Generating Vital Data from a NAT Rule

You can monitor the vital data from a NAT rule (in this example, r1) by first obtaining the MIB index of r1.

Consider the following source NAT configuration.

user@host> show configuration security nat
source {rule-set rs1 {from zone trust;to zone untrust;rule r1 {match {source-address 17.0.0.0/8;destination-address 0.0.0.0/0;}then {source-nat {interface;}}}}}

To find the MIB index of r1, enter the following command:

[edit]
user@host# show snmp mib walk jnxJsNatRuleName | grep r1
jnxJsNatRuleName.2.114.49.1 = r1

The output shows that 2.114.49.1 is the MIB index of r1.

Therefore, by combining the index with NAT MIB table jnxJsNatRuleHits, the session number associated with NAT rule r1 can be monitored by using the command:

[edit]
user@host# set system log-vital add jnxJsNatRuleHits.2.114.49.1 comment “Number of sessions on NAT rule r1”