Ssm

The following scenario shows how to configure different SSM (System Service Monitoring) operations. SSM operations can be used to monitor several system states (e.g., CPU, memory, storage and temperature), activating or deactivating previously defined alarms when the monitored states reach certain threshold values.

Monitoring Storage

Description

In this scenario an SSM operation is configured in DUT0 to monitor the storage state of the system and activate or deactivate an alarm when said state reaches a defined threshold value. First, the alarm is activated when a new file is downloaded. Then the alarm is deactivated when the downloaded file is deleted.

Scenario

Step 1: Run command show system storage at DUT0 and expect this output:

Show output

Total: 8144384
Free:  7851136
Used:  293248

Step 2: Set the following configuration in DUT0:

set service ssm log-level notice
set service ssm operation OPER_STO interval 0.05
set service ssm operation OPER_STO description 'OPER_STO operation description'
set service ssm operation OPER_STO type storage
set service ssm operation OPER_STO alarm ALARM_STO activate value 585088
set service ssm operation OPER_STO alarm ALARM_STO deactivate value 497536.0
set system alarm ALARM_STO

Note

To emulate an increase in storage usage, a file with a known size could be downloaded. To activate the alarm with this increase in storage used, the alarm activation threshold must be adjusted with the value resulting from adding the current used storage and the size of the new file to be downloaded. In this example, the value set as the activation threshold is 585088K, since the value of the current used storage is 293248K and the size of the new file to be downloaded is 291840K. Also, to emulate a decrease in storage used, the previously downloaded file could be deleted. To deactivate the alarm with this decrease in storage used, the alarm deactivation threshold must be adjusted with the value of the storage used before downloading the new file. In this example, the value set as the deactivation threshold is 497536.0K.

Step 3: Run command service ssm operation show at DUT0 and check if output contains the following tokens:

OPER_STO

Show output

-----------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status  Toggled  Prev-toggled
-----------------------------------------------------------------------------------------------
OPER_STO   storage   293248.00  ALARM_STO  585088.00   497536.00  false

Step 4: Run command system alarm ALARM_STO show at DUT0 and check if output matches the following regular expressions:

(ALARM_STO)\s+(false)

Show output

-------------------------------------------------------------------
  Alarm    Status  Toggled  Prev-toggled  Toggle-count  Time up (%)
-------------------------------------------------------------------
ALARM_STO  false                                     0         0.00

Step 5: Run command service ssm operation OPER_STO show at DUT0 and check if output matches the following regular expressions:

(OPER_STO)\s+(storage)[\s\d.]+(ALARM_STO)[\s\d.]+(false)

Show output

-----------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status  Toggled  Prev-toggled
-----------------------------------------------------------------------------------------------
OPER_STO   storage   293248.00  ALARM_STO  585088.00   497536.00  false

Step 6: Run command service ssm operation show at DUT0 and check if output matches the following regular expressions:

(OPER_STO)\s+(storage)[\s\d.]+(ALARM_STO)[\s\d.]+(false)

Show output

-----------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status  Toggled  Prev-toggled
-----------------------------------------------------------------------------------------------
OPER_STO   storage   293248.00  ALARM_STO  585088.00   497536.00  false

Note

The previous command output should show that the operation has been created successfully and that the alarm is desactivated, since the storage used has not yet increased.

Step 7: Set the following configuration in DUT0:

set interfaces ethernet eth0 address 10.215.168.50/24

Step 8: Ping IP address 10.215.168.1 from DUT0:

admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1

Show output

PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data.
64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.222 ms

--- 10.215.168.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.222/0.222/0.222/0.000 ms

Step 9: Run command file copy http://10.215.168.1/~robot/os_iso_v3.3.1.2.iso running:// force at DUT0 and expect this output:

Show output

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  285M  100  285M    0     0   304M      0 --:--:-- --:--:-- --:--:--  304M

Step 10: Run command file show running:// at DUT0 and check if output contains the following tokens:

