Security Management

  • 1.  If Syslog not sent

    Posted 11-05-2020 05:53

    Hello Community!


    I am seeking for a solution to create an alert if there was no syslog message received by NMS for a specified period of time.

    I gave up trying to set that up in NMS's we are using, so I wondering if there's a way to implement that on JunOS side.


    Implied logic:

    1. JunOS device determines that there's no syslog sent to remote host (last day for example)
    2. Then it generates custom syslog/SNMP trap based on this problem.


    I believe I'm missing something obvious here, but i haven't come up with anything yet.

    Will appreciate any thoughts on this.


    Thank you in advance.


  • 2.  Re: If Syslog not sent

    Posted 11-05-2020 22:42


    This should be pretty easy with JUNOS FW filter counters and RMON alarm.

    Rough algorithm:

    1/ configure a FW filter to match on syslog packets + counter. This counter is exposed in SNMP by default.

    2/ configure RMON alarm to monitor this counter' delta value with interval  86400 secs (24 hours)

    3/ add corresponding event with trap