Monitoring Juniper SRX Firewall CPU, Memory and Flow Session Information from PRTG - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Thursday, January 15, 2015

Monitoring Juniper SRX Firewall CPU, Memory and Flow Session Information from PRTG

While using PRTG to monitor our firewalls, we found by default it could not poll Juniper SRX's CPU and flow information with auto discovery method. From command line, we are able to use following SNMP Mib to get CPU, Memory and Flow Session information, but not directly from PRTG.

PRTG is powerful network monitoring tools for enterprise with following features I likes :

  • Easy to deployment, as it said it can be installed in 2 minutes
  • Auto discovery methods to find monitoring elements.
  • Support distribution implementation. You could install agents it in multiple location.
  • Support Multiple protocols, such as SNMP, WMI, Netflow, jflow and sFlow etc.
  • Web Interface is quite intuitionistic
  • Email function
  • etc
This post will show how to manually add some sensors which not be able to use through auto discovery method.



1. SRX 240 SPU Mib Information

admin@fw-srx-1> show chassis hardware 
 node0:--------------------------------------------------------------------------Hardware inventory:Item             Version  Part number  Serial number     DescriptionChassis                                AG1912110058      SRX240HRouting Engine   REV 51   750-021793   AAEP4868          RE-SRX240HFPC 0                                                    FPC  PIC 0                                                  16x GE Base PICPower Supply 0  
node1:--------------------------------------------------------------------------Hardware inventory:Item             Version  Part number  Serial number     DescriptionChassis                                AG0912110078      SRX240HRouting Engine   REV 50   750-021793   AAEK3334          RE-SRX240HFPC 0                                                    FPC  PIC 0                                                  16x GE Base PICPower Supply 0  
admin@fw-srx-1> show security monitoring fpc 0 
node0:--------------------------------------------------------------------------FPC 0  PIC 0    CPU utilization          :    2 %    Memory utilization       :   78 %    Current flow session     :  191    Current flow session IPv4:  191    Current flow session IPv6:    0    Max flow session         : 65536Total Session Creation Per Second (for last 96 seconds on average):   25IPv4  Session Creation Per Second (for last 96 seconds on average):   25IPv6  Session Creation Per Second (for last 96 seconds on average):    0
node1:--------------------------------------------------------------------------FPC 0  PIC 0    CPU utilization          :    0 %    Memory utilization       :   77 %    Current flow session     :  135    Current flow session IPv4:  135    Current flow session IPv6:    0    Max flow session         : 65536Total Session Creation Per Second (for last 96 seconds on average):    1IPv4  Session Creation Per Second (for last 96 seconds on average):    1IPv6  Session Creation Per Second (for last 96 seconds on average):    0 
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.4.0  jnxJsSPUMonitoringCPUUsage.0 = 0

admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.5.0   jnxJsSPUMonitoringMemoryUsage.0 = 78
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6.0  jnxJsSPUMonitoringCurrentFlowSession.0 = 175

admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.7.0  jnxJsSPUMonitoringMaxFlowSession.0 = 65536

2. Add sensors into PRTG

Since we already have MIB information in the SRX, here is the manual way to add those information into PRTG.




