VPN Tunnel monitoring

[nduda78]

ok still nothing, but a couple question...

Does the script get the data for octects(bytes) counting up? so each time you run the script you would need to run a diff against the previous results then graph it?

[aquila125]

are you sure the tunnel is up and being used?

Check the TX and RX results in the log file. They should be higher in the second check... else no data has been transferred and the graphs are correct...

[aquila125]

Cacti does this automatically. You set the data source to 'Counter' and that should do it... It also takes care of overruns

[nduda78]

yea the tunnels are very much being used...the data keeps going up when i run the scripts....cacti just is staying at 0...grrrr

whats the best way to remove all this and redo it...so frustrating...cacti is getting the data just not graphing it.

[aquila125]

I changed my script several times and created the data sources from scratch. So perhaps it's best if you delete everything you have. Just leave the script on the harddrive (but delete all the related RRD files).
Then import the template down here and create a new datasource from this template. Enter the correrct IP address and add 'ASA'.
Now create a new Graph (Graph Management) from the graph template.
This should work. I exported the templates from our cacti system and those are working...

If that still doesn't work, give me the results (TX and RX) from one of the tunnels...

Good luck!

[cbrmig]

Is it possible to aplicate this template to a PIX 515 E firewall? Or is there any other way to see the VPN usage or sessions?

Thnks.

[aquila125]

I believe the MIB's are the same for the PIX515E and the ASA. So try and you shall find out
Keep us informed!

[cbrmig]

I believe the MIB's are the same for the PIX515E and the ASA. So try and you shall find out
Keep us informed!

HI..witch MIB's are u talking about?
I'm using the host template "Cisco PIX Firewall".

thnks

[aquila125]

Add a new graph and choose the data template Cisco VPN Tunnel.

[cbrmig]

Add a new graph and choose the data template Cisco VPN Tunnel.

HI.
I already done that ...graphics all empty...

[aquila125]

check the cacti.log file. Make sure logging is on debug.

[cbrmig]

check the cacti.log file. Make sure logging is on debug.

I have this int the log:

11/09/2007 02:04:02 PM - CACTID: Poller[0] Host[6] ERROR: Problems parsing Multi SNMP OID! (oid: SNMPv2-SMI::enterprises.3224.16.2.3.0 )

11/09/2007 02:04:02 PM - CACTID: Poller[0] Host[6] ERROR: Problems parsing Multi SNMP OID! (oid: SNMPv2-SMI::enterprises.3224.16.2.2.0 )

11/09/2007 02:04:02 PM - CACTID: Poller[0] Host[6] ERROR: Problems parsing Multi SNMP OID! (oid: SNMPv2-SMI::enterprises.3224.16.2.1.0 )

[aquila125]

I'm sorry. I don't have a pix firewall here to test my script with. Probably the PIX uses different MIB's then the ASA.

[aquila125]

You can always try to locate the MIB's by using the snmpwalk utility. Cisco also has a pretty decent site where you can search for MIB's. The url is posted in one of the first posts here I believe...

[Leeroy]

Hi. i've a problem with the script (lan2lan_cisco.pl) because it takes too much time to execute (about 1 min for 1 execution and i have at least 40 execution to do). So it works fine for 2 or 3 tunnels but i can't monitoring 40 tunnels.

Any idea?

thanks