How do I collect from Juniper JunOS devices?

[Available since Nanitor 1.6.2 - ca. July 2018].

Nanitor supports JunOS devices through the Nanitor Collector.

Prerequisites

  1. You need to have a Nanitor Collector up and running. A single collector can collect from multiple network devices, servers and databases.
  2. You need to have the IP address of the JunOS devices and the collector needs to have network access to connect to the device via SSH.
  3. You need to have a user with sufficient privileges

Example of creating a Nanitor for collecting required (with minimum privileges):

Here is an example how to create a NANITOR login class on the JunOS device:

set system login class NANITOR permissions access
set system login class NANITOR permissions admin
set system login class NANITOR permissions firewall
set system login class NANITOR permissions flow-tap
set system login class NANITOR permissions interface
set system login class NANITOR permissions network
set system login class NANITOR permissions routing
set system login class NANITOR permissions secret
set system login class NANITOR permissions security
set system login class NANITOR permissions snmp
set system login class NANITOR permissions storage
set system login class NANITOR permissions system
set system login class NANITOR permissions trace
set system login class NANITOR permissions view
set system login class NANITOR permissions view-configuration

This gives read-only access to various sections of the JunOS config. Please click here for more information about the privileges. 

Now we create a user and assign this privileges

set system login user nanitor full-name NANITOR
set system login user nanitor class NANITOR
set system login user nanitor authentication plain-text-password

You will get prompted for the password for the user.

Adding the device to Nanitor

Run this command to avoid putting the passwords in .bash_history:
unset HISTFILE

Now we add the credentials (the passwords are stored locally in an encrypted format).

The credentials are created as follows

$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl credential_add --title junos-nanitor --access_method ssh --username nanitor --password mypass

Now we add the device and start collection from the JunOS device (here with IP address 172.9.3.5):

$ sudo /usr/lib/nanitor-collector/bin/nanitor-collector-ctl device_add --title junos1 --device_type junos --address 172.9.3.1 --credential_title junos-nanitor

This can take a few seconds as it will complete authenticating and fully collecting the first results.  Once completed, the results will be immediately available in the Nanitor UI.  The collector will continue collecting results once every 24 hours.

If the results do not appear in the Nanitor UI, ensure that the benchmarks are selected (JunOS) and in scope for the organization (Administration - Organization Management - Settings - Benchmarks tab). 

Still need help? Contact Us Contact Us