SRX

 View Only
last person joined: 6 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  How to send SNMP traps when SecIntel Feed Channel goes down or up?

    Posted 04-21-2023 08:47

    Dear all,
    we are looking for a way that an SRX4100 (Junos 21.2R3-S2.9) can send SNMP traps to NMS system if the SecIntel Feed is not working or working again.
    In the MIB there are definitions for the following traps:
      jnxJsSecIntelChannelDown
      jnxJsSecIntelChannelUp

    We configured "set snmp trap-group XXX category services" (besides other categories) and in general traps are sent fine.
    However, the following log message entries did not send any SNMP trap:
    Apr 14 10:24:40  hostname ipfd[25541]: SECINTEL_NETWORK_CONNECT_FAILED
    Apr 14 10:24:40  hostname alarmd[25254]: Alarm set: IPFD id=-1677721599, color=RED, class=CHASSIS, reason=SecIntel channel down, it will impact SecIntel functionality
    Apr 14 10:30:06  hostname alarmd[25254]: Alarm cleared: IPFD id=-1677721599, color=RED, class=CHASSIS, reason=SecIntel channel down, it will impact SecIntel functionality

    I know it would be possible to have an event script sending a jnxJsSecIntelChannelDown trap when the event SECINTEL_HTTP_ACCESS_FAILED appears.

    But there does not seem to be any way to send jnxJsSecIntelChannelUp traps by event scripts as there are no such events logged.

    Any ideas how to enable SNMP traps for SecIntel feeds completely? Also recommended workarounds are welcome.

    Best regards
    Stefan




  • 2.  RE: How to send SNMP traps when SecIntel Feed Channel goes down or up?
    Best Answer

    Posted 04-21-2023 09:01

    you can create an event policy that would raise a trap when certain event log messages are seen.

    https://www.juniper.net/documentation/us/en/software/junos/automation-scripting/topics/concept/junos-script-automation-event-policy-raising-snmp-traps-overview.html#:~:text=SNMP%20traps%20enable%20an%20agent%20to%20notify%20a,for%20the%20event%20is%20converted%20into%20a%20trap.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------