Security Management

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  If Syslog not sent

    Posted 11-05-2020 05:53

    Hello Community!

     

    I am seeking for a solution to create an alert if there was no syslog message received by NMS for a specified period of time.

    I gave up trying to set that up in NMS's we are using, so I wondering if there's a way to implement that on JunOS side.

     

    Implied logic:

    1. JunOS device determines that there's no syslog sent to remote host (last day for example)
    2. Then it generates custom syslog/SNMP trap based on this problem.

     

    I believe I'm missing something obvious here, but i haven't come up with anything yet.

    Will appreciate any thoughts on this.

     

    Thank you in advance.


    #syslog
    #SNMP
    #trap


  • 2.  Re: If Syslog not sent

    Posted 11-05-2020 22:42

    Hello,

    This should be pretty easy with JUNOS FW filter counters and RMON alarm.

    Rough algorithm:

    1/ configure a FW filter to match on syslog packets + counter. This counter is exposed in SNMP by default.

    2/ configure RMON alarm to monitor this counter' delta value with interval  86400 secs (24 hours)

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/alarm-entry-attributes-configuring-junos-nm.html

    3/ add corresponding event with trap https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/event-entry-and-attributes-configuring-junos-nm.html

    https://www.juniper.net/documentation/en_US/junos/topics/example/rmon-alarm-and-event-configuring-junos-nm.html

    HTH

    Thx

    Alex