Track-IP and SNMP monitoring



  • Do any of the ScreenOS 6.2 SNMP MIBs have OIDs for monitoring Interface Track-IP sessions, NOT NSRP Track-IP sessions?

    I’m attempting to use Track-IP to monitor an IP address without triggering an interface down event, leveraging SNMP monitoring to determine the Track-IP status.  I have successfully configured a Track-IP session with a weight of 1.  The interface threshold is 255.  When the Track-IP session fails, the fail-count increments in the “get int e0/0 monitor track-ip” output, but the interface stays up (expected).  When the Track-IP session works again, the fail-count returns to 0 (expected).

    SiteA-> get int e0/0 monitor track-ip
    ip address          intval threshold wei gateway        fail-count success
    8.8.8.8                    1          3    1  0.0.0.0                    0      98%
    failure weight: 255, threshold: 255, not failed: 0 ip(s) failed, weighted sum = 0
    SiteA->
    SiteA-> get int e0/0 monitor track-ip
    ip address          intval threshold wei gateway        fail-count success
    8.8.8.8                    1          3    1  0.0.0.0                    3      98%
    failure weight: 255, threshold: 255, not failed: 0 ip(s) failed, weighted sum = 0
    SiteA->
    SiteA-> get int e0/0 monitor track-ip
    ip address          intval threshold wei gateway        fail-count success
    8.8.8.8                    1          3    1  0.0.0.0                    0    98%
    failure weight: 255, threshold: 255, not failed: 0 ip(s) failed, weighted sum = 0

    The problem I’m having is that I can’t seem to get the Track-IP failure status via SNMP.  The only references to “Track” “TRACK” “track” or “rack” in the ScreenOS 6.2 MIBs are in NS-NSRP.mib and NS-TRAPS.mib.  When I do an snmpwalk using those MIBs, the SSG responds saying that NSRP Tracking is disabled.  I don’t have an NSRP license for the SSG5, nor do I care about NSRP Track-IP.  I want interface Track-IP stats.

    The use case is monitoring the reachability of a business critical website from remote sites.  The only common infrastructure we have everywhere is an SSG firewall.  The only function I can see on the SSGs that would accomplish this is Track-IP.  Am I missing something?  Anyone have any ideas here?

    Thanks,

    Jim


 

33
Online

38.4k
Users

12.7k
Topics

44.5k
Posts