4. Monitoring¶
4.1. KPI¶
The following commands will export KPIs to a time-series database hosted by the LAN host, and which can then be used with a graphical tool, like Grafana.
secgw1> edit running
secgw1 running config# / vrf main kpi telegraf
secgw1 running telegraf# metrics monitored-interface vrf main name ntfp1
secgw1 running telegraf# metrics monitored-interface vrf main name ntfp2
secgw1 running telegraf# metrics monitored-interface vrf main name ntfp3
secgw1 running telegraf# influxdb-output url http://172.30.0.10:8086 database telegraf
secgw1 running telegraf# commit
Configuration committed.
See also
The User’s Guide for more information about KPIs
4.2. SNMP¶
4.2.1. Configuration¶
The following commands set a minimal SNMP support. Let’s set a monitor
community and authorize the LAN host to poll SNMP MIBs and information
from the Security Gateways.
secgw1 running telegraf# / vrf main snmp
secgw1 running snmp# static-info
secgw1 running static-info# location paris
secgw1 running static-info# contact noc@6wind.com
secgw1 running static-info# .. community local
secgw1 running community local#! authorization read-only
secgw1 running community local# source 127.0.0.1
secgw1 running community local# .. community monitor
secgw1 running community monitor#! authorization read-only
secgw1 running community monitor# source 172.30.0.10
secgw1 running community monitor# commit
Configuration committed.
4.2.2. Monitoring¶
From the LAN host, we can now browse the SNMP MIB of the Security Gateways:
root@hostlan:~# snmpwalk -c monitor -v 2c 172.30.0.2
iso.3.6.1.2.1.1.1.0 = STRING: "Linux secgw1 5.3.0-42-generic #34~18.04.1-Ubuntu SMP Fri Feb 28 13:42:26 UTC 2020 x86_64"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
iso.3.6.1.2.1.1.3.0 = Timeticks: (36263) 0:06:02.63
iso.3.6.1.2.1.1.4.0 = STRING: "noc@6wind.com"
iso.3.6.1.2.1.1.5.0 = STRING: "secgw1"
iso.3.6.1.2.1.1.6.0 = STRING: "paris"
iso.3.6.1.2.1.1.8.0 = Timeticks: (1) 0:00:00.01
iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.1
iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.16.2.2.1
iso.3.6.1.2.1.1.9.1.2.3 = OID: iso.3.6.1.2.1.49
iso.3.6.1.2.1.1.9.1.2.4 = OID: iso.3.6.1.2.1.4
iso.3.6.1.2.1.1.9.1.2.5 = OID: iso.3.6.1.2.1.50
iso.3.6.1.2.1.1.9.1.2.6 = OID: iso.3.6.1.6.3.13.3.1.3
[...]
The 6WIND custom IKE MIB provides information about the currently established VPNs:
root@hostlan:~# snmpwalk -c monitor -v 2c 172.30.0.2 .1.3.6.1.4.1.7336.2.1
iso.3.6.1.4.1.7336.2.1.1.2.1.6.1.4.1.1.1.1.50.3472877975.0 = Gauge32: 0
iso.3.6.1.4.1.7336.2.1.1.2.1.6.1.4.2.2.2.2.50.3231952047.0 = Gauge32: 0
iso.3.6.1.4.1.7336.2.1.1.2.1.6.1.4.66.66.66.66.50.3300045186.0 = Gauge32: 0
iso.3.6.1.4.1.7336.2.1.1.2.1.6.1.4.66.66.66.66.50.3422768795.0 = Gauge32: 0
iso.3.6.1.4.1.7336.2.1.1.2.1.7.1.4.1.1.1.1.50.3472877975.0 = INTEGER: 1
iso.3.6.1.4.1.7336.2.1.1.2.1.7.1.4.2.2.2.2.50.3231952047.0 = INTEGER: 1
iso.3.6.1.4.1.7336.2.1.1.2.1.7.1.4.66.66.66.66.50.3300045186.0 = INTEGER: 1
iso.3.6.1.4.1.7336.2.1.1.2.1.7.1.4.66.66.66.66.50.3422768795.0 = INTEGER: 1
iso.3.6.1.4.1.7336.2.1.1.2.1.8.1.4.1.1.1.1.50.3472877975.0 = STRING: "BBBB"
iso.3.6.1.4.1.7336.2.1.1.2.1.8.1.4.2.2.2.2.50.3231952047.0 = STRING: "BBBB"
[...]