I've been using Cacti for a few years but I'm new to designing snmp data queries. I'm trying to get the interface index from a OID on a McAfee Intrushield sensor. In the resulting snmp data the last two digits represent the unique interface. 2 is the slot number which is always the same and the last digit equals the unique interface. The interface possible values range from 1 - 12
snmpwalk -v3 -a MD5 -A xxxxx -l authPriv -u xxxxxx -x DES -X xxxxxx foo.com:8500 .1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1
SNMPv2-SMI::enterprises.8962.2.1.2.1.11.1.1.1.2.1 = STRING: "1B"
SNMPv2-SMI::enterprises.8962.2.1.2.1.11.1.1.1.2.2 = STRING: "1A"
Below are the contents of the data query xml file.
<interface>
<name>Intrushield intfPortIndex</name>
<description>Get Intrushield Interface Table Data</description>
<oid_index>.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1</oid_index>
<oid_index_parse>OID/REGEXP:.*\.([0-9].[0-9]{1,2})$</oid_index_parse>
<index_order>fwIfIndex</index_order>
<index_order_type>numeric</index_order_type>
<index_title_format>|chosen_order_field|</index_title_format>
<fields>
<fwIfIndex>
<name>Index</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1</oid>
</fwIfIndex>
<fwIfName>
<name>Interface Name</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1</oid>
</fwIfName>
<intBytesReceived>
<name>Total Bytes Received</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.5</oid>
</intBytesReceived>
<intBytesSent>
<name>Total Bytes Sent</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.11</oid>
</intBytesSent>
<intIncomingCRC>
<name>Incoming CRC Errors</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.6</oid>
</intIncomingCRC>
<intOutgoingCRC>
<name>Outgoing CRC Errors</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.12</oid>
</intOutgoingCRC>
</fields>
</interface>
I've tried using enterprises.8962.2.1.2.1.11.1.1.1 in the oid_index_parse field in place of the full OID because it also works in the snmpwalk command. I've tried to duplicate the examples I've found in both the documentation and these forums as well as a similar xml file for checkpoint_fwIfTable.xml which I found on these forums and it works on the same Cacti server. I've even verified my regex finds what I want using online regex testing tools. In all cases the result is the following when running a verbose query.
+ Running data query [15].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1'
+ No SNMP data returned
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
Problems with getting index from OID using regex
Moderators: Developers, Moderators
-
- Posts: 2
- Joined: Thu May 24, 2007 9:31 am
-
- Posts: 2
- Joined: Thu May 24, 2007 9:31 am
I did strip down the xml to minimum and no matter what I did nothing helped. I was puzzled how an OID/REGEX of seemingly the same format could work on the same Cacti server in a different snmp_query ( for CheckPoint fwIfTable). The only difference was the failing one was accessing over SNMPv3 and the working one over SNMPv2. I setup an SNMP proxy as a test so I could poll from the Cacti server using SNMPv2 and then access the Intrushield from the proxy via SNMPv3 ( which is the only SNMP version supported on our version of IDS software ) and it worked.
So now I'm wondering why it won't work over SNMPv3 from the Cacti server directly to the Intrushield sensor.
I may also try the following: ( Cacti SNMPv3 -> SNMPv3 Proxy > Intrushield Sensor ) just to verify if it's in fact a problem with v3 from Cacti and not somehow fixed by just using a proxy in between.
Any ideas/feedback?
Thanks
So now I'm wondering why it won't work over SNMPv3 from the Cacti server directly to the Intrushield sensor.
I may also try the following: ( Cacti SNMPv3 -> SNMPv3 Proxy > Intrushield Sensor ) just to verify if it's in fact a problem with v3 from Cacti and not somehow fixed by just using a proxy in between.
Any ideas/feedback?
Thanks
Who is online
Users browsing this forum: No registered users and 2 guests