Software end of support nearing-juniper-junos

error
junos
juniper
Software end of support nearing-juniper-junos
0

#1

Software end of support nearing-juniper-junos

Vendor: juniper

OS: junos

Description:
indeni will trigger an issue a significant time before the software running on a device reaches end of support.

Remediation Steps:
Upgrade the software to a more recent release.
|||1. Run “show version” command to review the current software version.
|2. Ensure the current software version is supported by Juniper.
|3. Review Juniper support site for full information regarding software end of life: <a target="_blank" href=“https://www.juniper.net/support/eol/#software”>End of Life Products & Milestones
|4. Contact Juniper Networks Technical Assistance Center (JTAC) if further assistance is required.

How does this work?
This script logs into the Juniper JUNOS-based device using SSH to retrieve the current software version and based on the software version and the Juniper provided information at: http://www.juniper.net/support/eol/junos.html the correct end of support date is used.

Why is this important?
Ensuring the software being used is always within the vendor’s list of supported versions is critical. Otherwise, during a critical issue, the vendor may decline to provide technical support. Juniper posts the list of supported software on their website: http://www.juniper.net/support/eol/junos.html

Without Indeni how would you find this?
Manual tracking by an administrator is usually the only method for knowing when a given device may be nearing its software end of support and is in need of upgrading.

junos-show-version

#! META
name: junos-show-version
description: Fetch the information for the end of support for hardware and software 
type: monitoring 
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
model:
    why: |
        Capture the device model.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

vendor:
    why: |
        Capture the device vendor name.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

hostname:
    why: |
        Capture the host name of the device. This is used for inventory purposes.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

os-name:
    why: |
        Capture the device operating system name.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

os-version:
    why: |
        Capture the device operating system version. The version should be the same across all members of a cluster.
    how: |
        This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show version"
        command. The output includes the device's hardware and software related details.
    without-indeni: |
        An administrator would have to log into the device and manually issue commands to retrieve this information.
    can-with-snmp: true
    can-with-syslog: false

software-eos-date:
    why: |
        Ensuring the software being used is always within the vendor's list of supported versions is critical.
        Otherwise, during a critical issue, the vendor may decline to provide technical support. Juniper posts the list
        of supported software on their website: 
        http://www.juniper.net/support/eol/junos.html
    how: |
        This script logs into the Juniper JUNOS-based device using SSH to retrieve the current software version and
        based on the software version and the Juniper provided information at:
        http://www.juniper.net/support/eol/junos.html the correct end of support date is used.
    without-indeni: |
        Manual tracking by an administrator is usually the only method for knowing when a given device may be nearing
        its software end of support and is in need of upgrading.
    can-with-snmp: false
    can-with-syslog: false

hardware-eos-date:
    why: |
        Ensuring the hardware being used is always within the vendor's list of supported models is critical. Otherwise,
        during a critical issue, the vendor may decline to provide technical support. Juniper posts the list of
        supported hardware on their website: 
        http://www.juniper.net/support/eol/srxseries_hw.html
    how: |
        This script logs into the Juniper JUNOS-based device using SSH to retrieve the current model used and based on
        it and the Juniper provided information at http://www.juniper.net/support/eol/srxseries_hw.html the correct end
        of support date is used.
    without-indeni: |
        Manual tracking by an administrator is usually the only method for knowing when a given device may be nearing
        its end of support and is in need of replacement.
    can-with-snmp: false
    can-with-syslog: false


#! REMOTE::SSH
show chassis hardware node local | match node
show version

#! PARSER::AWK
BEGIN {
    node0 = 0
    cluster = 0
    node_hostname = 0
    node_model = 0
    node_software = 0

    hardware_eos["srx110h2"] = date(2022, 03, 31)
    hardware_eos["srx110h2-vb"] = date(2022, 03, 31)
    hardware_eos["srx100"] = date(2021, 05, 01)
    hardware_eos["srx210"] = date(2021, 05, 01)
    hardware_eos["srx240"] = date(2021, 05, 01)
    hardware_eos["srx650"] = date(2021, 05, 01)
    hardware_eos["srx110h"] = date(2020, 11, 30)
    hardware_eos["srx110h-taa"] = date(2020, 11, 30)
    hardware_eos["srx210he"] = date(2020, 11, 30)
    hardware_eos["srx210he-taa"] = date(2020, 11, 30)
    hardware_eos["srx210he-poe-taa"] = date(2020, 11, 30)
    hardware_eos["srx240h-taa"] = date(2020, 11, 30)
    hardware_eos["srx240h-poe-taa"] = date(2020, 11, 30)
    hardware_eos["srx240h"] = date(2020, 11, 30)
    hardware_eos["srx100b"] = date(2019, 05, 10)
    hardware_eos["srx100h"] = date(2019, 05, 10)
    hardware_eos["srx110h-va"] = date(2019, 05, 10)
    hardware_eos["srx110h-vb"] = date(2019, 05, 10)
    hardware_eos["srx210be"] = date(2019, 05, 10)
    hardware_eos["srx210he"] = date(2019, 05, 10)
    hardware_eos["srx210he-poe"] = date(2019, 05, 10)
    hardware_eos["srx220h"] = date(2019, 05, 10)
    hardware_eos["srx220h-poe"] = date(2019, 05, 10)
    hardware_eos["srx240b"] = date(2019, 05, 10)
    hardware_eos["srx240b2"] = date(2019, 05, 10)
    hardware_eos["srx240h"] = date(2019, 05, 10)
    hardware_eos["srx240h-poe"] = date(2019, 05, 10)
    hardware_eos["srx240h-dc"] = date(2019, 05, 10)
    hardware_eos["srx210b"] = date(2017, 08, 31)
    hardware_eos["srx210h"] = date(2017, 08, 31)
    hardware_eos["srx210h-poe"] = date(2017, 08, 31)
    hardware_eos["srx210h-p-mgw"] = date(2011, 01, 24)
    hardware_eos["srx220h-p-mgw"] = date(2011, 01, 24)
    hardware_eos["srx240h-p-mgw"] = date(2011, 01, 24)

