DX NetOps

Hi All,

I have a scenario to create a watch to monitor Fortigate vdom session count. I checked and all the OIDs are available in the Spectrum MIB. I have discovered the Fortigate Firewall with root vdom.

fgVdEntName - vdom name - 1.3.6.1.4.1.12356.101.3.2.1.1.2

fgVdEntIndex - vdom unique identification - 1.3.6.1.4.1.12356.101.3.2.1.1.1

fgIpSessVdom - vdom sessions - 1.3.6.1.4.1.12356.101.11.2.1.1.8

I need to get vdom session count from the vdom unique identification number where i only know the vdom name.

I need to create a watch to get the vdom unique identification number (fgVdEntIndex) from vdom name (fgVdEntName), then need to get vdom session count (fgIpSessVdom) from vdom unique identification.

Can any one please help me to get this done.

Thanks

Kasun

Hi Guys,

Any idea or any experience on the same?

thanks

Kasun

Kasun,

I took a quick look at this in the lab. The reason why we cannot read the values of the fgVdEntIndex in Spectrum is because the mib defines this attribute as "not-accessible":

fgVdEntIndex OBJECT-TYPE
SYNTAX FgVdIndex (1 .. 2147483647)
ACCESS not-accessible
STATUS current

DESCRIPTION
"Internal virtual domain index used to uniquely identify rows in this table. This index is also used by other tables referencing a virtual domain."
::= { fgVdEntry 1 }

-- 1.3.6.1.4.1.12356.101.3.2.1.1.1

So when that mib is imported into Spectrum, it is not readable:

However, you can use MIB Tools to run a direct query to that attribute and it does return a value:

Reading the fgVdEntName attribute, it looks like the instance is the fgVdEntIndex value:

If so, when reading the fgIpSessVdom, the value can be associate with the name.

An instance of the fgIpSessVdom with a value of "3" is "VPN.

This is an assumption based on what I am seeing. A call to Fortinet can confirm.

As for creating a Watch to find out the number of sessions in vdom, I do not think this can be done in a watch. However, you can run the Command Line Interface (CLI) "show attributes" command to get a list of the vdom names and sessions. This can be scripted to output the info to a comma delimited file and imported into a spreadsheet:

./show attributes attr=0x5b1007d mh=0x100035c
Id Name Iid Value
0x5b1007d fgVdEntName 1 root
0x5b1007d fgVdEntName 2 Transparent
0x5b1007d fgVdEntName 3 VPN

./show attributes attr=0x5b10166 mh=0x100035c
Id Name Iid Value
0x5b10166 fgIpSessVdom 1 3
0x5b10166 fgIpSessVdom 2 1
0x5b10166 fgIpSessVdom 3 3
0x5b10166 fgIpSessVdom 4 1
0x5b10166 fgIpSessVdom 5 1
0x5b10166 fgIpSessVdom 6 1
0x5b10166 fgIpSessVdom 7 1
0x5b10166 fgIpSessVdom 8 1
0x5b10166 fgIpSessVdom 9 1
0x5b10166 fgIpSessVdom 10 1
0x5b10166 fgIpSessVdom 11 1

Joe

Hi Joe,

Can i generate an alarm from these information. My requirement is to have a threshold on session and get an alarm when it breaches the threshold. Im not a scripting guy, if can please guide me with the same and from where can i automate this as well.

many thanks

Kasun

Hi Kasun,

I'd suggest first creating attributes for the fgIpSessVdom OID. Once you have done that, you can create a Watch to monitor the fgIpSessVdom where you will define the threshold and so on.

In the Watch definition window, there is an option to attach a script to it, that will be executed in the SS when the threshold is violated. You can use the template in the file /opt/spectrum/specroot/SS-Tools/SwScript/sw_alrm_script.

Are you using SNMPv2 or v3 to monitor the device?

Based on that I can help you with the polling script.

Regards,

Zacchi

Hi Zacchi,

I'm using SNMPv2, but if i get the attribute fgIpSessVdom it will give all the vdoms sessions. But the requirement is to get an alarm when particular vdom session count breached.

It is much appreciated if you can help me n this.

thanks

Kasun

Hi Kasun,

Please find below a draft that you can use for the Watch script.

I have used (as per Joe's message):

0x5b10166 - Session count

0x5b1007d - VDOM name

0xfff00001 - Newly created event

When you create the event, add only {0}  in the event message, this way it will get the contents from the "text" argument in the create event command.

Let me know if you have further questions.

