- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: How can I monitor BGP state using SNMP?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I monitor BGP state using SNMP?
Hi all,
Somebody know anyway how can I monitor BGP state using SNMP? I've several VPN site-to-site between my on-premisses gateway and AWS cloud.
Att,
Alisson Lima
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's no predefined OID for that but you can create a script that gathers the data you're interested in and probe it via SNMP. See section IV-6 of the SK I previously linked to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PhoneBoy,
Thank you for your response, but I wouldn't to monitor only routing table. Is there any way to monitor only BGP state (Estabilished, Active, Connect or Idle)?
Thank you.
Alisson Lima
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's no predefined OID for that but you can create a script that gathers the data you're interested in and probe it via SNMP. See section IV-6 of the SK I previously linked to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @PhoneBoy , Can you share the Number for SK?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Hugo_Romero The link is above in one of the @PhoneBoy 's replies, but here is the SK number: sk90860
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It looks like Checkpoint now supports the BGP OID -
.1.3.6.1.2.1.15.3.1.3
I opened a TAC case and this is what they referred me too. Running 81.20, so its possible its part of the 81.20 GAIA update
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not sure that's going to do what you hope it might.
bgpPeerFsmEstablishedTime, OID - ".1.3.6.1.2.1.15.3.1.16" may be an alternative depending on your objective.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, that is nice for established time. The point of my post is CP doesn't have this documented anywhere and suggested creating a script etc, when its not needed anymore.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you confirmed this by testing, my understand of the OID you referenced differs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It works very well, in addition I have a nice little to add our SNMP monitoring Dashboard showing peer state, established time etc. Makes it easier for support to look at this dashboard then remoting in to each firewall and running "show bgp peers"
In addition, I created a custom email alert should the BGP Peer state numerical values change from "established" so we get an email alert if a BGP peer session goes down. Since CP only peers with the active, I had to add another SNMP check for "haidentifier" OID so the alert only looks for the state on the active member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whilst it has been a while since this post has received any update, using the link @PhoneBoy provided I was able to successfully set up monitoring for BGP state via a custom SNMP OID.
At a high level
Stopped the SNMP agent
Created a small shell script that basically ran a clish command and grep'd out my desired information, similar to below
echo ''
clish -c "show bgp peers" | egrep -o 'Established|OpenConfirm|OpenSent|Active|Connect|Idle'
echo ''
then I added this as an SNMP extend line to "/etc/snmp/userDefinedSettings.conf", similar to below
extend BGP_Status /bin/sh /var/log/my_script/BGP_Status.sh
restarted the SNMP agent.
tested using the SNMP walk command (you need to have 127.0.0.1 under agent interfaces in order to use localhost)
snmpwalk -t 10 -v 2c -c netw0rks localhost NET-SNMP-AGENT-MIB::nsExtensions
from here i used the translate command
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine.\"BGP_Status\"
The value you get back should allow you to monitor via SNMP
I hope it helps someone to get started at least, it is not the prettiest way to get the state and it wouldn't really work for multiple neighbours but for my scenario, it worked.