    software_eos["16.1"] = date(2020, 01, 28) 
    software_eos["15.1X49"] = date(2020, 05, 01) 
    software_eos["15.1"] = date(2018, 12, 05) 
    software_eos["14.2"] = date(2018, 05, 05) 
    software_eos["14.1X5"] = date(2019, 06, 30) 
    software_eos["14.1"] = date(2018, 06, 13) 
    software_eos["13.3"] = date(2017, 07, 22) 
    software_eos["13.2X5"] = date(2017, 06, 30) 
    software_eos["13.2"] = date(2016, 02, 29) 
    software_eos["13.1X5"] = date(2015, 12, 30) 
    software_eos["13.1"] = date(2015, 09, 15) 
    software_eos["12.3X54"] = date(2018, 07, 18) 
    software_eos["12.3X52"] = date(2016, 02, 23) 
    software_eos["12.3X51"] = date(2015, 09, 15) 
    software_eos["12.3X50"] = date(2016, 07, 31) 
    software_eos["12.3X48"] = date(2022, 06, 30) 
    software_eos["12.31"] = date(2016, 07, 31) 
    software_eos["12.2X5"] = date(2015, 07, 31) 
    software_eos["12.2"] = date(2015, 03, 05)  
    software_eos["12.1X4"] = date(2015, 06, 30) 
    software_eos["12.1X47"] = date(2017, 02, 18) 
    software_eos["12.1X46"] = date(2017, 06, 30) 
    software_eos["12.1X45"] = date(2015, 01, 17) 
    software_eos["12.1X44"] = date(2016, 07, 18) 
    software_eos["12.1"] = date(2014, 09, 28) 
    software_eos["11.4"] = date(2015, 06, 21) 
    software_eos["11.3"] = date(2013, 03, 15) 
    software_eos["11.2"] = date(2013, 02, 15) 
    software_eos["11.1"] = date(2012, 05, 15) 
    software_eos["10.4"] = date(2014, 06, 08) 
    software_eos["10.3"] = date(2011, 12, 21) 
    software_eos["10.2"] = date(2011, 11, 15) 
    software_eos["10.1"] = date(2011, 05, 15) 
    software_eos["10.0"] = date(2013, 05, 15) 
    software_eos["9.6"] = date(2010, 11, 06) 
    software_eos["9.5"] = date(2010, 08, 15) 
    software_eos["9.4"] = date(2010, 05, 11) 
    software_eos["9.3"] = date(2012, 05, 15) 
    software_eos["9.2"] = date(2009, 11, 12) 
    software_eos["9.1"] = date(2009, 07, 28) 
    software_eos["9.0"] = date(2009, 05, 15) 
    software_eos["8.5"] = date(2011, 05, 16) 
    software_eos["8.4"] = date(2008, 11, 09) 
    software_eos["8.3"] = date(2008, 07, 18) 
    software_eos["8.2"] = date(2008, 05, 15) 
    software_eos["8.1"] = date(2010, 05, 06) 
    software_eos["8.0"] = date(2007, 11, 15) 
    software_eos["7.6"] = date(2007, 08, 15) 
    software_eos["7.5"] = date(2007, 05, 08) 
    software_eos["7.4"] = date(2007, 02, 15) 
    software_eos["7.3"] = date(2006, 11, 16) 
    software_eos["7.2"] = date(2006, 08, 14) 
    software_eos["7.1"] = date(2006, 05, 14) 
    software_eos["7.0"] = date(2006, 02, 15) 
    software_eos["6.4"] = date(2005, 11, 12) 
    software_eos["6.3"] = date(2005, 08, 15) 
    software_eos["6.2"] = date(2005, 05, 15) 
    software_eos["6.1"] = date(2005, 02, 15) 
    software_eos["6.0"] = date(2004, 11, 15) 
    software_eos["5.7"] = date(2004, 08, 15) 
    software_eos["5.6"] = date(2004, 05, 15) 
    software_eos["5.5"] = date(2004, 02, 15) 
    software_eos["5.4"] = date(2003, 11, 15) 
    software_eos["5.3"] = date(2003, 08, 15) 
    software_eos["5.2"] = date(2003, 05, 15) 
    software_eos["5.1"] = date(2003, 02, 15) 
    software_eos["5.0"] = date(2002, 11, 15) 
    software_eos["4.4"] = date(2002, 08, 15) 
    software_eos["4.3"] = date(2002, 05, 15) 
    software_eos["4.2"] = date(2002, 02, 15) 
    software_eos["4.1"] = date(2001, 11, 15) 
    software_eos["4.0"] = date(2001, 08, 15) 
}

#node0:
/^node0/ {
    node0++ 
    cluster = 1
}

#Hostname: SRX02
/^Hostname/ {
    hostname[node_hostname] = $2 
    node_hostname++
}

#Model: srx100b
/^Model/ {
    model[node_model] = $2
    node_model++
}

#JUNOS Software Release [12.1X46-D55.3]
/^(JUNOS Software Release)/ {
    software[node_software] = $4
    node_software++
}

END {
    if ( cluster == 0 ) {
        node_idx = 0 
    } else {
        if (node0 == 2) {
            node_idx = 0
        } else {
            node_idx = 1
        }  
    }
    gsub(/\[|\]/,"", software[node_idx]) 
    split(software[node_idx], software_version, "-")
    writeComplexMetricString("vendor", null, "Juniper")      
    writeComplexMetricString("os-name", null, "JUNOS")      
    writeComplexMetricString("model", null, model[node_idx])      
    writeComplexMetricString("hostname", null, hostname[node_idx])      
    writeComplexMetricString("os-version", null, software[node_idx])      
    writeDoubleMetric("software-eos-date", null, "gauge", 60, software_eos[software_version[1]]) 
    if ( model[node_idx] != "vsrx") {
        writeDoubleMetric("hardware-eos-date", null, "gauge", 60, hardware_eos[model[node_idx]]) 
    }
}


RuleMetadata

.builder(
  "cross_vendor_software_eos
package com.indeni.server.rules.library

import com.indeni.apidata.time.TimeSpan
import com.indeni.apidata.time.TimeSpan.TimePeriod
import com.indeni.ruleengine.expressions.conditions.LesserThan
import com.indeni.ruleengine.expressions.core._
import com.indeni.ruleengine.expressions.data._
import com.indeni.ruleengine.expressions.math.PlusExpression
import com.indeni.ruleengine.expressions.utility.NowExpression
import com.indeni.server.common.data.conditions.True
import com.indeni.server.params.ParameterDefinition
import com.indeni.server.params.ParameterDefinition.UIType
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.PerDeviceRule
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity

case class SoftwareEosRule() extends PerDeviceRule with RuleHelper {

  private val highThresholdParameterName = "Ahead_Alerting_Threshold"
  private val highThresholdParameter = new ParameterDefinition(highThresholdParameterName,
                                                               "",
                                                               "Expiration Threshold",
                                                               "How long before end of support should Indeni alert.",
                                                               UIType.TIMESPAN,
                                                               TimeSpan.fromDays(90))

  override val metadata: RuleMetadata = RuleMetadata
    .builder(
      "cross_vendor_software_eos",
      "All Devices: Software end of support nearing",
      "indeni will trigger an issue a significant time before the software running on a device reaches end of support.",
      AlertSeverity.ERROR
    )
    .configParameter(highThresholdParameter)
    .build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val actualValue = TimeSeriesExpression[Double]("software-eos-date").last.toTimeSpan(TimePeriod.SECOND)

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
      // What constitutes an issue
      StatusTreeExpression(
        // The time-series we check the test condition against:
        SelectTimeSeriesExpression[Double](context.tsDao, Set("software-eos-date"), denseOnly = false),
        // The condition which, if true, we have an issue. Checked against the time-series we've collected
        LesserThan(actualValue,
                   PlusExpression[TimeSpan](NowExpression(), getParameterTimeSpanForTimeSeries(highThresholdParameter)))

        // The Alert Item to add for this specific item
      ).withRootInfo(
          getHeadline(),
          scopableStringFormatExpression("The end of support for the software on this device is on %s.",
                                         timeSpanToDateExpression(actualValue)),
          ConditionalRemediationSteps(
            "Upgrade the software to a more recent release.",
            ConditionalRemediationSteps.VENDOR_CP -> "The full information on Check Point's software and hardware end of support is available at: <a target=\"_blank\" href=\"https://www.checkpoint.com/support-services/support-life-cycle-policy/\">Support Life Cycle Policy</a>",
            ConditionalRemediationSteps.VENDOR_PANOS -> "Review Palo Alto Networks support site for full information regarding software end of life: <a target=\"_blank\" href=\"https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary\">End-of-Life Summary</a>",
            ConditionalRemediationSteps.VENDOR_JUNIPER ->
              """|1. Run "show version"  command to review the current software version.
               |2. Ensure the current software version is supported by Juniper.
               |3. Review Juniper support site for full information regarding software end of life: <a target=\"_blank\" href=\"https://www.juniper.net/support/eol/#software\">End of Life Products & Milestones</a>
               |4. Contact Juniper Networks Technical Assistance Center (JTAC) if further assistance is required.""".stripMargin
          )
        )
        .asCondition()
    ).withoutInfo()
  }
}