clustered srx "firewall" flag not showing metrics

[arvindkonar]

Hi, I just added a clustered srx and I see metrics like interfaces,alarm,bgp,ldp, routes but I don't find any firewall metrics. I do see the collector enabled as shown below in metrics.

junos_collect_duration_seconds{collector="Firewall",target="xyx-fw-1"} 0.311696644

The logs don't show any errors.

Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]: 2020/02/17 21:07:54 Output for xyx-fw-1: <rpc-reply xmlns:junos="http://xml.juniper.net/junos/15.1X49/junos">
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:     <firewall-information xmlns="http://xml.juniper.net/junos/15.1X49/junos-filter">
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:         <filter-information>
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:             <filter-name>__default_bpdu_filter__</filter-name>
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:         </filter-information>
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:     </firewall-information>
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:     <cli>
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:         <banner>{primary:node0}</banner>
Feb 18 05:07:54 pd-prometheus01 junos_exporter[29569]:     </cli>

Here is my config.yml

devices:
  - host: xyx-fw-1
    username: test
    password: *****
features:
  bgp: true
  ospf: false
  isis: false
  nat: false
  environment: true
  routes: true
  routing_engine: true
  interface_diagnostic: true
  interface_queue: false
  interfaces: false
  l2circuit: false
  storage: false
  fpc: true
  firewall: true

[spanthetree]

I'm nowhere near capable in my elite golang skills (literally zero) to code this, but maybe I can provide some insight, as I'm having the same issue:

non-SRX devices, or example EX/QFX switches have the following structure for xml:

> show chassis routing-engine | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/18.4R2/junos">
    <route-engine-information xmlns="http://xml.juniper.net/junos/18.4R2/junos-chassis">
        <route-engine>
            <slot>0</slot>
            <mastership-state>backup</mastership-state>
            <status>OK</status>
        </route-engine>
        <route-engine>
            <slot>1</slot>
            <mastership-state>master</mastership-state>
            <status>OK</status>
        </route-engine>

However, clustered SRX devices have the following structure:

> show chassis routing-engine | display xml
<rpc-reply xmlns:junos="http://xml.juniper.net/junos/18.2R3/junos">
    <multi-routing-engine-results>

        <multi-routing-engine-item>

            <re-name>node0</re-name>

            <route-engine-information xmlns="http://xml.juniper.net/junos/18.2R3/junos-chassis">
                <route-engine>
                    <status>OK</status>
                  </route-engine>
            </route-engine-information>
        </multi-routing-engine-item>

        <multi-routing-engine-item>

            <re-name>node1</re-name>

            <route-engine-information xmlns="http://xml.juniper.net/junos/18.2R3/junos-chassis">
                <route-engine>
                    <status>OK</status>
        </multi-routing-engine-item>

I think the problem stems from the difference in structure - i.e. route-engine[slotid] vs multi-routing-engine[route-engine][nodeid]

I hope that is helpful information..

[AKYD]

The same is true for ipsec module.

I've "fixed" it here, plus adding extra metric, but not confident of the solution as it seems to break non-multi-routing-engine equipment. There's probably a way to first try unmarshalling using the multi-routing-engine struct and fallback to the non-multi-routing-engine one, but not confident in my Go-work-with-yaml-fu