Monitoring
This topic provides details on how you can monitor your vSRX Virtual Firewall instances using SNMP and AWS monitoring features.
Monitoring helps in maintaining the reliability, availability, and performance of your vSRX Virtual Firewall instances and your AWS solutions. You should collect monitoring data from all your AWS solutions so that you can easily debug any multi-point failure.
Monitoring vSRX Virtual Firewall Instances Using SNMP
You can monitor your vSRX Virtual Firewall instance details such as health and storage at instance level, using SNMP monitoring.
For details on SNMP monitoring, refer the SNMP MIB information in the MIB Explorer at: https://apps.juniper.net/mib-explorer/.
You can also find all the applicable SNMP OIDs from the Juniper MIB from the vSRX Virtual
Firewall CLI, using the show snmp mib walk 1.3.6.1.4.1.2636
command.
Some examples of useful OID's for monitoring system health are:
jnxOperatingCPU.1.1.0.0 jnxOperating5MinAvgCPU.1.1.0.0 jnxFwddMicroKernelCPUUsage.0 jnxFwddRtThreadsCPUUsage.0 jnxHrStoragePercentUsed.1 jnxJsNodeCurrentTotalSession.0 jnxJsNodeMaxTotalSession.0 jnxJsNodeSessionCreationPerSecond.0
For monitoring storage capacity on the vSRX Virtual Firewall instance you can use SNMP monitoring. Using SNMP monitoring, you can be notified for any vSRX Virtual Firewall instance storage that is impacted. The storage related OID indicates the storage percentage, which is used to detect the storage capacity.
For best practices for enabling SNMP monitoring in Junos, see https://www.juniper.net/documentation/en_US/junos/topics/ task/configuration/snmp-best-practices-basic-config.html.
Monitoring vSRX Virtual Firewall Instances Using AWS Features
AWS provides various tools that you can use to monitor Amazon EC2. You can configure some of the tools to do the monitoring for you, while some of the tools require manual intervention. For more information, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_automated_manual.html.
Monitoring Your Instances Using CloudWatch—You can monitor your instances using Amazon CloudWatch, which collects and processes raw data from Amazon EC2 into readable, near real-time metrics. These statistics are recorded for a period of 15 months, so that you can access historical information and gain a better perspective on how your web application or service is performing. For more information see:
Monitoring Amazon EC2—https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html.
Monitoring Your Instances Using CloudWatch—https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html and https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html.