3. SRX1400 Mib Information

For SRX1400, SPU is in the different slot, you will just need to change slot number from 0 to 1.
{primary:node0}
admin@fw-1400-1> show chassis hardware node0:--------------------------------------------------------------------------Hardware inventory:Item             Version  Part number  Serial number     DescriptionChassis                                BH1114AJ0027      SRX 1400Midplane         REV 11   711-111012   ACDN7611          SRX1k BackplanePEM 0            rev 11   740-112015   J027MY002311P     AC Power SupplyPEM 1            rev 11   740-112015   J027MW001S11P     AC Power SupplyCB 0             REV 12   750-112544   ACDL8977          SRX1K-RE-12-10  Routing Engine          BUILTIN      BUILTIN           Routing Engine  CPP                     BUILTIN      BUILTIN           Central PFE Processor  Mezz           REV 09   710-021115   ACDM9055          SRX HD Mezzanine CardFPC 0            REV 19   750-111019   ACDL1005          SRX1k 10GE SYSIO  PIC 0                   BUILTIN      BUILTIN           6x 1GE RJ45 3x 1GE SFP 3x 10GE SFP+    Xcvr 6                NON-JNPR     00000MTC1131006V  SFP-T    Xcvr 7                NON-JNPR     JUR1835GCWP       SFP+-10G-SR    Xcvr 8       Yrod     NON-JNPR     JUR1835G6WY       SFP+-10G-SR    Xcvr 9                NON-JNPR     JUR1835GU90       SFP+-10G-SRFPC 1            REV 12   750-112543   ACDJ6935          SRX1k Dual Wide NPC+SPC Support Card  PIC 0                   BUILTIN      BUILTIN           SPU Cp-FlowFPC 3            REV 19   710-017865   ACDR5442          BUILTIN NPC  PIC 0                   BUILTIN      BUILTIN           NPC PICFan Tray         -N/A-    -N/A-        -N/A-             SRX 1400 Fan Tray
node1:--------------------------------------------------------------------------Hardware inventory:Item             Version  Part number  Serial number     DescriptionChassis                                BH1114AJ0011      SRX 1400Midplane         REV 11   711-111012   ACDM5607          SRX1k BackplanePEM 0            rev 11   740-112015   J027MY004011P     AC Power SupplyPEM 1            rev 11   740-112015   J027LS004011P     AC Power SupplyCB 0             REV 12   750-112544   ACDL8984          SRX1K-RE-12-10  Routing Engine          BUILTIN      BUILTIN           Routing Engine  CPP                     BUILTIN      BUILTIN           Central PFE Processor  Mezz           REV 09   710-021115   ACDM9054          SRX HD Mezzanine CardFPC 0            REV 19   750-111019   ACDM8051          SRX1k 10GE SYSIO  PIC 0                   BUILTIN      BUILTIN           6x 1GE RJ45 3x 1GE SFP 3x 10GE SFP+    Xcvr 6                NON-JNPR     00000MTC123511UD  SFP-T    Xcvr 7       Vo       NON-JNPR     JUR1835GB6J       SFP+-10G-SR    Xcvr 8                NON-JNPR     JUR1835GCWT       SFP+-10G-SR    Xcvr 9                NON-JNPR     JUR1833GMZN       SFP+-10G-SRFPC 1            REV 12   750-112543   ACDJ6938          SRX1k Dual Wide NPC+SPC Support Card  PIC 0                   BUILTIN      BUILTIN           SPU Cp-FlowFPC 3            REV 19   710-017865   ACDS1404          BUILTIN NPC  PIC 0                   BUILTIN      BUILTIN           NPC PICFan Tray         -N/A-    -N/A-        -N/A-             SRX 1400 Fan Tray
admin@fw-1400-1> show security monitoring fpc 1                                                                          
node0:--------------------------------------------------------------------------FPC 1  PIC 0    CPU utilization          :    2 %    Memory utilization       :   72 %    Current flow session     : 2085    Current flow session IPv4: 2085    Current flow session IPv6:    0    Max flow session         : 1048576    Current CP session       : 1914    Current CP session   IPv4: 1914    Current CP session   IPv6:    0    Max CP session           : 1048576Total Session Creation Per Second (for last 96 seconds on average):   34IPv4  Session Creation Per Second (for last 96 seconds on average):   34IPv6  Session Creation Per Second (for last 96 seconds on average):    0
node1:--------------------------------------------------------------------------FPC 1  PIC 0    CPU utilization          :    0 %    Memory utilization       :   70 %    Current flow session     : 1844    Current flow session IPv4: 1844    Current flow session IPv6:    0    Max flow session         : 1048576    Current CP session       : 1844    Current CP session   IPv4: 1844    Current CP session   IPv6:    0    Max CP session           : 1048576Total Session Creation Per Second (for last 96 seconds on average):    0IPv4  Session Creation Per Second (for last 96 seconds on average):    0IPv6  Session Creation Per Second (for last 96 seconds on average):    0

{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.4.1                                                  
jnxJsSPUMonitoringCPUUsage.1 = 1
{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.5.1  jnxJsSPUMonitoringMemoryUsage.1 = 72

{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6.1  jnxJsSPUMonitoringCurrentFlowSession.1 = 2245
{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.7.1  jnxJsSPUMonitoringMaxFlowSession.1 = 1048576

4. CPU for Routing Engine 

SRX branch also have a SPU (Service Processing Unit). Considering SRX branch doesn't have a dedicated SPU chip, but due to it's muticore infrasture, it will use one logical core act as RE, and other logical core act as SPU, this SPU always sit in FPC0.

