Solved: Re: Monitoring VSX - Concurrent Connections

raquinog · ‎2020-06-08

Hi Everyone:

I recently had a problem in the firewall where it exceeded the concurrent connections of my VSX Firewall (R80.20)

I would like to see if there is a way to monitor each VSX Firewall and that it can monitor concurrent connections and send alert when a threshold is exceeded. Any tool that allows me to do this monitoring?

If I want to monitoring a VSX firewall, Does it have to be with the IP that was registered in the management console?
Can I do it through the other interfaces (internal interface)?

Thanks for your help.

Martin_Valenta · ‎2020-06-09

I have this Python script to monitor concurrent connections on each VS via Nagios Service checks. It's set for using SNMPv3, just update to correct username and correct authentication and privacy encryption and password and should work.

Output is state of each VS and also it's printing performance data for graphing.

from __future__ import division
import subprocess
import argparse
from collections import OrderedDict
from sys import exit
import sys

argpar = argparse.ArgumentParser()
argpar.add_argument("-ip",action="store",dest="host_ip",help="specify IP",required=True) 
argpar.add_argument("-d",action="store_true",dest="debug",help="debugging mode",required=False)
conn_oid = '1.3.6.1.4.1.2620.1.16.23.1.1'
conn_table_entry = OrderedDict()
conn_table_entry["enterprises.2620.1.16.23.1.1.3"]= "current"  #0=OK, 1=Warning, 2=Error
conn_table_entry["enterprises.2620.1.16.23.1.1.4"] = "peak"  #0=to log servers, 1=local configured, 2=local due to connectivity issues,3=local due to high rate
conn_table_entry["enterprises.2620.1.16.23.1.1.10"]= "max"
results = argpar.parse_args()
ip = results.host_ip
debug = results.debug
def get_context_name(ip,oid): 
    try:
        snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -a MD5 -A AuthPW -l authPriv -x DES -X PrivacyPW -u snmpv3User -Oqv {0} 1.3.6.1.4.1.2620.1.16.22.1.1.3 ".format(ip), shell=True, stdout=subprocess.PIPE).stdout.read()    
        snmp_query = snmp_query.split("\n")        
        if debug:
            for item in snmp_query:
                print item
        if " No Such Instance currently exists at this OID" in snmp_query[0]:
            return False
        else:
            return snmp_query
    except Exception as e:
        print "Looks like snmp issue"
        print e
        print ip, oid
def parse_context_name(snmp_output):  
    data_list = dict() 
    snmp_output = snmp_output[:-1] 
    for id,line in enumerate(snmp_output):        
        data_list[id+1] = line.strip('"')
    return data_list    
def get_snmp_table(ip,oid): 
    try:
        snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -c AuthPW -a MD5 -A PrivacyPW -l authPriv -x DES -X g3tt0d@CH0PP@ -u snmpv3User -Onsq {0} {1} ".format(ip,oid), shell=True, stdout=subprocess.PIPE).stdout.read()    
        snmp_query = snmp_query.split("\n")        
        if debug:
            for item in snmp_query:
                print item
        if " No Such Instance currently exists at this OID" in snmp_query[0]:
            return False
        else:
            return snmp_query
    except Exception as e:
        print "Looks like snmp issue"
        print e
        print ip, oid
def parse_snmp_output(snmp_output,context_names):
    snmp_output = snmp_output[:-1] 
    data_list = list()
    matched_data_dict = dict()
    current = "enterprises.2620.1.16.23.1.1.2"
    peak = "enterprises.2620.1.16.23.1.1.3"
    max = "enterprises.2620.1.16.23.1.1.4"
    conn_stat = dict()
    current_list = list()
    peak_list = list()
    max_list = list()
    for line in snmp_output:        
        data_list.append(line)        
        oid,value = line.split(".0")
        #print oid,value
        if oid.startswith(current):
            current_list.append(value)
        elif oid.startswith(peak):
            peak_list.append(value)
        elif oid.startswith(max):
            max_list.append(value)
    return current_list,peak_list,max_list
        

if __name__ == "__main__":
    context_names =  get_context_name(ip,conn_oid)  
    results = parse_context_name(context_names)
    results.pop(1)
    # print results
    conn_lines=  get_snmp_table(ip,conn_oid)
    current_list,peak_list,max_list = parse_snmp_output(conn_lines,results)
    warning_for = list()
    output_status = list()
    output_perf_data = list()
    for id,name in results.iteritems(): 
        # prefix,vs_system = name.split("01_")
        vs_system = name
        max = max_list[id-1]
        current = current_list[id-1]
        peak = peak_list[id-1]
        #print vs_system,current_list[id-1],peak_list[id-1],max_list[id-1]  
        ratio = int(current)/int(max) * 100
        ratio_limit = 80
        if int(ratio) > ratio_limit:
            output_status.append("Warning! Concurrent connections is above {2} % of max connection limit {0} on {1} system <<<<<".format(max_list[id-1],vs_system,ratio_limit))
            output_perf_data.append(" {0}_current={1};;;{3};".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
        else:
            output_status.append("OK! Concurrent connections is {0} on {1} system".format(current,vs_system))
            output_perf_data.append(" {0}_current={1};;;{3}; ".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
    #print output_perf_data        
    exit_status = False
    for line in output_status:
        if "Warning" in line:  
            exit_status = True
            
    if exit_status:        
        print "\n".join(output_status),"|","".join(output_perf_data)
        sys.exit(1)
    elif not exit_status:
        print "\n".join(output_status),"|","".join(output_perf_data)
        sys.exit(0)

View solution in original post

Maarten_Sjouw · ‎2020-06-08

You can read the values with a SNMP tool/monitoring system like CheckMK or Solarwinds. In those tools you can set thresholds for specific values to alert you.
In VSX itself you can set the monitoring per VS or per machine., in the latter case you can still monitor the per VS connections via VS0.