os_iso_v3.3.1.2.iso

Show output

-------------------------------------------------------------------------------
           Name                      Type              Size     Last modified
-------------------------------------------------------------------------------
  auth/                   directory                    12KB   2024 Apr 23 16:28
  base-enc.diff1          application/octet-stream     256B   2024 Apr 23 16:52
  base-enc.rules          application/octet-stream     208B   2024 Apr 23 16:52
  base.diff1              text/plain                   238B   2024 Apr 23 16:52
  base.diff2              text/plain                   510B   2024 Apr 23 16:51
  base.diff2-aes256       application/octet-stream     528B   2024 Apr 23 16:54
  base.rules              text/plain                   176B   2024 Apr 23 16:51
  coredump/               directory                    4.0KB  2024 Apr 23 16:55
  drop-performance.rules  text/plain                   200B   2024 Apr 23 16:55
  firewall/               directory                    4.0KB  2024 Apr 23 16:55
  kerneldump/             directory                    4.4KB  2024 Apr 23 16:28
  log/                    directory                    42KB   2024 Apr 23 16:28
  os_iso_v3.3.1.2.iso     application/x-iso9660-image  285MB  2024 Apr 23 17:15
  ruleset.tar.gz          application/octet-stream     336B   2024 Apr 23 16:54
  save-hist/              directory                    4.0KB  2024 Apr 23 16:28
  scripts/                directory                    4.0KB  2024 Apr 23 08:45
  support/                directory                    4.0KB  2024 Apr 23 08:45
  suricata.minimal.rules  text/plain                   3.7MB  2024 Apr 23 16:51
  test-performance.rules  text/plain                   129B   2024 Apr 23 16:54
  user-data/              directory                    4.0KB  2024 Apr 23 08:45

Note

With the previous command, a file with a known size is downloaded, thus causing an increase in the storage used.

Step 11: Run command show system storage at DUT0 and expect this output:

Show output

Total: 8144384
Free:  7559296
Used:  585088

Step 12: Run command system alarm ALARM_STO show at DUT0 and check if output matches the following regular expressions:

(ALARM_STO)\s+(true)

Show output

--------------------------------------------------------------------------------------
  Alarm    Status           Toggled            Prev-toggled  Toggle-count  Time up (%)
--------------------------------------------------------------------------------------
ALARM_STO  true    2024-04-23 17:15:16.631977                           1        20.13

Step 13: Run command service ssm operation OPER_STO show at DUT0 and check if output matches the following regular expressions:

(OPER_STO)\s+(storage)[\s\d.]+(ALARM_STO)[\s\d.]+(true)

Show output

------------------------------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status           Toggled            Prev-toggled
------------------------------------------------------------------------------------------------------------------
OPER_STO   storage   585088.00  ALARM_STO  585088.00   497536.00  true    2024-04-23 17:15:16.631977

Step 14: Run command service ssm operation show at DUT0 and check if output matches the following regular expressions:

(OPER_STO)\s+(storage)[\s\d.]+(ALARM_STO)[\s\d.]+(true)

Show output

------------------------------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status           Toggled            Prev-toggled
------------------------------------------------------------------------------------------------------------------
OPER_STO   storage   585088.00  ALARM_STO  585088.00   497536.00  true    2024-04-23 17:15:16.631977

Note

The previous command output should show that the alarm is activated, since the storage used has increased after downloading the new file.

Step 15: Delete a file by running file delete running://os_iso_v3.3.1.2.iso.

Note

With the previous command, the downloaded file is deleted, thus causing a decrease in the storage used.

Step 16: Run command show system storage at DUT0 and expect this output:

Show output

Total: 8144384
Free:  7559296
Used:  585088

Step 17: Run command show system storage at DUT0 and expect this output:

Show output

Total: 8144384
Free:  7851136
Used:  293248

Step 18: Run command system alarm ALARM_STO show at DUT0 and check if output matches the following regular expressions:

(ALARM_STO)\s+(false)

Show output

----------------------------------------------------------------------------------------------------
  Alarm    Status           Toggled                   Prev-toggled         Toggle-count  Time up (%)
----------------------------------------------------------------------------------------------------
ALARM_STO  false   2024-04-23 17:15:18.696653  2024-04-23 17:15:16.631977             2        35.00

Step 19: Run command service ssm operation OPER_STO show at DUT0 and check if output matches the following regular expressions:

(OPER_STO)\s+(storage)[\s\d.]+(ALARM_STO)[\s\d.]+(false)

Show output

--------------------------------------------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status           Toggled                   Prev-toggled
--------------------------------------------------------------------------------------------------------------------------------
OPER_STO   storage   293248.00  ALARM_STO  585088.00   497536.00  false   2024-04-23 17:15:18.696653  2024-04-23 17:15:16.631977

Step 20: Run command service ssm operation show at DUT0 and check if output matches the following regular expressions:

(OPER_STO)\s+(storage)[\s\d.]+(ALARM_STO)[\s\d.]+(false)

Show output

--------------------------------------------------------------------------------------------------------------------------------
Operation   Type    Last-Value    Alarm    Activate   Deactivate  Status           Toggled                   Prev-toggled
--------------------------------------------------------------------------------------------------------------------------------
OPER_STO   storage   293248.00  ALARM_STO  585088.00   497536.00  false   2024-04-23 17:15:18.696653  2024-04-23 17:15:16.631977

Note

The previous command output should show that the alarm is deactivated, since the storage used has decreased after the deletion of the downloaded file.

---