The following MIB is for Routing Engine CPU Poll.
{primary:node0}
admin@fw-srx-1> show snmp mib walk 1.3.6.1.4.1.2636.3.1.13.1.5  jnxOperatingDescr.1.1.0.0 = node0 midplanejnxOperatingDescr.1.2.0.0 = node1 midplanejnxOperatingDescr.2.1.0.0 = node0 PEM 0jnxOperatingDescr.2.2.0.0 = node1 PEM 0jnxOperatingDescr.4.1.0.0 = node0 SRX240 PowerSupply fan 1jnxOperatingDescr.4.2.0.0 = node0 SRX240 PowerSupply fan 2jnxOperatingDescr.4.3.0.0 = node0 SRX240 CPU fan 1jnxOperatingDescr.4.4.0.0 = node0 SRX240 CPU fan 2jnxOperatingDescr.4.5.0.0 = node0 SRX240 IO  fan 1jnxOperatingDescr.4.6.0.0 = node0 SRX240 IO  fan 2jnxOperatingDescr.4.7.0.0 = node1 SRX240 PowerSupply fan 1jnxOperatingDescr.4.8.0.0 = node1 SRX240 PowerSupply fan 2jnxOperatingDescr.4.9.0.0 = node1 SRX240 CPU fan 1jnxOperatingDescr.4.10.0.0 = node1 SRX240 CPU fan 2jnxOperatingDescr.4.11.0.0 = node1 SRX240 IO  fan 1jnxOperatingDescr.4.12.0.0 = node1 SRX240 IO  fan 2jnxOperatingDescr.7.1.0.0 = node0 FPC: FPC @ 0/*/*jnxOperatingDescr.7.6.0.0 = node1 FPC: FPC @ 0/*/*jnxOperatingDescr.8.1.1.0 = node0 PIC: 16x GE Base PIC @ 0/0/*jnxOperatingDescr.8.6.1.0 = node1 PIC: 16x GE Base PIC @ 0/0/*jnxOperatingDescr.9.1.0.0 = node0 Routing EnginejnxOperatingDescr.9.1.1.0 = node0 USB HubjnxOperatingDescr.9.2.0.0 = node1 Routing EnginejnxOperatingDescr.9.2.1.0 = node1 USB Hub
{primary:node0}

admin@fw-srx-1> show snmp mib walk 1.3.6.1.4.1.2636.3.1.13.1.8  jnxOperatingCPU.1.1.0.0 = 0jnxOperatingCPU.1.2.0.0 = 0jnxOperatingCPU.2.1.0.0 = 0jnxOperatingCPU.2.2.0.0 = 0jnxOperatingCPU.4.1.0.0 = 0jnxOperatingCPU.4.2.0.0 = 0jnxOperatingCPU.4.3.0.0 = 0jnxOperatingCPU.4.4.0.0 = 0jnxOperatingCPU.4.5.0.0 = 0jnxOperatingCPU.4.6.0.0 = 0jnxOperatingCPU.4.7.0.0 = 0jnxOperatingCPU.4.8.0.0 = 0jnxOperatingCPU.4.9.0.0 = 0jnxOperatingCPU.4.10.0.0 = 0jnxOperatingCPU.4.11.0.0 = 0jnxOperatingCPU.4.12.0.0 = 0jnxOperatingCPU.7.1.0.0 = 0jnxOperatingCPU.7.6.0.0 = 0jnxOperatingCPU.8.1.1.0 = 0jnxOperatingCPU.8.6.1.0 = 0jnxOperatingCPU.9.1.0.0 = 19jnxOperatingCPU.9.1.1.0 = 0jnxOperatingCPU.9.2.0.0 = 8jnxOperatingCPU.9.2.1.0 = 0

admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0  jnxOperatingCPU.9.1.0.0 = 19
{primary:node0}
admin@fw-srx-1> show chassis routing-engine | find "CPU utilization"

Reference


2 comments:

  1. Hi there. This is a nice write-up. But deploying the sensors in PRTG may be easier by using this auto-discovery template: https://kb.paessler.com/en/topic/72738

    Cheers!

    ReplyDelete
    Replies
    1. Thanks for letting me about this template. I will give it a try.

      Delete