While using PRTG to monitor our firewalls, we found by default it could not poll Juniper SRX’s CPU and flow information with auto discovery method. From command line, we are able to use following SNMP Mib to get CPU, Memory and Flow Session information, but not directly from PRTG.
PRTG is powerful network monitoring tools for enterprise with following features I likes :
- Easy to deployment, as it said it can be installed in 2 minutes
- Auto discovery methods to find monitoring elements.
- Support distribution implementation. You could install agents it in multiple location.
- Support Multiple protocols, such as SNMP, WMI, Netflow, jflow and sFlow etc.
- Web Interface is quite intuitionistic
- Email function
- etc
1. SRX 240 SPU Mib Information
admin@fw-srx-1> show chassis hardware
node0:————————————————————————–Hardware inventory:Item Version Part number Serial number DescriptionChassis AG1912110058 SRX240HRouting Engine REV 51 750-021793 AAEP4868 RE-SRX240HFPC 0 FPC PIC 0 16x GE Base PICPower Supply 0
node1:————————————————————————–Hardware inventory:Item Version Part number Serial number DescriptionChassis AG0912110078 SRX240HRouting Engine REV 50 750-021793 AAEK3334 RE-SRX240HFPC 0 FPC PIC 0 16x GE Base PICPower Supply 0
admin@fw-srx-1> show security monitoring fpc 0
node0:————————————————————————–FPC 0 PIC 0 CPU utilization : 2 % Memory utilization : 78 % Current flow session : 191 Current flow session IPv4: 191 Current flow session IPv6: 0 Max flow session : 65536Total Session Creation Per Second (for last 96 seconds on average): 25IPv4 Session Creation Per Second (for last 96 seconds on average): 25IPv6 Session Creation Per Second (for last 96 seconds on average): 0
node1:————————————————————————–FPC 0 PIC 0 CPU utilization : 0 % Memory utilization : 77 % Current flow session : 135 Current flow session IPv4: 135 Current flow session IPv6: 0 Max flow session : 65536Total Session Creation Per Second (for last 96 seconds on average): 1IPv4 Session Creation Per Second (for last 96 seconds on average): 1IPv6 Session Creation Per Second (for last 96 seconds on average): 0
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.4.0 jnxJsSPUMonitoringCPUUsage.0 = 0
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.5.0 jnxJsSPUMonitoringMemoryUsage.0 = 78
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6.0 jnxJsSPUMonitoringCurrentFlowSession.0 = 175
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.7.0 jnxJsSPUMonitoringMaxFlowSession.0 = 65536
2. Add sensors into PRTG
Since we already have MIB information in the SRX, here is the manual way to add those information into PRTG.
3. SRX1400 Mib Information
For SRX1400, SPU is in the different slot, you will just need to change slot number from 0 to 1.
{primary:node0}
admin@fw-1400-1> show chassis hardware node0:————————————————————————–Hardware inventory:Item Version Part number Serial number DescriptionChassis BH1114AJ0027 SRX 1400Midplane REV 11 711-111012 ACDN7611 SRX1k BackplanePEM 0 rev 11 740-112015 J027MY002311P AC Power SupplyPEM 1 rev 11 740-112015 J027MW001S11P AC Power SupplyCB 0 REV 12 750-112544 ACDL8977 SRX1K-RE-12-10 Routing Engine BUILTIN BUILTIN Routing Engine CPP BUILTIN BUILTIN Central PFE Processor Mezz REV 09 710-021115 ACDM9055 SRX HD Mezzanine CardFPC 0 REV 19 750-111019 ACDL1005 SRX1k 10GE SYSIO PIC 0 BUILTIN BUILTIN 6x 1GE RJ45 3x 1GE SFP 3x 10GE SFP+ Xcvr 6 NON-JNPR 00000MTC1131006V SFP-T Xcvr 7 NON-JNPR JUR1835GCWP SFP+-10G-SR Xcvr 8 Yrod NON-JNPR JUR1835G6WY SFP+-10G-SR Xcvr 9 NON-JNPR JUR1835GU90 SFP+-10G-SRFPC 1 REV 12 750-112543 ACDJ6935 SRX1k Dual Wide NPC+SPC Support Card PIC 0 BUILTIN BUILTIN SPU Cp-FlowFPC 3 REV 19 710-017865 ACDR5442 BUILTIN NPC PIC 0 BUILTIN BUILTIN NPC PICFan Tray -N/A- -N/A- -N/A- SRX 1400 Fan Tray
