IronPort C10 Mail & Spam Appliance

[spoonman]

Appreciate it..........just evaluating one now..most likely will keep!

[eschoeller]

I have made a few changes to the templates and cleaned a few bits and pieces up. I'm posting the python script (unchanged) and the host template in this post. I use M1050/X1050 appliances so I made changes to reflect the differences when using this hardware. Here is a list of changes I made:

1. On the M1050/X1050 there is no CPU temperature, only ambient temperature. Having worked with Dell 2950's before I know this is the case from a hardware perspective (at least looking via OpenManage). The CPU OID still exists, but it's actually the Ambient temperature now. I changed this in the template and removed the CPU temperature completely.

2. I removed the 5 minute Cisco CPU graph/data template from the host template. These units do not provide this information via SNMP from what I can see.

3. I removed the "Legend Color" from the following:

Ironport Ambient Temp
Ironport CPU Usage
Ironport Disk I/O
Ironport Mail Transfer Threads
Ironport Memory Usage
Ironport Messages in Work Queue
Ironport Open Files/Sockets
Ironport Queue Util

I didn't really see a purpose behind selecting colors for each of these for every device you add. Now when you add a device, you are no longer prompted for color choices. It's easy enough to change these at the template level.

4. I renamed all the Graph Item Input Data Source names in the graph templates to have more meaningful names

5. I changed the Data Input Method "Check ESA" to "Check ESA (IronPort)" and changed the Input string to include "-u USERNAME" This is well documented in the script but I felt like including it by default, instead of encouraging people to use the Admin account. I strongly encourage anyone that's planning on using this to create a monitoring account with minimal privileges (guest works!)

6. The user who originally exported these templates had made modifications to the default Interface - Traffic graph templates. When importing this host template those changes came along with it (some sort of red line on the graphs). I created this host template with an un-modified Interface Traffic template so this change will not occur when importing the new host template.

I think that's about it. Please let me know if you experience any problems.

[gandalf]

6. The user who originally exported these templates had made modifications to the default Interface - Traffic graph templates. When importing this host template those changes came along with it (some sort of red line on the graphs). I created this host template with an un-modified Interface Traffic template so this change will not occur when importing the new host template.

That indeed eases support to a great extend
Reinhard

[mlambie]

I've just deployed the new template and Python script with success.

It's 2AM here in Perth so I'm going to head to bed and when I wake up there'll be more pretty graphs to look at.

Thanks to everyone involved with these templates - it's very much appreciated.

[eschoeller]

Thanks for the feedback, and I hope you're getting some good data by now. Our appliances went into production on Tuesday so I now have some data to play with. I am considering creating some new graph templates that create a better summary of Bounces, Messages and Recipients. Currently I think there are too many individual graphs. I may just use the aggregate plugin to create these, but If not, I'll post my changes again.

[spoonman]

Hey Gninja...anyluck on gathering data on the S650?? I haven't looked much at it either? Thanks

[baxford]

Any progress on the S650 Web Appliance?

[gninja]

Sorry, been overwhelmed with other issues and the project for rolling that appliance out has been on the back burner. Once it's rolled out I'll make sure to get back and update those templates.

[trkemist]

This is awesome. Any chance someone can work on the Ironport Web Security Appliance? We have 2 650's and would love to be able to use SNMP!

[ksid6]

Hi Apperrault,

Did you manage to fix this?
If you did, would you mind sharing the solution?
I'm having exactely the same issue on my Cacti when trying to query an Ironport.

Regards,
Bart

GNinja,
These look great. I am having a problem though with some of the graphs, most of them actually. I am getting the following in the error log:

Code: Select all

 01/11/2008 07:15:26 AM - CMDPHP: Poller[0] Host[278] DS[8231] 
app[/quote]

[cdukes]

Hey there..
I was messing around with the ironport script and am getting the following errors:

Code: Select all

Traceback (most recent call last):
  File "/usr/share/cacti/site/scripts/cacti_check_esa.py", line 53, in <module>
    client = urllib2.urlopen(url)
  File "/usr/lib/python2.6/urllib2.py", line 124, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.6/urllib2.py", line 383, in open
    response = self._open(req, data)
  File "/usr/lib/python2.6/urllib2.py", line 401, in _open
    '_open', req)
  File "/usr/lib/python2.6/urllib2.py", line 361, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.6/urllib2.py", line 1130, in http_open
    return self.do_open(httplib.HTTPConnection, req)
  File "/usr/lib/python2.6/urllib2.py", line 1105, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [Errno 111] Connection refused>

So I tried changing it to:

Code: Select all

url = "https://1.1.0.100:8443/xml/status" % (host)
urls = "https://1.1.0.100:8443/xml/status" % (host)

(note the port)

But I still get:

Code: Select all

Traceback (most recent call last):
  File "/usr/share/cacti/site/scripts/cacti_check_esa.py", line 55, in <module>
    client = urllib2.urlopen(url)
NameError: name 'url' is not defined

Got any suggestions?

[eschoeller]

We just upgraded our Ironport appliances to a new firmware. The appliances seem to be on fire now.

Code: Select all

An application fault occurred: ('session/CoroSessionContainer.py login|226', "<class 'aquarium.session.CoroSessionContainer.TooManyLoginSessionException'>", '', '[util/Aquarium.py screenLoop|407] [util/InternalLibrary.py inverseExtend|328] [util/InternalLibrary.py __call__|769] [screen/Controller.py __call__|23] [util/InternalLibrary.py __call__|769] [screen/CommonController.py __call__|38] [util/InternalLibrary.py __call__|769] [screen/AppController.py __call__|130] [screen/HTTPBasicAuthController.py authenticate|61] [session/CoroSessionContainer.py login|226]')

We get spamed about this error once every hour, from each of our appliances. The ironport people are blaming the cacti server stating that

The host X.X.X.X is logging in quite rapidly as the "X" user 16 times within 3 seconds every 1 minute. Unfortunately, the web interface simply cannot handle this onslaught and the discussed errors result.

So, hooray for appliances. I have no idea if this was happening before this "upgrade" or not due to some change in the internal monitoring and alerting system within the appliance. At any rate, from my perspective, the polling was working just fine this entire time. I'm going to have to take a hard look at how this template works to try and identify ways to reduce the number of calls to the poor little web interface.

If you're using a 5 minute poller, you might be OK. I know many (but not all) of the Data Sources used by this template are set to poll every minute in my installation, the others every 5. Due to the fact that I'd have to ditch all my data when converting from a 1 to 5 minute polled Data Source I relish the thought of doing this, but I might not have a choice.

Anyone else in the same boat?

[eschoeller]

I found that this template, like other templates I've used in the past, creates an entire data source for every "ESA Stats" related graph you create. Normally, this may not be a problem, but there is only one Data Input method defined (IP - Check ESA) which stores 18 Output Fields. The smart way to handle this is to create the 15 graphs, but then delete all but one Data Source. Then, one at a time point all the other graphs to that single data source. This will cut down on the number of RRDs and the number of HTTP requests to your Ironport appliance.

For reference, here is the list of each Graph and which Data Source is associated with it.

Code: Select all

IronPort - Bounce Hard DNS		          ipESADNSHardBounceR
IronPort - Bounce Hard Expired		      ipESAExpiredHardBou
IronPort - Bounce Hard Filter		       ipESAFilterHardBoun
IronPort - Bounce Soft Events		       ipESASoftBounceEvts
IronPort - Connections				        ipESAConnIn, ipESAConnOut
IronPort - Gen Bounce Recipients	       ipESAGenBounceRecip
IronPort - Global Unsub Hits		        ipESAGlobalUnsubHit
IronPort - Messages Dropped		         ipESADroppedMsgs
IronPort - Messages Injected		        ipESAInJMsgs
IronPort - Recipients Completed           ipESACompletedRecip
IronPort - Recipients Deleted		       ipESADeletedRecips
IronPort - Recipients Delivered		     ipESADeliveredRecip
IronPort - Recipients Injected		      ipESAInjRecips
IronPort - Recipients Other Hard Bounce	ipESAOtherHardBReci
IronPort - Recipients Rejected		      ipESARejectRecip

This resolved the problem I mentioned above about the Ironport appliance generating an error about too many sessions.

[eric_stewart]

I feel pretty stupid. I bought an Ironport C10 appliance for next to nothing on eBay. Unfortunately the device arrived with a configuration on it and I don't know the password. If someone on this board knows how to perform password recovery on this device, I would sure like to know.

Failing that, hacking the box and using it as a network server is also a possibility.

Thanks!

/Eric

[spoonman]

Please follow the steps below in case you have lost your "admin" password on your IronPort appliance.

Contact Customer Support for a temporary password. You will need the Serial Number of the device.
Once you receive the temporary password, please access the IronPort via serial connection.
Log in as user 'adminpassword'.
Enter the temporary password you received from the Customer Support Engineer and hit return.
Enter the new password that will be used for the 'admin' user.


Looks like you'll have to contact Ironport......