Cisco ASA/PIX VPN Statistics
Moderators: Developers, Moderators
I had to mangle a few things on my system to get this to work. First of all the perl script didn't like the '.' on the end of the OID's. Also, on the indexes returned I had to strip the '.' off.
Next I had to add an <HR> to the last item in the graph template. Otherwise its working great! Thanks for this script.
Next I had to add an <HR> to the last item in the graph template. Otherwise its working great! Thanks for this script.
-
- Posts: 10
- Joined: Sun Dec 20, 2009 10:22 pm
- Location: USA
Hello.
I've been trying to implement this script - but without success so far.
I am running cacti on a winXP box, and have an ASA5510.
I've copied the files to the correct folders and imported all the templates.
When i added the Associated Data Querie the status returned 0 items and 0 rows..
The verbose query shows:
then I tried this the manual way:
I have no idea what that "Net/SNMP.pm" is and how to implement it.
I appreciate any ideas and help you could give me.
Thank you in advance!
I've been trying to implement this script - but without success so far.
I am running cacti on a winXP box, and have an ASA5510.
I've copied the files to the correct folders and imported all the templates.
When i added the Associated Data Querie the status returned 0 items and 0 rows..
The verbose query shows:
Code: Select all
+ Running data query [25].
+ Found type = '4 '[script query].
+ Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml'
+ XML file parsed ok.
+ Executing script for list of indexes 'perl C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl public x.x.x.254 ASA index'
+ Executing script query 'perl C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl public x.x.x.254 ASA query index'
+ Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml'
+ Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml'
+ Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml'
Code: Select all
C:\Inetpub\wwwroot\cacti>perl C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl public x.x.x.254 ASA index
Can't locate Net/SNMP.pm in @INC (@INC contains: C:/Perl/site/lib C:/Perl/lib .) at c:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl line 25.
BEGIN failed--compilation aborted at C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl line 25.
I appreciate any ideas and help you could give me.
Thank you in advance!
I've noticed that there seems to be an issue with the latest version of Net::SNMP and the query_lan2lan.pl script. On all of my servers that I have updated to the latest Perl and Net::SNMP module, I get the following error.
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
This is happening on CentOS, Solaris and Ubuntu. From what I can tell the way SNMP.pm handles the hashing as it gathers it from the query_lan2lan.pl variables is not working correctly.
Has anyone else seen this?
Update: As "Henrys" noted, removing the trailing dots from the OIDs in the perl script seems to have done the trick. Time will tell if this causes any other problems. So far, so good on my deployment.
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
This is happening on CentOS, Solaris and Ubuntu. From what I can tell the way SNMP.pm handles the hashing as it gathers it from the query_lan2lan.pl variables is not working correctly.
Has anyone else seen this?
Update: As "Henrys" noted, removing the trailing dots from the OIDs in the perl script seems to have done the trick. Time will tell if this causes any other problems. So far, so good on my deployment.
Hi Gunnar,GunnarPhilipp wrote:Hello.
I've been trying to implement this script - but without success so far.
I am running cacti on a winXP box, and have an ASA5510.
I've copied the files to the correct folders and imported all the templates.
When i added the Associated Data Querie the status returned 0 items and 0 rows..
The verbose query shows:then I tried this the manual way:Code: Select all
+ Running data query [25]. + Found type = '4 '[script query]. + Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml' + XML file parsed ok. + Executing script for list of indexes 'perl C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl public x.x.x.254 ASA index' + Executing script query 'perl C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl public x.x.x.254 ASA query index' + Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml' + Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml' + Found data query XML file at 'C:/Inetpub/wwwroot/cacti/resource/script_queries/cisco_asa_vpn_tunnel.xml'
I have no idea what that "Net/SNMP.pm" is and how to implement it.Code: Select all
C:\Inetpub\wwwroot\cacti>perl C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl public x.x.x.254 ASA index Can't locate Net/SNMP.pm in @INC (@INC contains: C:/Perl/site/lib C:/Perl/lib .) at c:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl line 25. BEGIN failed--compilation aborted at C:\Inetpub\wwwroot\cacti\scripts\query_lan2lan_cisco.pl line 25.
I appreciate any ideas and help you could give me.
Thank you in advance!
It would be best if you familiarized yourself with the PPM on Windows. It's somewhat similar to the CPAN tool for PERL that we all enjoy/hate in the *nix environments.
Once you get PPM running you can follow the steps detailed at this URL to get the Net::SNMP perl module installed. That would be the "Net/SNMP.pm" that your script is complaining about.
http://www.netadmintools.com/part489.html
- nebj00la
- Cacti User
- Posts: 112
- Joined: Fri Feb 17, 2006 9:02 pm
- Location: Massachusetts, USA
- Contact:
This script will not work with the poller configured as spine/cactid. Here's a thread I've started to discuss the issue:
http://forums.cacti.net/viewtopic.php?t=35963
Technically, here is why it's failing:
http://forums.cacti.net/viewtopic.php?t=35963
Technically, here is why it's failing:
...it[the script] uses multiple prints to output the ASA specs, it will fail under spine. You need to, internal to the script, maintain a buffer and output all at once.
Thanks,
nebj00la
nebj00la
Hi, this looks like another excellent tool for Cacti, I wish I could get it to work. It has been a steep learning curve to get to an error free installation, but I now only get blank graphs
I am using Debian...and have an ASA 5540
Step one, I had to install CPAN to get rid of the error
(there are other ways to do this but I found this was the easiest)
I then had to edit the cisco_asa_vpn_tunnel.xml script to show the full path to query_lan2lan_cisco.pl (see previous post)
I then had to remove the last 'dot' from the end of the MIBs in query_lan2lan_cisco.pl (see previous post)
This works
perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl community hostname ASA index
output is a list of Peer IP Addresses
This sort of works
perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl community hostname ASA query RX
output is the list of Peer IP Addresses followed by colon zero
This sort of works:
perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl community hostname ASA get RX -peer ip address-
output is 0 (zero)
I know that I DO have traffic on my VPN Tunnels - some are being graphed individually from the remote device when I have SNMP access to them, so with this I can graph the utilisation of the others
Any input would be very much appreciated
I am using Debian...and have an ASA 5540
Step one, I had to install CPAN to get rid of the error
(there are other ways to do this but I found this was the easiest)
I then had to edit the cisco_asa_vpn_tunnel.xml script to show the full path to query_lan2lan_cisco.pl (see previous post)
I then had to remove the last 'dot' from the end of the MIBs in query_lan2lan_cisco.pl (see previous post)
This works
perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl community hostname ASA index
output is a list of Peer IP Addresses
This sort of works
perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl community hostname ASA query RX
output is the list of Peer IP Addresses followed by colon zero
This sort of works:
perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl community hostname ASA get RX -peer ip address-
output is 0 (zero)
I know that I DO have traffic on my VPN Tunnels - some are being graphed individually from the remote device when I have SNMP access to them, so with this I can graph the utilisation of the others
Any input would be very much appreciated
more info, I checked the MIB from the pl script with snmpwalk,
snmpwalk -c community -v 2c hostname 1.3.6.1.4.1.9.9.171.1.3.2.1.26
and the output was
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.76028 = Counter32: 699186453
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.96553 = Counter32: 1139340567
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.98464 = Counter32: 3181623888
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.99694 = Counter32: 11372476
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.101996 = Counter32: 2242940553
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.101998 = Counter32: 182383434
and I found this on the web (here http://www.oidview.com/mibs/9/CISCO-IPS ... R-MIB.html)
cipSecTunInOctets 1.3.6.1.4.1.9.9.171.1.3.2.1.26
which is the correct name in the pl script
snmpwalk -c community -v 2c hostname 1.3.6.1.4.1.9.9.171.1.3.2.1.26
and the output was
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.76028 = Counter32: 699186453
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.96553 = Counter32: 1139340567
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.98464 = Counter32: 3181623888
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.99694 = Counter32: 11372476
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.101996 = Counter32: 2242940553
SNMPv2-SMI::enterprises.9.9.171.1.3.2.1.26.101998 = Counter32: 182383434
and I found this on the web (here http://www.oidview.com/mibs/9/CISCO-IPS ... R-MIB.html)
cipSecTunInOctets 1.3.6.1.4.1.9.9.171.1.3.2.1.26
which is the correct name in the pl script
query_lan2lan_cisco.pl <community> <hostname> ASA index:
<ip of peer>
<ip of peer>
<ip of peer>
<ip of peer>
<ip of peer>
query_lan2lan_cisco.pl <community> <hostname> ASA query RX
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
query_lan2lan_cisco.pl <community> <hostname> ASA get RX <ip of peer>
0
This indicates to me that the info for the MIB in the perl script is correct, but the perl script doesn't 'run correctly' to output the correct data. I have a look at the perl script, but it is far to complicated for me...
<ip of peer>
<ip of peer>
<ip of peer>
<ip of peer>
<ip of peer>
query_lan2lan_cisco.pl <community> <hostname> ASA query RX
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
query_lan2lan_cisco.pl <community> <hostname> ASA get RX <ip of peer>
0
This indicates to me that the info for the MIB in the perl script is correct, but the perl script doesn't 'run correctly' to output the correct data. I have a look at the perl script, but it is far to complicated for me...
Hi Folks,
I tried stripping off the trailing '.' from the OID as recommended by henrys in an earlier post, and started getting 0 in the TX and RX responses. Without digging into the code further, it appears doing so is actually breaking things.
Let me have a more in-depth look at the code and see what is actually happening...
I tried stripping off the trailing '.' from the OID as recommended by henrys in an earlier post, and started getting 0 in the TX and RX responses. Without digging into the code further, it appears doing so is actually breaking things.
Let me have a more in-depth look at the code and see what is actually happening...
This script doesn't use a MIB (just using OIDs), but clearly something is amiss. iharvey please try the attached version on the command line as before and post the results.iharvey wrote:
query_lan2lan_cisco.pl <community> <hostname> ASA query RX
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
<ip of peer>:0
query_lan2lan_cisco.pl <community> <hostname> ASA get RX <ip of peer>
0
This indicates to me that the info for the MIB in the perl script is correct, but the perl script doesn't 'run correctly' to output the correct data. I have a look at the perl script, but it is far to complicated for me...
Update: Test script removed.
Last edited by Setarcos on Thu Mar 11, 2010 12:54 pm, edited 1 time in total.
Hi Setarcos, many thanks for investigating this and sorry for the delay in replying
The results are:
/usr/share/cacti/site/scripts# perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl <community> <hostname> ASA index
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
request error: The argument "1.3.6.1.4.1.9.9.171.1.2.3.1.7." is unknown at /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl line 227.
/usr/share/cacti/site/scripts# perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl <community> <hostname> ASA query RX
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
request error: The argument "1.3.6.1.4.1.9.9.171.1.2.3.1.7." is unknown at /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl line 227.
/usr/share/cacti/site/scripts# perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl <community> <hostname> ASA get RX <ip address>
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
request error: The argument "1.3.6.1.4.1.9.9.171.1.2.3.1.7." is unknown at /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl line 244.
I never really thought of the difference between MIB and OID so I googled it: Think of a MIB as a DNS
table or a HOSTS file, and the OID as IP address. The MIB relates words to OID numbers as a DNS or HOSTS file relates URLs & names to actual IP addresses
The results are:
/usr/share/cacti/site/scripts# perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl <community> <hostname> ASA index
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
request error: The argument "1.3.6.1.4.1.9.9.171.1.2.3.1.7." is unknown at /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl line 227.
/usr/share/cacti/site/scripts# perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl <community> <hostname> ASA query RX
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
request error: The argument "1.3.6.1.4.1.9.9.171.1.2.3.1.7." is unknown at /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl line 227.
/usr/share/cacti/site/scripts# perl /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl <community> <hostname> ASA get RX <ip address>
Odd number of elements in hash assignment at /usr/local/share/perl/5.10.0/Net/SNMP.pm line 2276.
request error: The argument "1.3.6.1.4.1.9.9.171.1.2.3.1.7." is unknown at /usr/share/cacti/site/scripts/query_lan2lan_cisco.pl line 244.
I never really thought of the difference between MIB and OID so I googled it: Think of a MIB as a DNS
table or a HOSTS file, and the OID as IP address. The MIB relates words to OID numbers as a DNS or HOSTS file relates URLs & names to actual IP addresses
Thanks iharvey,
We are slowly getting to the bottom of this... Could you try the attached version with the same tests and post the results?
Update: Test script removed
We are slowly getting to the bottom of this... Could you try the attached version with the same tests and post the results?
Update: Test script removed
Last edited by Setarcos on Thu Mar 11, 2010 12:54 pm, edited 1 time in total.
Glad to hear it! I just updated the script in the first post of this thread with these changes.iharvey wrote:slowly?? javascript:emoticon(':D') fast enough for me, because it works.
<ip of peer>:3396162449
<ip of peer>:478313915
<ip of peer>:2434121908
<ip of peer>:2246398182
etc. Many many thanks - what a great start to the day
Who is online
Users browsing this forum: No registered users and 2 guests