[j-nsp]
ANNOUNCE: junfwpoll, SNMP poller for firewall filter counters
Dave Plonka
plonka at doit.wisc.edu
Sat Jun 14 17:33:18 EDT 2003
juniper-nsp folks,
FYI, I've just made the following utility available under GPL terms:
junfwpoll - a JUNiper router FireWall filter snmp POLLer.
junfwpoll is an mrtg-like utility which polls the counter values
from the firewall filters configured on Juniper routers.
It creates ".rrd" files with names matching the router and its
filter counter names, each containing a bytes and a pkts data
source suitable for graphing using RRGrapher or RRDTOOL.
The current revision of junfwpoll is available here:
http://net.doit.wisc.edu/~plonka/junfwpoll/
Please see the attached README file, which is also located in that HTTP
download directory, for more information.
Dave
--
plonka at doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
-------------- next part --------------
README for junfwpoll
--------------------
intro
-----
junfwpoll - a JUNiper router FireWall filter snmp POLLer.
junfwpoll is an mrtg-like utility which polls the counter values
from the firewall filters configured on Juniper routers.
It creates ".rrd" files with names matching the router and its
filter counter names, each containing a bytes and a pkts data
source suitable for graphing using RRGrapher or RRDTOOL.
prerequisites
-------------
- perl version 5
- Altoids:
http://net.doit.wisc.edu/~plonka/Altoids/
- RRDTOOL:
http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/
- some familiarity with MRTG and RRDTOOL
usage
-----
junfwpoll [-v|n] [-m] [-c default_community] [community@]host [...]
-v - verbose (mnemonic: 'v'erbose)
-n - don't create or update RRD files, just show counters (implies "-v")
(mnemonic: 'n'o, don't do anything)
-m - name the data sources "ds0" and "ds1", rather than "pkts" and
"bytes", respectively, ala MRTG when "LogFormat: rrdtool" is set.
(mnemonic: 'm'rtg mode)
-h - shows this usage information
(mnemonic: 'h'elp)
The first time you run junfwpoll on a given router, try it out by
using the "-n" option. This will cause it to display the firewall
filter counters and their values, but not create nor update the RRD
files. For instance:
$ ./junfwpoll -n public at router
router.jnxFWCounterPacketCount.Inbound-Filters.spoofed.2 = 106022
router.jnxFWCounterPacketCount.Inbound-Filters.bogons-inbound.2 = 1900598
router.jnxFWCounterPacketCount.Inbound-Filters.ms-sql-worm.2 = 45787937
...
router.jnxFWCounterByteCount.Inbound-Filters.spoofed.2 = 9048609
router.jnxFWCounterByteCount.Inbound-Filters.ms-sql-worm.2 = +18489275890
router.jnxFWCounterByteCount.Inbound-Filters.bogons-inbound.2 = 153759455
...
Once that works, you're ready to poll the counters again and record
the initial values into RRD files:
$ cd /path/to/dir/for/rrd/files
$ $HOME/perl/junfwpoll -v public at router
That should result in files such as the following (assuming you have
some similarly configured firewall filters with couters):
router_Inbound-Filters_bogons-inbound.rrd
router_Inbound-Filters_ms-sql-worm.rrd
router_Inbound-Filters_spoofed.rrd
Then typically junfwpoll is scheduled to run every five minutes by
configuring it in a crontab like this:
0,5,10,15,20,25,30,35,40,45,50,55 * * * * cd /path/to/dir/for/rrd/files >/dev/null && $HOME/perl/junfwpoll public at router
--
Dave Plonka, Jun 14 2003
More information about the juniper-nsp
mailing list