Security Management

  • 1.  If Syslog not sent

    Posted 11-05-2020 05:53

    Hello Community!

     

    I am seeking for a solution to create an alert if there was no syslog message received by NMS for a specified period of time.

    I gave up trying to set that up in NMS's we are using, so I wondering if there's a way to implement that on JunOS side.

     

    Implied logic:

    1. JunOS device determines that there's no syslog sent to remote host (last day for example)
    2. Then it generates custom syslog/SNMP trap based on this problem.

     

    I believe I'm missing something obvious here, but i haven't come up with anything yet.

    Will appreciate any thoughts on this.

     

    Thank you in advance.


    #syslog
    #SNMP
    #trap


  • 2.  Re: If Syslog not sent

    Posted 11-05-2020 22:42

    Hello,

    This should be pretty easy with JUNOS FW filter counters and RMON alarm.

    Rough algorithm:

    1/ configure a FW filter to match on syslog packets + counter. This counter is exposed in SNMP by default.

    2/ configure RMON alarm to monitor this counter' delta value with interval  86400 secs (24 hours)

    https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/alarm-entry-attributes-configuring-junos-nm.html

    3/ add corresponding event with trap https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/event-entry-and-attributes-configuring-junos-nm.html

    https://www.juniper.net/documentation/en_US/junos/topics/example/rmon-alarm-and-event-configuring-junos-nm.html

    HTH

    Thx

    Alex