pix firewall template

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

User avatar
egarnel
Cacti Pro User
Posts: 708
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

pix firewall template

Post by egarnel »

This is my 1st template, but it should work fine for most applications.

It is a host template (with dependancies) fro Cisco Pix firewalls. The template measures CPU load, interfaces , Free memory and connections.

Good luck with it. Please let me know if you have any questions or improvements on it.


Eric
Attachments
cacti_host_template_pix_firewall.xml
pix template
(15.71 KiB) Downloaded 18589 times
booyaa

Post by booyaa »

Does this work? Anyone tried? How do I install it?
kirbini

Doesn't work...

Post by kirbini »

I just loaded this template into the newest version (0.8.5a). It loads correctly but it does not query the correct MIBs. In fact, it queries the

enterprises.109....

tree which doesn't exist on my PIX running PIXOS 6.1.
User avatar
egarnel
Cacti Pro User
Posts: 708
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

PIX

Post by egarnel »

Yes, it works for 6.3
I have the same issue. I have 3 pixs, two of which are on 6.3 and the other on 6.1
the pix running 6.1 does not show the graphs & my fix for that is to upgrade the PIX.
claytondukes

Pix

Post by claytondukes »

It seems to be missing the memory cdef's
Otherwise, it worked.
Guest

Post by Guest »

Once I applied the single quote patch the template worked. Thanks.
..::BFS::..
Cacti User
Posts: 52
Joined: Fri Mar 12, 2004 3:01 am
Location: Beusichem
Contact:

Post by ..::BFS::.. »

Anonymous wrote:Once I applied the single quote patch the template worked. Thanks.
Can somebody explain to me what this single quote patch means? Sorry for kicking an old topic...
BitFlipper
Posts: 14
Joined: Sat Aug 14, 2004 10:30 am

Post by BitFlipper »

I am not an expert on Perl but understand the 'why' and the 'reason' for the fix.

The short version ... take a look at the following from a PIX walk:

IF-MIB::ifDescr.1 = STRING: PIX Firewall 'unused' interface
IF-MIB::ifDescr.2 = STRING: PIX Firewall 'extranet' interface
IF-MIB::ifDescr.3 = STRING: PIX Firewall 'intranet' interface
IF-MIB::ifDescr.4 = STRING: PIX Firewall 'inside' interface

Normally, devices have a simple string as a description. The PIX includes single quotes which in Perl, is interpreted or translated causing a script to fail. That is, when you query the PIX for an interface description, you get the following "PIX Firewall 'inside' interface" and not "inside" like you'd expect and only need.
..::BFS::..
Cacti User
Posts: 52
Joined: Fri Mar 12, 2004 3:01 am
Location: Beusichem
Contact:

Post by ..::BFS::.. »

When I graph the connections I don't get any input on my graphs. I do get the CPU Usage and Interfaces but no Connections or Memory.

Polling a couple of Pix's running on Cisco PIX Firewall Version 6.3(1)
User avatar
egarnel
Cacti Pro User
Posts: 708
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

Post by egarnel »

what are the OIDs under your data template for pix connections?
should be 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6

and memory should be
1.3.6.1.4.1.9.9.48.1.1.1.5.1

I built the template based on a pix running 6.3(1) and under Cacti .8.5.a. It still works under .8.6.a for me.

I also imported it into another Cacti server that monitors a pix running 6..1.x and memory graphing does not work with that version

what are your snmp settings on the PIX? It is odd that you would get CPU and not interfaces
guerra6880
Posts: 33
Joined: Mon Apr 19, 2004 7:47 am

Post by guerra6880 »

..::BFS::.. wrote:When I graph the connections I don't get any input on my graphs. I do get the CPU Usage and Interfaces but no Connections or Memory.

Polling a couple of Pix's running on Cisco PIX Firewall Version 6.3(1)
I used to have this problem and it was driving me nuts until I figured out that the maximum value was set at 100 so anything over 100 connections was being dropped. As most my pixes have more then 100 connections this was a must for me.
cpdans
Posts: 43
Joined: Mon Oct 28, 2002 7:59 am

Post by cpdans »

Anonymous wrote:Once I applied the single quote patch the template worked. Thanks.
I noticed the above post. I thiink am having the same problem. I am running 0.8.6b and am not getting the connections and memory graph. However, I do get the CPU Usage graph. Any ideas? If I do need this patch where might I get it?

Thanks,

Dan
cpdans
Posts: 43
Joined: Mon Oct 28, 2002 7:59 am

Post by cpdans »

Not to over post myself, but upon further examination it appears that the data is getting dumped into the rrd file for both connections and memory. However the graphs are not displaying the information. I did notice that the upper limit of the datasource and the graph were set at 100 for connections. I currently have over 1100 so I uped that limit to 100000. Don't know if that make a difference or not.

Thanks for the help.
Bioman
Posts: 15
Joined: Tue Aug 31, 2004 9:13 am

Post by Bioman »

Hi !
I just uploaded this PIX template to my Cacti server.
Both the CPU and Conns graphs are created. Though, for the moment, there is no data in it (might be normal as this firewall is not busy at all for now).

I have a problem with the Memory graph.
The graph templates does NOT refere to any data source at all.

For instance, for the Connection graph, there has been a pixconn data template created, and this template is used to create the Conn graph.
The memory data template does not exist... How come ?

Thanx for your help...
Bioman
Posts: 15
Joined: Tue Aug 31, 2004 9:13 am

Post by Bioman »

Sorry for the flood, but I also cannot get any Interface information... Anything I have to do ?...

Thanx :roll:
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest