ snmpwalk -v2c -c ls-database/default@yocomm 10.32.123.10 .1.3.6.1.4.1.2636.3.39.1.17.6
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.2.108.115.45.100.97.116.97.98.97.115.101 = STRING: "ls-database-profile"
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.3.108.115.45.100.97.116.97.98.97.115.101 = Gauge32: 0
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.4.108.115.45.100.97.116.97.98.97.115.101 = Gauge32: 2100
SNMPv2-SMI::enterprises.2636.3.39.1.17.6.1.1.1.1.5.108.115.45.100.97.116.97.98.97.115.101 = Gauge32: 1572864

 

Is there something wrong in my understanding? Possible bug?
Thanks

 

Highlighted
SRX Services Gateway

Re: SNMP ObjectsTable per logical-system

‎07-15-2016 03:17 AM

Hello,

 

I do not see anyrthing wrong with what you have tried and everything should work as epxected but it is not.

 

Please share the SNMP configuration from the SRX for all the LSYS so that i can check the same and get back to you.

 

Thanks,

Pulkit Bhandari

SRX Services Gateway

Re: SNMP ObjectsTable per logical-system

‎07-15-2016 03:31 AM

Here we are. Please note that I added just one logical-system on SNMP

 

//--SNMP--//

federico@fw1.r2.thw> show configuration | match snmp | display set
set snmp name fw1.r2.thw
set snmp description "xxxxxxxxxxxl"
set snmp location "xxxxxxxxxx"
set snmp contact "xxxxxx"
set snmp interface fxp0.0
set snmp filter-duplicates
set snmp engine-id use-default-ip-address
set snmp client-list list0 xxxxxxxxxxx
set snmp client-list list0 xxxxxxxxxxx
set snmp client-list list0 xxxxxxxxxxx
set snmp community yocomm authorization read-only
set snmp community yocomm client-list-name list0
set snmp community yocomm logical-system ls-application routing-instance default
set snmp trap-options source-address 10.32.123.10
set snmp routing-instance-access
set snmp health-monitor
set policy-options prefix-list snmp-servers xxxxxxxxxxx
set policy-options prefix-list snmp-servers xxxxxxxxxxx
set policy-options prefix-list snmp-servers xxxxxxxxxxx
set firewall family inet filter protect-re term allow-snmp from source-prefix-list snmp-servers
set firewall family inet filter protect-re term allow-snmp from protocol udp
set firewall family inet filter protect-re term allow-snmp from destination-port snmp
set firewall family inet filter protect-re term allow-snmp then accept

 

//--LSYS--//

set system login class ls-application-admin logical-system ls-application
set system login class ls-application-admin permissions all
set system login user lsapplicationadmin class ls-application-admin
set system security-profile ls-application-profile policy reserved 60
set system security-profile ls-application-profile zone reserved 17
set system security-profile ls-application-profile flow-session reserved 2100
set system security-profile ls-application-profile cpu reserved 25
set system security-profile ls-application-profile logical-system ls-application

[..other not relevant configuration..]

Feedback