Mailing List Archive

ANNOUNCE: junfwpoll, SNMP poller for firewall filter counters
juniper-nsp folks,

FYI, I've just made the following utility available under GPL terms:

junfwpoll - a JUNiper router FireWall filter snmp POLLer.

junfwpoll is an mrtg-like utility which polls the counter values
from the firewall filters configured on Juniper routers.
It creates ".rrd" files with names matching the router and its
filter counter names, each containing a bytes and a pkts data
source suitable for graphing using RRGrapher or RRDTOOL.

The current revision of junfwpoll is available here:

http://net.doit.wisc.edu/~plonka/junfwpoll/

Please see the attached README file, which is also located in that HTTP
download directory, for more information.

Dave

--
plonka@doit.wisc.edu http://net.doit.wisc.edu/~plonka ARS:N9HZF Madison, WI
-------------- next part --------------
README for junfwpoll
--------------------

intro
-----

junfwpoll - a JUNiper router FireWall filter snmp POLLer.

junfwpoll is an mrtg-like utility which polls the counter values
from the firewall filters configured on Juniper routers.
It creates ".rrd" files with names matching the router and its
filter counter names, each containing a bytes and a pkts data
source suitable for graphing using RRGrapher or RRDTOOL.

prerequisites
-------------

- perl version 5

- Altoids:

http://net.doit.wisc.edu/~plonka/Altoids/

- RRDTOOL:

http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/

- some familiarity with MRTG and RRDTOOL

usage
-----

junfwpoll [-v|n] [-m] [-c default_community] [community@]host [...]
-v - verbose (mnemonic: 'v'erbose)
-n - don't create or update RRD files, just show counters (implies "-v")
(mnemonic: 'n'o, don't do anything)
-m - name the data sources "ds0" and "ds1", rather than "pkts" and
"bytes", respectively, ala MRTG when "LogFormat: rrdtool" is set.
(mnemonic: 'm'rtg mode)
-h - shows this usage information
(mnemonic: 'h'elp)

The first time you run junfwpoll on a given router, try it out by
using the "-n" option. This will cause it to display the firewall
filter counters and their values, but not create nor update the RRD
files. For instance:

$ ./junfwpoll -n public@router
router.jnxFWCounterPacketCount.Inbound-Filters.spoofed.2 = 106022
router.jnxFWCounterPacketCount.Inbound-Filters.bogons-inbound.2 = 1900598
router.jnxFWCounterPacketCount.Inbound-Filters.ms-sql-worm.2 = 45787937
...
router.jnxFWCounterByteCount.Inbound-Filters.spoofed.2 = 9048609
router.jnxFWCounterByteCount.Inbound-Filters.ms-sql-worm.2 = +18489275890
router.jnxFWCounterByteCount.Inbound-Filters.bogons-inbound.2 = 153759455
...

Once that works, you're ready to poll the counters again and record
the initial values into RRD files:

$ cd /path/to/dir/for/rrd/files
$ $HOME/perl/junfwpoll -v public@router

That should result in files such as the following (assuming you have
some similarly configured firewall filters with couters):

router_Inbound-Filters_bogons-inbound.rrd
router_Inbound-Filters_ms-sql-worm.rrd
router_Inbound-Filters_spoofed.rrd

Then typically junfwpoll is scheduled to run every five minutes by
configuring it in a crontab like this:

0,5,10,15,20,25,30,35,40,45,50,55 * * * * cd /path/to/dir/for/rrd/files >/dev/null && $HOME/perl/junfwpoll public@router

--
Dave Plonka, Jun 14 2003