Create custom - Ipsec change state history

Question

Hi all,

I'm wanting to create a report that details each time an IPsec tunnel has an up/down event. Ideally the out up would be close to:

date/time | tunnel id | up/down | duration

so when the logs have a change state it would look like:

time | 123456 | up | 1 day

time | 123456 | down | 1 hr

time | 123456 | up | 1 day

hzhao_FTNT · Answer

Pls try: log type: eventselect distinct on (tunnelid) from_itime(max(e_time)) as e_time, tunnelid, (case when action='tunnel-down' then 'down' else 'up' end) as status, (case when min(s_time)=max(e_time) then max(max_duration) else max(max_duration)-min(min_duration) end) as duration from ###(select min(coalesce(dtime, 0)) as s_time, max(coalesce(dtime, 0)) as e_time, tunnelid, max(coalesce(duration,0)) as max_duration, action, min(coalesce(duration,0)) as min_duration from $log where $filter and subtype='vpn' and tunneltype like 'ipsec%' and not (tunnelip is null or (tunnelip='0.0.0.0' and logver is null)) and action in ('tunnel-stats', 'tunnel-down', 'tunnel-up') and tunnelid is not null group by tunnelid, action order by e_time desc)### t group by tunnelid, status order by tunnelid, e_time desc regards,hz

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded