- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi all,
Somebody know anyway how can I monitor BGP state using SNMP? I've several VPN site-to-site between my on-premisses gateway and AWS cloud.
Att,
Alisson Lima
There's no predefined OID for that but you can create a script that gathers the data you're interested in and probe it via SNMP. See section IV-6 of the SK I previously linked to.
Hi PhoneBoy,
Thank you for your response, but I wouldn't to monitor only routing table. Is there any way to monitor only BGP state (Estabilished, Active, Connect or Idle)?
Thank you.
Alisson Lima
There's no predefined OID for that but you can create a script that gathers the data you're interested in and probe it via SNMP. See section IV-6 of the SK I previously linked to.
Whilst it has been a while since this post has received any update, using the link @PhoneBoy provided I was able to successfully set up monitoring for BGP state via a custom SNMP OID.
At a high level
Stopped the SNMP agent
Created a small shell script that basically ran a clish command and grep'd out my desired information, similar to below
echo ''
clish -c "show bgp peers" | egrep -o 'Established|OpenConfirm|OpenSent|Active|Connect|Idle'
echo ''
then I added this as an SNMP extend line to "/etc/snmp/userDefinedSettings.conf", similar to below
extend BGP_Status /bin/sh /var/log/my_script/BGP_Status.sh
restarted the SNMP agent.
tested using the SNMP walk command (you need to have 127.0.0.1 under agent interfaces in order to use localhost)
snmpwalk -t 10 -v 2c -c netw0rks localhost NET-SNMP-AGENT-MIB::nsExtensions
from here i used the translate command
snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine.\"BGP_Status\"
The value you get back should allow you to monitor via SNMP
I hope it helps someone to get started at least, it is not the prettiest way to get the state and it wouldn't really work for multiple neighbours but for my scenario, it worked.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY