SonicWall templates ?

[tw3]

I, too, had this problem and spent the last 2 days looking here and elsewhere and not getting anywhere.:

+ Running data query [14].
+ Found type = '4 '[script query].
+ Found data query XML file at 'C:/inetpub/cacti/resource/script_queries/sonicwall_vpn.xml'
+ XML file parsed ok.
+ Executing script for list of indexes 'perl C:\inetpub\cacti\scripts\query_sonicwall_vpn.pl xxxxxxxx public index'
+ Executing script query 'perl C:\inetpub\cacti\scripts\query_sonicwall_vpn.pl xxxxxxxx public query peergateway'
+ Executing script query 'perl C:\inetpub\cacti\scripts\query_sonicwall_vpn.pl xxxxxxxx public query vpnname'
+ Found data query XML file at 'C:/inetpub/cacti/resource/script_queries/sonicwall_vpn.xml'
+ Found data query XML file at 'C:/inetpub/cacti/resource/script_queries/sonicwall_vpn.xml'
+ Found data query XML file at 'C:/inetpub/cacti/resource/script_queries/sonicwall_vpn.xml'

Also had this:

When I execute "perl c:/inetpub/cacti/scripts/query_sonicwall_vpn.pl 10.1.118.170 public index", Cacti gives this error:
Code:

Can't locate Net/SNMP.pm in @INC (@INC contains: C:/Perl/site/lib C:/Perl/lib .)
at /inetpub/cacti/scripts/query_sonicwall_vpn.pl line 20.
BEGIN failed--compilation aborted at /inetpub/cacti/scripts/query_sonicwall_vpn.
pl line 20.

Here's how I solved mine. I'm a cacti noob so don't expect me to be able to solve yours....I'm just showing you how I did mine.

I imagine if you're getting this, you're like me and running it on a Windows server. At first, I was missing Perl. At this point, I didn't even get the "Can't locate Net/SNMP.pm" part in the above error. So I installed Perl from www.activestate.com.

I ran it and then received the above error.

After using the Perl Package Manager that comes with ActiveState Perl, I installed the Net-SNMP and Crypt-DES packages (it's a dependency thing).

After that, manually running the perl command from command line gave results where there were none before.

Now, you need to fix your Windows Apache server to run pl scripts with the newly installed Perl. I just followed the directions listed http://www.thesitewizard.com/archive/ad ... ache.shtml.

Specifically, these are the changes I made.

1. Running Perl Scripts in a CGI directory

You can configure Apache to treat any file in a particular directory as a CGI script. Typically, web hosts call such a directory the cgi-bin directory.

To configure Apache to treat a particular directory as your script directory, search for the following line in your "httpd.conf" file.

For those who have forgotten where the "httpd.conf" file can be found, try looking for it in the "conf" directory of your Apache folder. If you used the default directories supplied by the Apache installer, it would be "c:\Program Files\Apache Group\Apache\conf\httpd.conf".

ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache/cgi-bin/"

If it has been commented out, that is, if there is a hash mark ("#") before the line, remove the hash character to enable it. If it has not been commented out, it means that your Apache is already configured to run CGI scripts in that directory. You can change the directory to another directory if you wish.

2. Running CGI scripts anywhere in your domain

If you don't want to be restricted to running CGI scripts within the ScriptAlias directory in your domain, and want CGI scripts to run anywhere in your domain, add the following line to your "httpd.conf" file.

AddHandler cgi-script .cgi

You can add it yourself manually, but since the default httpd.conf file that is supplied by Apache already comes with that line commented out, the simplest thing would be to search for that string in your existing file, and remove the preceding comment character, that is, remove the "#".

If you want the .pl extension recognised as a CGI script as well, simply append the extension to the list, as follows:

AddHandler cgi-script .cgi .pl

Next, search for the line that says "<Directory /> in the file. It should look something like this:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

Add "+ExecCGI" to the options list. The line now looks like this:

Options FollowSymLinks +ExecCGI

3. Making a CGI Script Your Default Page <didn't do this>

If you want to make your CGI script execute as the default page for a directory, you have to add another line to the Apache configuration file (httpd.conf). Simply search for the line in the file that begins with a "DirectoryIndex" and add "index.cgi" to the list of files on that line. For example, if the line used to be:
DirectoryIndex index.html

change it to
DirectoryIndex index.cgi index.html

The next time you access "http://localhost/" or "http://localhost/directory/" without any filename specified, Apache will run "index.cgi" if available or deliver "index.html" if it cannot find "index.cgi". If you have both "index.cgi" and "index.html" in the directory, "index.cgi" is used since it's listed first.

You are not limited to the above two files. For example, I have set up Apache on my computer with the following line:
DirectoryIndex index.php index.cgi index.shtml index.html

If you have also installed PHP support and enabled server side includes in Apache, the directive will instruct Apache to look first for an index.php file, or failing that an index.cgi file, or if that could not be found, an index.shtml file, and finally an index.html file if all else fails.

That's it. Your Apache server now supports the execution of CGI scripts. You will have to restart the server before the new configuration comes into effect. The work's not ended however - read on.

Modifying Your CGI Script

As it stands, if your CGI script is a Windows executable, it would be executed by Apache correctly. However, if it's a script that relies on an interpreter such as Perl or Python, you will have to modify the first line of the script.

Your Perl script will typically contain an initial line of
#!/usr/bin/perl

or some such thing. This tells a Unix-based kernel to look for an interpreter at the path "/usr/bin/perl" and invoke it to interpret the instructions in the file.

Since the script now runs on Windows, and it is unlikely that you installed your Perl interpreter in a /usr/bin directory, you will need to change that first line to point to the real location of your Perl interpreter.

For example, on my Windows box, I have to change the first line of my Perl scripts to:
#!c:/perl/bin/perl.exe

There....that's how I did it. Maybe you can apply the same logic to your setup. If you're using Linux, look for that Net SNMP Perl module.

Good luck.

[mrmitch]

Initially had a few problems with this template. Took about 5 minutes to get things working. I performed these steps AFTER following the initial instructions and AFTER adding my sonicwall as a device. This is an ubuntu server.:

• sudo apt-get install libcrypt-des-perl libcrypt-des-ede3-perl libnet-snmp-perl
• Copy the attached file to cacti/resource/script_queries/sonicwall_vpn.xml
• Browse to your Sonicwall device, select "Create Graphs for This Host" and then click the green "Reload Associated Query" circle-button. The page should reload and all of your VPNs should be listed.

If I forgot any steps, my bad!

Now, has anyone figured out how to graph the actual WAN interfaces?

You are the man, installing the libraries was it for me. It's returning rows now.
-Mitch

[bdearlove]

Good Day All,
Looking at trying Cacti since moving away from it about 2 years ago. Looking at getting the Sonicwall VPN stats working again. I have Net/SNMP working and everything, but querying does not seem to work:

perl C:\Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl 10.92.0.230 SNMPID query vpnname request error: The argument "1.3.6.1.4.1.8741.1.3.2.1.1.1.2." is unknown at C:\Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl line 51.

Anyone running into issues such as this?

Thanks.

[apervizi]

I am also getting the following error.

perl.exe C:\Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl 10.118.0.2 public index request error: The argument "1.3.6.1.4.1.8741.1.3.2.1.1.1.2." is unknown at C:\Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl line 51.


Moreover, doing a verobose query, I get:

+ Running data query [16].
+ Found type = '4 '[script query].
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/script_queries/sonicwall_vpn.xml'
+ XML file parsed ok.
+ Executing script for list of indexes ' '
+ Executing script query ' '
+ Executing script query ' '
+ Executing script query ' '
+ Executing script query ' '
+ Executing script query ' '
+ Executing script query ' '
+ Executing script query ' '
+ Executing script query ' '
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/script_queries/sonicwall_vpn.xml'
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/script_queries/sonicwall_vpn.xml'
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/script_queries/sonicwall_vpn.xml'

It looks like the script is not being referenced.

The query script is located: Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl

Thanks

[jefframsey]

I have decided to try again and see if I can get the graphs working properly on my three Sonicwall devices.

I have CPU/Connections/Memory, and I have a graph for each physical port. They all work just as they should.

I am able to see all of my VPN connections, and I create graphs for them, but my graphs always just show 'nan' for all figures on my VPN graphs. My VPN links all transverse over the WAN, which is connected to a 2.3Mb SDSL link to my ISP.

Using the formula in the earlier posts, I came up with this number for max bytes: ( 2411724.8 / 8 ) * ( 1 + 1.05 ) = 618004.48

My poller output related to my Sonicwall NSA 2400 is as follows:

Code: Select all

root@helpdesk:~# php /usr/share/cacti/site/poller.php | grep 2400
03/12/2010 07:29:10 AM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/lib/cacti/rra/nsa_2400_decryptbytes_1068.rrd --template encryptbytes:decryptbytes 1268407749:0166605051563591434180962500:67895955919435892253363564294667896789
03/12/2010 07:29:11 AM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/lib/cacti/rra/nsa_2400_decryptbytes_1067.rrd --template encryptbytes:decryptbytes 1268407749:00002414895218515283571004311111487424101100095205107020:00002963225274294910423910542015836407473992804200032305900

As you can see, I have WAY more bytes being recorded than that.

Does anyone know where I keep going wrong?

[jefframsey]

I have a few theories as to why I am not graphing anything for my VPN connections.

1. I am using AES-256/SHA-1 for an encryption method. Perhaps the script only works off of DES or 3DES?

2. I have several IP subnets that are being tunneled through the Site-2-Site Connections, so maybe it is somehow adding the bandwidth of all of these tunnels together, and so I need to set the maximum tunnel speeds at the combined number?

[ChrisHem]

Good Day All,
Looking at trying Cacti since moving away from it about 2 years ago. Looking at getting the Sonicwall VPN stats working again. I have Net/SNMP working and everything, but querying does not seem to work:

perl C:\Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl 10.92.0.230 SNMPID query vpnname request error: The argument "1.3.6.1.4.1.8741.1.3.2.1.1.1.2." is unknown at C:\Apache2\htdocs\cacti\scripts\query_sonicwall_vpn.pl line 51.

Anyone running into issues such as this?

Thanks.

I am also having this problem.
Has anyone been able to solve this?

[ck1]

Same problem here. Have a 2040 running SonicOS Enhanced 4.0.0.12-64e.
I'm thinking that maybe SonicWall has changed the MIBs in version 4.
When I run the perl script manually I'm unable to query any of the VPN objects listed in the script usage text.

I'll now start hunting for an updated script I can use somewhere else.

-ck1

[ck1]

Problem solved with the unknown error being received.

Several things I did before doing the following, I have not undone the previous steps to see if they were even necessary so try this first:

Edit the "query_sonicwall_vpn.pl" script located in the scripts directory of the cacti servers' root directory.

Comment out the OID variables and re-add them without the trailing "."s as follows:


# Set OID variables
#$sonicSAStatPeerGateway = "1.3.6.1.4.1.8741.1.3.2.1.1.1.2.";
#$sonicSAStatDecryptByteCount = "1.3.6.1.4.1.8741.1.3.2.1.1.1.11.";
#$sonicSAStatEncryptByteCount = "1.3.6.1.4.1.8741.1.3.2.1.1.1.9.";
#$sonicSAStatUserName = "1.3.6.1.4.1.8741.1.3.2.1.1.1.14.";

$sonicSAStatPeerGateway = "1.3.6.1.4.1.8741.1.3.2.1.1.1.2";
$sonicSAStatDecryptByteCount = "1.3.6.1.4.1.8741.1.3.2.1.1.1.11";
$sonicSAStatEncryptByteCount = "1.3.6.1.4.1.8741.1.3.2.1.1.1.9";
$sonicSAStatUserName = "1.3.6.1.4.1.8741.1.3.2.1.1.1.14";


If this does not solve the issue then here are the steps I took prior to confirming this failure in the script.

I obtained the MIB files for the sonic wall and copied them into /usr/share/snmp/mibs

Then in order to import them into the active mib list I created the following in the root directory of the user running the cacti server. In my case this was 'cactiuser'.

Create directory '.snmp/' and then inside create a file called snmp.conf.
Add to that file "mibs=+SONICWALL-FIREWALL-IP-STATISTICS-MIB"
which will add the necessary mib file to the active list of mib files used by Net::SNMP.

The following commands I used to confirm the mib file was working prior after I added it to the /usr/share/snmp/mibs/ directory:

snmpwalk -m +SONICWALL-FIREWALL-IP-STATISTICS-MIB -c tradepub -v 1 x.x.x.x .iso

Where x.x.x.x is the IP of your firewall. This will walk the "enterprise" mibs available on the sonicwall. You can replace ".iso" with "1.3.6.1.4.1.8741.1.3.2.1.1.1.2" to get a list of active VPN tunnels configured on your device. If it comes back then you should be good to go.

-ck1

[ddeltoro]

I have decided to try again and see if I can get the graphs working properly on my three Sonicwall devices.

I have CPU/Connections/Memory, and I have a graph for each physical port. They all work just as they should.

I am able to see all of my VPN connections, and I create graphs for them, but my graphs always just show 'nan' for all figures on my VPN graphs. My VPN links all transverse over the WAN, which is connected to a 2.3Mb SDSL link to my ISP.

