Hi,
What’s the correct syntax for an entity match which will match a selection of ASNs? I need an alert checker which will look for a specific set of ASNs and alert for any BGP session being not-up.
Currently for our iBGP we use:
[Conditions] bgpPeerState ne established bgpPeerAdminStatus notequals stop
[Device] *
[Entity Match] bgpPeerRemoteAs match <ourASN>
This works perfectly.
Now – what I’m after is that I need a new checker which will match eBGP ASNs like 174,3356,2914,5580 etc. all in one rule (the ‘important’ ASNs, for want of a better term).
I have tried a selection of things but I’m obviously missing what the logical ‘or’ element should be in this case, as all my attempts at using multiple ASNs within a match just result in zero matches.
Can someone point me in the right direction please? Cheers!
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com
You can use the (undocumented) condition "list" or "in".
*[Entity Match]*
bgpPeerRemoteAs list 174,3356,2914,5580
You can use the (undocumented) condition list. /Markus
2015-12-10 10:37 GMT+01:00 Robert Williams Robert@custodiandc.com:
Hi,
What’s the correct syntax for an entity match which will match a selection of ASNs? I need an alert checker which will look for a specific set of ASNs and alert for any BGP session being not-up.
Currently for our iBGP we use:
*[Conditions]*
bgpPeerState ne established
bgpPeerAdminStatus notequals stop
*[Device]*
*[Entity Match]*
bgpPeerRemoteAs match <ourASN>
This works perfectly.
Now – what I’m after is that I need a new checker which will match eBGP ASNs like 174,3356,2914,5580 etc. all in one rule (the ‘important’ ASNs, for want of a better term).
I have tried a selection of things but I’m obviously missing what the logical ‘or’ element should be in this case, as all my attempts at using multiple ASNs within a match just result in zero matches.
Can someone point me in the right direction please? Cheers!
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Woah, even I didn't know about that =)
For associations, adding a new association is a logical OR, btw. Adding multiple conditions inside one association is AND.
When adding a checker you can only add the first association; but there's an "Add" button in the checker interface to add more.
Tom
On 2015-12-10 11:03, Markus Klock wrote:
You can use the (undocumented) condition "list" or "in".
*[Entity Match]*
bgpPeerRemoteAs list 174,3356,2914,5580
You can use the (undocumented) condition list. /Markus
2015-12-10 10:37 GMT+01:00 Robert Williams <Robert@custodiandc.com mailto:Robert@custodiandc.com>:
Hi, What’s the correct syntax for an entity match which will match a selection of ASNs? I need an alert checker which will look for a specific set of ASNs and alert for any BGP session being not-up. Currently for our iBGP we use: *[Conditions]* bgpPeerState ne established bgpPeerAdminStatus notequals stop ** *[Device]* * *[Entity Match]* bgpPeerRemoteAs match <ourASN> This works perfectly. Now – what I’m after is that I need a new checker which will match eBGP ASNs like 174,3356,2914,5580 etc. all in one rule (the ‘important’ ASNs, for want of a better term). I have tried a selection of things but I’m obviously missing what the logical ‘or’ element should be in this case, as all my attempts at using multiple ASNs within a match just result in zero matches. Can someone point me in the right direction please? Cheers! Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi – both are excellent solutions thanks!
Have implemented the ‘list’ condition as this matches our requirements closest but thanks also for pointing out the ‘Add’ button, totally didn’t see that :)
Cheers!
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com From: observium [mailto:observium-bounces@observium.org] On Behalf Of Tom Laermans Sent: 10 December 2015 10:06 To: Observium Network Observation System observium@observium.org Subject: Re: [Observium] Alerting - match multiple ASNs ?
Woah, even I didn't know about that =)
For associations, adding a new association is a logical OR, btw. Adding multiple conditions inside one association is AND.
When adding a checker you can only add the first association; but there's an "Add" button in the checker interface to add more.
Tom On 2015-12-10 11:03, Markus Klock wrote: You can use the (undocumented) condition "list" or "in".
[Entity Match] bgpPeerRemoteAs list 174,3356,2914,5580
You can use the (undocumented) condition list. /Markus
2015-12-10 10:37 GMT+01:00 Robert Williams <Robert@custodiandc.commailto:Robert@custodiandc.com>: Hi,
What’s the correct syntax for an entity match which will match a selection of ASNs? I need an alert checker which will look for a specific set of ASNs and alert for any BGP session being not-up.
Currently for our iBGP we use:
[Conditions] bgpPeerState ne established bgpPeerAdminStatus notequals stop
[Device] *
[Entity Match] bgpPeerRemoteAs match <ourASN>
This works perfectly.
Now – what I’m after is that I need a new checker which will match eBGP ASNs like 174,3356,2914,5580 etc. all in one rule (the ‘important’ ASNs, for want of a better term).
I have tried a selection of things but I’m obviously missing what the logical ‘or’ element should be in this case, as all my attempts at using multiple ASNs within a match just result in zero matches.
Can someone point me in the right direction please? Cheers!
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.commailto:Robert@CustodianDC.com http://www.CustodianDC.com
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________
observium mailing list
observium@observium.orgmailto:observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Whoa, even I didn't know about that Add-button :D
/Markus
2015-12-10 11:49 GMT+01:00 Robert Williams Robert@custodiandc.com:
Hi – both are excellent solutions thanks!
Have implemented the ‘list’ condition as this matches our requirements closest but thanks also for pointing out the ‘Add’ button, totally didn’t see that :)
Cheers!
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com
*From:* observium [mailto:observium-bounces@observium.org] *On Behalf Of *Tom Laermans *Sent:* 10 December 2015 10:06 *To:* Observium Network Observation System observium@observium.org *Subject:* Re: [Observium] Alerting - match multiple ASNs ?
Woah, even I didn't know about that =)
For associations, adding a new association is a logical OR, btw. Adding multiple conditions inside one association is AND.
When adding a checker you can only add the first association; but there's an "Add" button in the checker interface to add more.
Tom
On 2015-12-10 11:03, Markus Klock wrote:
You can use the (undocumented) condition "list" or "in".
*[Entity Match]*
bgpPeerRemoteAs list 174,3356,2914,5580
You can use the (undocumented) condition list.
/Markus
2015-12-10 10:37 GMT+01:00 Robert Williams Robert@custodiandc.com:
Hi,
What’s the correct syntax for an entity match which will match a selection of ASNs? I need an alert checker which will look for a specific set of ASNs and alert for any BGP session being not-up.
Currently for our iBGP we use:
*[Conditions]*
bgpPeerState ne established
bgpPeerAdminStatus notequals stop
*[Device]*
*[Entity Match]*
bgpPeerRemoteAs match <ourASN>
This works perfectly.
Now – what I’m after is that I need a new checker which will match eBGP ASNs like 174,3356,2914,5580 etc. all in one rule (the ‘important’ ASNs, for want of a better term).
I have tried a selection of things but I’m obviously missing what the logical ‘or’ element should be in this case, as all my attempts at using multiple ASNs within a match just result in zero matches.
Can someone point me in the right direction please? Cheers!
Robert Williams Custodian Data Centre Email: Robert@CustodianDC.com http://www.CustodianDC.com
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
Markus Klock -
Robert Williams -
Tom Laermans