node1:————————————————————————–Hardware inventory:Item Version Part number Serial number DescriptionChassis BH1114AJ0011 SRX 1400Midplane REV 11 711-111012 ACDM5607 SRX1k BackplanePEM 0 rev 11 740-112015 J027MY004011P AC Power SupplyPEM 1 rev 11 740-112015 J027LS004011P AC Power SupplyCB 0 REV 12 750-112544 ACDL8984 SRX1K-RE-12-10 Routing Engine BUILTIN BUILTIN Routing Engine CPP BUILTIN BUILTIN Central PFE Processor Mezz REV 09 710-021115 ACDM9054 SRX HD Mezzanine CardFPC 0 REV 19 750-111019 ACDM8051 SRX1k 10GE SYSIO PIC 0 BUILTIN BUILTIN 6x 1GE RJ45 3x 1GE SFP 3x 10GE SFP+ Xcvr 6 NON-JNPR 00000MTC123511UD SFP-T Xcvr 7 Vo NON-JNPR JUR1835GB6J SFP+-10G-SR Xcvr 8 NON-JNPR JUR1835GCWT SFP+-10G-SR Xcvr 9 NON-JNPR JUR1833GMZN SFP+-10G-SRFPC 1 REV 12 750-112543 ACDJ6938 SRX1k Dual Wide NPC+SPC Support Card PIC 0 BUILTIN BUILTIN SPU Cp-FlowFPC 3 REV 19 710-017865 ACDS1404 BUILTIN NPC PIC 0 BUILTIN BUILTIN NPC PICFan Tray -N/A- -N/A- -N/A- SRX 1400 Fan Tray
admin@fw-1400-1> show security monitoring fpc 1
node0:————————————————————————–FPC 1 PIC 0 CPU utilization : 2 % Memory utilization : 72 % Current flow session : 2085 Current flow session IPv4: 2085 Current flow session IPv6: 0 Max flow session : 1048576 Current CP session : 1914 Current CP session IPv4: 1914 Current CP session IPv6: 0 Max CP session : 1048576Total Session Creation Per Second (for last 96 seconds on average): 34IPv4 Session Creation Per Second (for last 96 seconds on average): 34IPv6 Session Creation Per Second (for last 96 seconds on average): 0
node1:————————————————————————–FPC 1 PIC 0 CPU utilization : 0 % Memory utilization : 70 % Current flow session : 1844 Current flow session IPv4: 1844 Current flow session IPv6: 0 Max flow session : 1048576 Current CP session : 1844 Current CP session IPv4: 1844 Current CP session IPv6: 0 Max CP session : 1048576Total Session Creation Per Second (for last 96 seconds on average): 0IPv4 Session Creation Per Second (for last 96 seconds on average): 0IPv6 Session Creation Per Second (for last 96 seconds on average): 0{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.4.1
jnxJsSPUMonitoringCPUUsage.1 = 1
{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.5.1 jnxJsSPUMonitoringMemoryUsage.1 = 72{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.6.1 jnxJsSPUMonitoringCurrentFlowSession.1 = 2245
{primary:node0}
admin@fw-1400-1> show snmp mib get 1.3.6.1.4.1.2636.3.39.1.12.1.1.1.7.1 jnxJsSPUMonitoringMaxFlowSession.1 = 1048576
4. CPU for Routing Engine
SRX branch also have a SPU (Service Processing Unit). Considering SRX branch doesn’t have a dedicated SPU chip, but due to it’s muticore infrasture, it will use one logical core act as RE, and other logical core act as SPU, this SPU always sit in FPC0.
The following MIB is for Routing Engine CPU Poll.
