Monitoring VSX - Concurrent Connections

raquinog — Mon, 08 Jun 2020 21:10:34 GMT

Hi Everyone:

I recently had a problem in the firewall where it exceeded the concurrent connections of my VSX Firewall (R80.20)

I would like to see if there is a way to monitor each VSX Firewall and that it can monitor concurrent connections and send alert when a threshold is exceeded. Any tool that allows me to do this monitoring?

If I want to monitoring a VSX firewall, Does it have to be with the IP that was registered in the management console?
Can I do it through the other interfaces (internal interface)?

Thanks for your help.

Re: Monitoring VSX - Concurrent Connections

Maarten_Sjouw — Tue, 09 Jun 2020 06:49:07 GMT

You can read the values with a SNMP tool/monitoring system like CheckMK or Solarwinds. In those tools you can set thresholds for specific values to alert you.
In VSX itself you can set the monitoring per VS or per machine., in the latter case you can still monitor the per VS connections via VS0.

Re: Monitoring VSX - Concurrent Connections

Martin_Valenta — Tue, 23 Jun 2020 06:48:20 GMT

I have this Python script to monitor concurrent connections on each VS via Nagios Service checks. It's set for using SNMPv3, just update to correct username and correct authentication and privacy encryption and password and should work.

Output is state of each VS and also it's printing performance data for graphing.

from __future__ import division import subprocess import argparse from collections import OrderedDict from sys import exit import sys argpar = argparse.ArgumentParser() argpar.add_argument("-ip",action="store",dest="host_ip",help="specify IP",required=True) argpar.add_argument("-d",action="store_true",dest="debug",help="debugging mode",required=False) conn_oid = '1.3.6.1.4.1.2620.1.16.23.1.1' conn_table_entry = OrderedDict() conn_table_entry["enterprises.2620.1.16.23.1.1.3"]= "current" #0=OK, 1=Warning, 2=Error conn_table_entry["enterprises.2620.1.16.23.1.1.4"] = "peak" #0=to log servers, 1=local configured, 2=local due to connectivity issues,3=local due to high rate conn_table_entry["enterprises.2620.1.16.23.1.1.10"]= "max" results = argpar.parse_args() ip = results.host_ip debug = results.debug def get_context_name(ip,oid): try: snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -a MD5 -A AuthPW -l authPriv -x DES -X PrivacyPW -u snmpv3User -Oqv {0} 1.3.6.1.4.1.2620.1.16.22.1.1.3 ".format(ip), shell=True, stdout=subprocess.PIPE).stdout.read() snmp_query = snmp_query.split("\n") if debug: for item in snmp_query: print item if " No Such Instance currently exists at this OID" in snmp_query[0]: return False else: return snmp_query except Exception as e: print "Looks like snmp issue" print e print ip, oid def parse_context_name(snmp_output): data_list = dict() snmp_output = snmp_output[:-1] for id,line in enumerate(snmp_output): data_list[id+1] = line.strip('"') return data_list def get_snmp_table(ip,oid): try: snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -c AuthPW -a MD5 -A PrivacyPW -l authPriv -x DES -X g3tt0d@CH0PP@ -u snmpv3User -Onsq {0} {1} ".format(ip,oid), shell=True, stdout=subprocess.PIPE).stdout.read() snmp_query = snmp_query.split("\n") if debug: for item in snmp_query: print item if " No Such Instance currently exists at this OID" in snmp_query[0]: return False else: return snmp_query except Exception as e: print "Looks like snmp issue" print e print ip, oid def parse_snmp_output(snmp_output,context_names): snmp_output = snmp_output[:-1] data_list = list() matched_data_dict = dict() current = "enterprises.2620.1.16.23.1.1.2" peak = "enterprises.2620.1.16.23.1.1.3" max = "enterprises.2620.1.16.23.1.1.4" conn_stat = dict() current_list = list() peak_list = list() max_list = list() for line in snmp_output: data_list.append(line) oid,value = line.split(".0") #print oid,value if oid.startswith(current): current_list.append(value) elif oid.startswith(peak): peak_list.append(value) elif oid.startswith(max): max_list.append(value) return current_list,peak_list,max_list if __name__ == "__main__": context_names = get_context_name(ip,conn_oid) results = parse_context_name(context_names) results.pop(1) # print results conn_lines= get_snmp_table(ip,conn_oid) current_list,peak_list,max_list = parse_snmp_output(conn_lines,results) warning_for = list() output_status = list() output_perf_data = list() for id,name in results.iteritems(): # prefix,vs_system = name.split("01_") vs_system = name max = max_list[id-1] current = current_list[id-1] peak = peak_list[id-1] #print vs_system,current_list[id-1],peak_list[id-1],max_list[id-1] ratio = int(current)/int(max) * 100 ratio_limit = 80 if int(ratio) > ratio_limit: output_status.append("Warning! Concurrent connections is above {2} % of max connection limit {0} on {1} system <<<<<".format(max_list[id-1],vs_system,ratio_limit)) output_perf_data.append(" {0}_current={1};;;{3};".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip())) else: output_status.append("OK! Concurrent connections is {0} on {1} system".format(current,vs_system)) output_perf_data.append(" {0}_current={1};;;{3}; ".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip())) #print output_perf_data exit_status = False for line in output_status: if "Warning" in line: exit_status = True if exit_status: print "\n".join(output_status),"|","".join(output_perf_data) sys.exit(1) elif not exit_status: print "\n".join(output_status),"|","".join(output_perf_data) sys.exit(0)

topic Re: Monitoring VSX - Concurrent Connections in Firewall and Security Management

Monitoring VSX - Concurrent Connections

Re: Monitoring VSX - Concurrent Connections

Re: Monitoring VSX - Concurrent Connections