Using the formula in the earlier posts, I came up with this number for max bytes: ( 2411724.8 / 8 ) * ( 1 + 1.05 ) = 618004.48

My poller output related to my Sonicwall NSA 2400 is as follows:

Code: Select all

root@helpdesk:~# php /usr/share/cacti/site/poller.php | grep 2400
03/12/2010 07:29:10 AM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/lib/cacti/rra/nsa_2400_decryptbytes_1068.rrd --template encryptbytes:decryptbytes 1268407749:0166605051563591434180962500:67895955919435892253363564294667896789
03/12/2010 07:29:11 AM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update /var/lib/cacti/rra/nsa_2400_decryptbytes_1067.rrd --template encryptbytes:decryptbytes 1268407749:00002414895218515283571004311111487424101100095205107020:00002963225274294910423910542015836407473992804200032305900

As you can see, I have WAY more bytes being recorded than that.

Does anyone know where I keep going wrong?

I'm having the same issue. After digging a little in the perl file what I think is happening is that it is outputing ALL the encrypted bytes for each part of the VPN tunnel on one line. For instance: here we have 5 networks on our local vpn, and 4 on the peer. The sonicwall vpn appears to have that as 20 different vpn connections. The perl script seems to just output all of their encrypted bytes on one line. You can see this if you go to the bottom of the perl file where the line says:

Code: Select all

print "$output{$ARGV[3]}";

replace that with:

Code: Select all

print "$output{$ARGV[3]}\n";

and it will output each 'tunnel' to that peer on an individual line.

I made the following changes below:

Code: Select all

} elsif ($func eq "get") {
	$sum{'decryptbytes'} =0;
	$sum{'encryptbytes'} =0;
        foreach $key (sort keys (%datatable)){
		if ($datatable{$key} eq $ARGV[4]) {
			$recdata = $session->get_request($sonicSAStatDecryptByteCount.$key);
			$receive = $recdata->{$sonicSAStatDecryptByteCount.$key};
			$sentdata = $session->get_request($sonicSAStatEncryptByteCount.$key);
			$sent = $sentdata->{$sonicSAStatEncryptByteCount.$key};
			$namedata = $session->get_request($sonicSAStatUserName.$key);
			$name = $namedata->{$sonicSAStatUserName.$key};
			my %output = (
                        	peergateway => $datatable{$key},
                        	vpnname => $name,
                        	decryptbytes => $receive,
                        	encryptbytes => $sent
                	);
			#print "$output{$ARGV[3]}";                
			$sum{'decryptbytes'} += $receive;
			$sum{'encryptbytes'} += $sent;
		}	 
	}
	print "$sum{$ARGV[3]}"; 
}

This should add all of the sent/recieved items requested and then display them at the end. So far it appears to be working. The important lines are the initial setting the variables to 0, the summation, the print, and commenting out the original print command.

[helleon]

sonicwall platfroms are upgraded to gen5 (means 5.X.X), is there any new templates for then?

[fosiul01]

Hi,

I have setup this graph as described. Every things works fine. but one Vpn connection does not show any graph.
its shows NAN and dont understand why its showing NAN,

if i run the command from command prompt, i get result..

./query_sonicwall_vpn.pl host community get decryptbytes device
121799855152026586615944279


but the graph does not show anything.

Can any one please tel me, what can cause the issue ..
here, I have setup the maximum link speed in bytes/second is 10485760 as 10M/b is our Bandwidth.

thanks for help
Really appreciate.

[domeger]

I been having some weird issues with the cacti templates with the latest firmware update for three years I been using the one that avaiable on the cacti forum, and when i finally upgrade to the version that supports GeoIP blocking it stopped working. Anyone else have this issue ?, I am using a NSA4500.

[gurulee]

I get this error when creating the graph:

Code: Select all

Created graph:
ERROR: no Data Source associated. Check Template

[Sonicro]

NO GRAPHS VPN....

+ Running data query [14].
+ Found type = '4 '[script query].
+ Found data query XML file at 'c:/Inetpub/wwwroot/cacti/resource/script_queries/sonicwall_vpn.xml'
+ XML file parsed ok.
+ Executing script for list of indexes 'perl c:\Inetpub\wwwroot\cacti\scripts\query_sonicwall_vpn.pl 10.206.10.1 public index'
+ Executing script query 'perl c:\Inetpub\wwwroot\cacti\scripts\query_sonicwall_vpn.pl 10.206.10.1 public query peergateway'
+ Executing script query 'perl c:\Inetpub\wwwroot\cacti\scripts\query_sonicwall_vpn.pl 10.206.10.1 public query vpnname'
+ Found data query XML file at 'c:/Inetpub/wwwroot/cacti/resource/script_queries/sonicwall_vpn.xml'
+ Found data query XML file at 'c:/Inetpub/wwwroot/cacti/resource/script_queries/sonicwall_vpn.xml'
+ Found data query XML file at 'c:/Inetpub/wwwroot/cacti/resource/script_queries/sonicwall_vpn.xml'