Regards, Maarten

Martin_Valenta · ‎2020-06-09

I have this Python script to monitor concurrent connections on each VS via Nagios Service checks. It's set for using SNMPv3, just update to correct username and correct authentication and privacy encryption and password and should work.

Output is state of each VS and also it's printing performance data for graphing.

from __future__ import division
import subprocess
import argparse
from collections import OrderedDict
from sys import exit
import sys

argpar = argparse.ArgumentParser()
argpar.add_argument("-ip",action="store",dest="host_ip",help="specify IP",required=True) 
argpar.add_argument("-d",action="store_true",dest="debug",help="debugging mode",required=False)
conn_oid = '1.3.6.1.4.1.2620.1.16.23.1.1'
conn_table_entry = OrderedDict()
conn_table_entry["enterprises.2620.1.16.23.1.1.3"]= "current"  #0=OK, 1=Warning, 2=Error
conn_table_entry["enterprises.2620.1.16.23.1.1.4"] = "peak"  #0=to log servers, 1=local configured, 2=local due to connectivity issues,3=local due to high rate
conn_table_entry["enterprises.2620.1.16.23.1.1.10"]= "max"
results = argpar.parse_args()
ip = results.host_ip
debug = results.debug
def get_context_name(ip,oid): 
    try:
        snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -a MD5 -A AuthPW -l authPriv -x DES -X PrivacyPW -u snmpv3User -Oqv {0} 1.3.6.1.4.1.2620.1.16.22.1.1.3 ".format(ip), shell=True, stdout=subprocess.PIPE).stdout.read()    
        snmp_query = snmp_query.split("\n")        
        if debug:
            for item in snmp_query:
                print item
        if " No Such Instance currently exists at this OID" in snmp_query[0]:
            return False
        else:
            return snmp_query
    except Exception as e:
        print "Looks like snmp issue"
        print e
        print ip, oid
def parse_context_name(snmp_output):  
    data_list = dict() 
    snmp_output = snmp_output[:-1] 
    for id,line in enumerate(snmp_output):        
        data_list[id+1] = line.strip('"')
    return data_list    
def get_snmp_table(ip,oid): 
    try:
        snmp_query = subprocess.Popen("snmpbulkwalk -v 3 -c AuthPW -a MD5 -A PrivacyPW -l authPriv -x DES -X g3tt0d@CH0PP@ -u snmpv3User -Onsq {0} {1} ".format(ip,oid), shell=True, stdout=subprocess.PIPE).stdout.read()    
        snmp_query = snmp_query.split("\n")        
        if debug:
            for item in snmp_query:
                print item
        if " No Such Instance currently exists at this OID" in snmp_query[0]:
            return False
        else:
            return snmp_query
    except Exception as e:
        print "Looks like snmp issue"
        print e
        print ip, oid
def parse_snmp_output(snmp_output,context_names):
    snmp_output = snmp_output[:-1] 
    data_list = list()
    matched_data_dict = dict()
    current = "enterprises.2620.1.16.23.1.1.2"
    peak = "enterprises.2620.1.16.23.1.1.3"
    max = "enterprises.2620.1.16.23.1.1.4"
    conn_stat = dict()
    current_list = list()
    peak_list = list()
    max_list = list()
    for line in snmp_output:        
        data_list.append(line)        
        oid,value = line.split(".0")
        #print oid,value
        if oid.startswith(current):
            current_list.append(value)
        elif oid.startswith(peak):
            peak_list.append(value)
        elif oid.startswith(max):
            max_list.append(value)
    return current_list,peak_list,max_list
        

if __name__ == "__main__":
    context_names =  get_context_name(ip,conn_oid)  
    results = parse_context_name(context_names)
    results.pop(1)
    # print results
    conn_lines=  get_snmp_table(ip,conn_oid)
    current_list,peak_list,max_list = parse_snmp_output(conn_lines,results)
    warning_for = list()
    output_status = list()
    output_perf_data = list()
    for id,name in results.iteritems(): 
        # prefix,vs_system = name.split("01_")
        vs_system = name
        max = max_list[id-1]
        current = current_list[id-1]
        peak = peak_list[id-1]
        #print vs_system,current_list[id-1],peak_list[id-1],max_list[id-1]  
        ratio = int(current)/int(max) * 100
        ratio_limit = 80
        if int(ratio) > ratio_limit:
            output_status.append("Warning! Concurrent connections is above {2} % of max connection limit {0} on {1} system <<<<<".format(max_list[id-1],vs_system,ratio_limit))
            output_perf_data.append(" {0}_current={1};;;{3};".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
        else:
            output_status.append("OK! Concurrent connections is {0} on {1} system".format(current,vs_system))
            output_perf_data.append(" {0}_current={1};;;{3}; ".format(vs_system,current_list[id-1].strip(),peak_list[id-1],max_list[id-1].strip()))
    #print output_perf_data        
    exit_status = False
    for line in output_status:
        if "Warning" in line:  
            exit_status = True
            
    if exit_status:        
        print "\n".join(output_status),"|","".join(output_perf_data)
        sys.exit(1)
    elif not exit_status:
        print "\n".join(output_status),"|","".join(output_perf_data)
        sys.exit(0)

Monitoring VSX - Concurrent Connections

Error 00351 - SMB Appliance

Output cpstat ha in cpinfo

Can someone please clear my doubts about CP Networ...

SAR - System Activity Report - multi day informati...

Stealth rule drops inbound connection

Are you a member of CheckMates?