{primary:node0}
admin@fw-srx-1> show snmp mib walk 1.3.6.1.4.1.2636.3.1.13.1.5 jnxOperatingDescr.1.1.0.0 = node0 midplanejnxOperatingDescr.1.2.0.0 = node1 midplanejnxOperatingDescr.2.1.0.0 = node0 PEM 0jnxOperatingDescr.2.2.0.0 = node1 PEM 0jnxOperatingDescr.4.1.0.0 = node0 SRX240 PowerSupply fan 1jnxOperatingDescr.4.2.0.0 = node0 SRX240 PowerSupply fan 2jnxOperatingDescr.4.3.0.0 = node0 SRX240 CPU fan 1jnxOperatingDescr.4.4.0.0 = node0 SRX240 CPU fan 2jnxOperatingDescr.4.5.0.0 = node0 SRX240 IO fan 1jnxOperatingDescr.4.6.0.0 = node0 SRX240 IO fan 2jnxOperatingDescr.4.7.0.0 = node1 SRX240 PowerSupply fan 1jnxOperatingDescr.4.8.0.0 = node1 SRX240 PowerSupply fan 2jnxOperatingDescr.4.9.0.0 = node1 SRX240 CPU fan 1jnxOperatingDescr.4.10.0.0 = node1 SRX240 CPU fan 2jnxOperatingDescr.4.11.0.0 = node1 SRX240 IO fan 1jnxOperatingDescr.4.12.0.0 = node1 SRX240 IO fan 2jnxOperatingDescr.7.1.0.0 = node0 FPC: FPC @ 0/*/*jnxOperatingDescr.7.6.0.0 = node1 FPC: FPC @ 0/*/*jnxOperatingDescr.8.1.1.0 = node0 PIC: 16x GE Base PIC @ 0/0/*jnxOperatingDescr.8.6.1.0 = node1 PIC: 16x GE Base PIC @ 0/0/*jnxOperatingDescr.9.1.0.0 = node0 Routing EnginejnxOperatingDescr.9.1.1.0 = node0 USB HubjnxOperatingDescr.9.2.0.0 = node1 Routing EnginejnxOperatingDescr.9.2.1.0 = node1 USB Hub
{primary:node0}
admin@fw-srx-1> show snmp mib walk 1.3.6.1.4.1.2636.3.1.13.1.8 jnxOperatingCPU.1.1.0.0 = 0jnxOperatingCPU.1.2.0.0 = 0jnxOperatingCPU.2.1.0.0 = 0jnxOperatingCPU.2.2.0.0 = 0jnxOperatingCPU.4.1.0.0 = 0jnxOperatingCPU.4.2.0.0 = 0jnxOperatingCPU.4.3.0.0 = 0jnxOperatingCPU.4.4.0.0 = 0jnxOperatingCPU.4.5.0.0 = 0jnxOperatingCPU.4.6.0.0 = 0jnxOperatingCPU.4.7.0.0 = 0jnxOperatingCPU.4.8.0.0 = 0jnxOperatingCPU.4.9.0.0 = 0jnxOperatingCPU.4.10.0.0 = 0jnxOperatingCPU.4.11.0.0 = 0jnxOperatingCPU.4.12.0.0 = 0jnxOperatingCPU.7.1.0.0 = 0jnxOperatingCPU.7.6.0.0 = 0jnxOperatingCPU.8.1.1.0 = 0jnxOperatingCPU.8.6.1.0 = 0jnxOperatingCPU.9.1.0.0 = 19jnxOperatingCPU.9.1.1.0 = 0jnxOperatingCPU.9.2.0.0 = 8jnxOperatingCPU.9.2.1.0 = 0
admin@fw-srx-1> show snmp mib get 1.3.6.1.4.1.2636.3.1.13.1.8.9.1.0.0 jnxOperatingCPU.9.1.0.0 = 19
{primary:node0}
admin@fw-srx-1> show chassis routing-engine | find “CPU utilization”
Reference
- SRX SNMP monitoring best practice
- MIBs for Monitoring CPU and Memory on SRX240
- How can I use a trusted SSL certificate with the PRTG web interface?
cpu monitor
CPU Monitor is a lightweight Java app that uses Secure Shell (ssh) to scrape
information from a server and chart its configuration and current load. It
communicates directly with the server and as a result doesn’t require an agent to
be running on the target. It currently supports Linux, Solaris and Mac OS servers
with more OS’s coming shortly.
CPU monitor is designed to be easy to configure and install and is sufficiently
lightweight not to place an unacceptable burden on the server. It uses a simple
XML file to specify the servers to monitor and is ideal for monitoring clustered
configurations.
It also allows the recording of the load to a file for further analysis
The following features will be added shortly
Support for AIX and HP-UX
A Character mode
A Table Mode
Network Monitoring
Further statistics collection
Source code for information scraping. Allowing improvements on current
statistic collection or support for new OS's
more info
http://egyvedio2015.blogspot.com/
https://www.youtube.com/watch?v=iCYZPcaPWls