==========================================================

#!/bin/sh
while [ "$#" -ne 0 ]
do
case "$#"
in
20) DATE=`echo "$1"`;;
19) TIME=`echo "$1"`;;
18) MTYPE_NAME=`echo "$1"`;;
17) MODEL_HANDLE=`echo "$1"`;;
16) MODEL_NAME=`echo "$1"`;;
15) INSTANCE=`echo "$1"`;;
14) ALARM_ID=`echo "$1"`;;
13) CONDITION=`echo "$1"`;;
12) CAUSE_CODE=`echo "$1"`;;
11) REPAIR_PERSON=`echo "$1"`;;
10) ALARM_STATUS=`echo "$1"`;;
9) SCRIPT_TYPE=`echo "$1"`;;
8) WATCH_NAME=`echo "$1"`;;
7) WATCH_CREATOR=`echo "$1"`;;
6) WATCH_SRC=`echo "$1"`;;
5) WATCH_SRC_VAL=`echo "$1"`;;
4) WATCH_REF=`echo "$1"`;;
3) WATCH_REF_VAL=`echo "$1"`;;
2) WATCH_RES=`echo "$1"`;;
1) WATCH_RES_VAL=`echo "$1"`;;
esac
shift
done
export CLIMNAMEWIDTH=64
export CLISESSID=$$
/opt/specroot/vnmsh/connect
export PATH=$PATH:/opt/specroot/vnmsh
rm -f /tmp/sessvdom.txt
show attributes attr=0x5b10166 mh=$MODEL_HANDLE | awk '{print $3" "$4}'| while read index count
do
if [ $count -gt 20 ];then
name=`show attributes attr=0x5b1007d,$index mh=$MODEL_HANDLE | tail -1 | awk '{print $4}'`
echo $name - $count sessions >> /tmp/sessvdom.txt
fi
done
if [ -e /tmp/sessvdom.txt ];then
sessvdom=`cat /tmp/sessvdom.txt`
create event type=0xfff00001 text="The following VDOM have exceeded the threshold for active sessions: $sessvdom." mh=$MODEL_HANDLE
fi
disconnect

==========================================================

Best regards,

Zacchi

Hi Zacchi,

Really appreciated this. I have some questions to you.

How can we going to take vdom session count particular to a vdom name? The only thing we know is vdom name and we need to map the vdom index of it and then get the sessions count from index. Hope you can understand my query. 

./show models | grep K1-1F-DH-C10-R1-CR-FW-1 ( K1-1F-DH-C10-R1-CR-FW-1 - Fortinet Device Name )

mh=$MODEL_HANDLE - this is device modal handle right? 0x106882c

./show attributes attr=0x5b1007d mh=0x106882c

./show attributes attr=0x5b10166 mh=0x106882c - result attached

I want to get the ColudMGMT Vdom session count. Please bare with me. Please guide me with the watch creation too.

thanks

Kasun

Hi Kasun,

That is what this statement does in the script:

#The line below checks the output that you've attached and looks for the data in the last 2 columns (Iid and Value)

show attributes attr=0x5b10166 mh=MODEL_HANDLE | awk '{print $3" "$4}'| while read index count
do

#If the count (value) is over the threshold you want (I used 20 as an example) it will then execute the other commands, which...
if [ $count -gt 20 ];then

#... Get the name using the Index (Iid) data and...
name=`show attributes attr=0x5b1007d,$index mh=MODEL_HANDLE | tail -1 | awk '{print $4}'`

#... Send name and data to a text file which will be used for the event creation.
echo $name - $count sessions >> /tmp/sessvdom.txt
fi
done

Hope this helped.

Regards,

Zacchi

Dear Zacchi,

That means if any of the vdom reach the session count of 20 it will generate an alarm right? can we make this only to a particular vdom without generating alarms on all vdoms?

how can i make this script to run automatically in spectrum?  

many thanks

Kasun

Hi Kasun,

Yes, but what will trigger the script is the Watch.

You need to create a Watch on that model to monitor this attribute: 0x5b10166

Select the attribute by name, add .# at the end select "all instances".

In the "properties" tab, select "Evaluate by polling" and define the polling interval.

In the "threshold" tab, click in Attach threshold and select greater than 20 (as per example), then choose to run the script (no notification, as the script itself will raise the alarm).

Every time the session count is above the threshold, Spectrum will run the script, identify the name of the session that has breached it and create the event.

Regards,

Zacchi

Dear Zacchi,

thank you very much. Appreciate all the effort put in. i will try this.

regards

Kasun

Anytime!

Regards,

Zacchi