hello,
I am using .8.6j on a Debian box.
I am trying to graph a checkpoint firewall.
I have worked with the security guys to start the cp snmp proxy on port 260 and am able to walk the device for the .1.3.6.1.4.1.2620 mib branch on that port. I am also able do verbose queries on the device page for the fwIfTable buuuut the device page shows snmp error in the upper left corner and the device is marked as 'down'.
I believe that this is because the daemon running on udp 260 does not have a 'System' mib and cacti takes this to mean that snmp is not working. Is there a way to turn off healthchecks of a device?
thank you,
Scott
checkpoint monitoring - turn off healthcheck
Moderators: Developers, Moderators
-
gandalf
- Developer
- Posts: 22383
- Joined: Thu Dec 02, 2004 2:46 am
- Location: Muenster, Germany
- Contact:
Please check out discussion at http://forums.cacti.net/viewtopic.php?t=12292
Reinhard
Reinhard
Thank you.
I am reviewing the post you reference one more time to see if I missed something:
-I have already imported those templates (thank you)
-I am running a correct version of cacti
-I am able to poll my checkpoint firewall through port 260 via snmpwalk (only for the .1.3.6.1.4.1.2620 branch, though)
-I DO NOT see data being collected in the log, I assume because my host is marked as down
- I am not worried about the data types in the graph yet, I have no graphs
- last unanswered post from that thread looks interesting, but it was unanswered
Basically, cacti won't let me poll an snmp agent that doesn't respond to a query for the 'System' mib branch (like the checkpoint proxy listening on port 260). I'd like to turn that check off so the poller will still request (and graph) the branch below .1.3.6.1.4.1.2620 . Any idea how I can do that?
I am reviewing the post you reference one more time to see if I missed something:
-I have already imported those templates (thank you)
-I am running a correct version of cacti
-I am able to poll my checkpoint firewall through port 260 via snmpwalk (only for the .1.3.6.1.4.1.2620 branch, though)
-I DO NOT see data being collected in the log, I assume because my host is marked as down
- I am not worried about the data types in the graph yet, I have no graphs
- last unanswered post from that thread looks interesting, but it was unanswered
Basically, cacti won't let me poll an snmp agent that doesn't respond to a query for the 'System' mib branch (like the checkpoint proxy listening on port 260). I'd like to turn that check off so the poller will still request (and graph) the branch below .1.3.6.1.4.1.2620 . Any idea how I can do that?
I am able to get around the 'SNMP Error' warning if I change the snmp port to 161 for the device through the gui (that port is where the os platform daemon is running) and then change the 'port' for each template item (connections, cpu, memory, dropped, logged, accepted) in the 'poller_item' table in the cacti database to 260 by hand. Not very elegant, but my collection and graphing is now working for the imported template .
I re-read the referenced thread one more time and may have pierced the veil of my ignorance. I am not actually hands-on on the checkpoint and I think this configuration change for snmpd.conf there would probably fix things for me so I would not need the workaround-
proxy -v 1 -c public localhost:260 .1.3.6.1.4.1.2620
aka the snmpdaemon at 161 would proxy the requests for 260 - the healthcheck would work and i would be able to pull the .1.3.6.1.4.1.2620 mib tree from 161 as well
thanks for the help Reinhard
proxy -v 1 -c public localhost:260 .1.3.6.1.4.1.2620
aka the snmpdaemon at 161 would proxy the requests for 260 - the healthcheck would work and i would be able to pull the .1.3.6.1.4.1.2620 mib tree from 161 as well
thanks for the help Reinhard
Who is online
Users browsing this forum: No registered users and 2 guests