Problems with getting index from OID using regex

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
chrismarston
Posts: 2
Joined: Thu May 24, 2007 9:31 am

Problems with getting index from OID using regex

Post by chrismarston »

I've been using Cacti for a few years but I'm new to designing snmp data queries. I'm trying to get the interface index from a OID on a McAfee Intrushield sensor. In the resulting snmp data the last two digits represent the unique interface. 2 is the slot number which is always the same and the last digit equals the unique interface. The interface possible values range from 1 - 12

snmpwalk -v3 -a MD5 -A xxxxx -l authPriv -u xxxxxx -x DES -X xxxxxx foo.com:8500 .1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1
SNMPv2-SMI::enterprises.8962.2.1.2.1.11.1.1.1.2.1 = STRING: "1B"
SNMPv2-SMI::enterprises.8962.2.1.2.1.11.1.1.1.2.2 = STRING: "1A"

Below are the contents of the data query xml file.

<interface>
<name>Intrushield intfPortIndex</name>
<description>Get Intrushield Interface Table Data</description>
<oid_index>.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1</oid_index>
<oid_index_parse>OID/REGEXP:.*\.([0-9].[0-9]{1,2})$</oid_index_parse>
<index_order>fwIfIndex</index_order>
<index_order_type>numeric</index_order_type>
<index_title_format>|chosen_order_field|</index_title_format>

<fields>
<fwIfIndex>
<name>Index</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1</oid>
</fwIfIndex>
<fwIfName>
<name>Interface Name</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1</oid>
</fwIfName>
<intBytesReceived>
<name>Total Bytes Received</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.5</oid>
</intBytesReceived>
<intBytesSent>
<name>Total Bytes Sent</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.11</oid>
</intBytesSent>
<intIncomingCRC>
<name>Incoming CRC Errors</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.6</oid>
</intIncomingCRC>
<intOutgoingCRC>
<name>Outgoing CRC Errors</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.8962.2.1.3.1.1.3.1.12</oid>
</intOutgoingCRC>
</fields>
</interface>

I've tried using enterprises.8962.2.1.2.1.11.1.1.1 in the oid_index_parse field in place of the full OID because it also works in the snmpwalk command. I've tried to duplicate the examples I've found in both the documentation and these forums as well as a similar xml file for checkpoint_fwIfTable.xml which I found on these forums and it works on the same Cacti server. I've even verified my regex finds what I want using online regex testing tools. In all cases the result is the following when running a verbose query.

+ Running data query [15].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.8962.2.1.2.1.11.1.1.1'
+ No SNMP data returned
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
+ Found data query XML file at '/var/www/html/cacti-0.8.7c/resource/snmp_queries/intrushield_intfPortIndex.xml'
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

Please strip down the XML to the absolute minimum (without fields) and add stuff step by step. Verify each step as given by the SNMPWALK to XML howto of 1st link of my sig. I suppose the error lies in the OID/REGEXP
Reinhard
chrismarston
Posts: 2
Joined: Thu May 24, 2007 9:31 am

Post by chrismarston »

I did strip down the xml to minimum and no matter what I did nothing helped. I was puzzled how an OID/REGEX of seemingly the same format could work on the same Cacti server in a different snmp_query ( for CheckPoint fwIfTable). The only difference was the failing one was accessing over SNMPv3 and the working one over SNMPv2. I setup an SNMP proxy as a test so I could poll from the Cacti server using SNMPv2 and then access the Intrushield from the proxy via SNMPv3 ( which is the only SNMP version supported on our version of IDS software ) and it worked.

So now I'm wondering why it won't work over SNMPv3 from the Cacti server directly to the Intrushield sensor.

I may also try the following: ( Cacti SNMPv3 -> SNMPv3 Proxy > Intrushield Sensor ) just to verify if it's in fact a problem with v3 from Cacti and not somehow fixed by just using a proxy in between.

Any ideas/feedback?

Thanks
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests