pix firewall template

egarnel · Post by **egarnel** » Fri Jan 09, 2004 11:48 am

This is my 1st template, but it should work fine for most applications.

It is a host template (with dependancies) fro Cisco Pix firewalls. The template measures CPU load, interfaces , Free memory and connections.

Good luck with it. Please let me know if you have any questions or improvements on it.

Eric

booyaa · Post by **booyaa** » Tue Jun 29, 2004 2:28 pm

Does this work? Anyone tried? How do I install it?

kirbini · Post by **kirbini** » Thu Jul 08, 2004 1:32 pm

I just loaded this template into the newest version (0.8.5a). It loads correctly but it does not query the correct MIBs. In fact, it queries the

enterprises.109....

tree which doesn't exist on my PIX running PIXOS 6.1.

egarnel · Post by **egarnel** » Fri Jul 09, 2004 10:27 am

Yes, it works for 6.3
I have the same issue. I have 3 pixs, two of which are on 6.3 and the other on 6.1
the pix running 6.1 does not show the graphs & my fix for that is to upgrade the PIX.

claytondukes · Post by **claytondukes** » Wed Aug 18, 2004 9:10 pm

It seems to be missing the memory cdef's
Otherwise, it worked.

Guest · Post by **Guest** » Sun Aug 22, 2004 8:30 am

Once I applied the single quote patch the template worked. Thanks.

..::BFS::.. · Post by **..::BFS::..** » Tue Sep 28, 2004 6:08 am

Anonymous wrote:Once I applied the single quote patch the template worked. Thanks.

Can somebody explain to me what this single quote patch means? Sorry for kicking an old topic...

BitFlipper · Post by **BitFlipper** » Mon Oct 04, 2004 10:43 pm

I am not an expert on Perl but understand the 'why' and the 'reason' for the fix.

The short version ... take a look at the following from a PIX walk:

IF-MIB::ifDescr.1 = STRING: PIX Firewall 'unused' interface
IF-MIB::ifDescr.2 = STRING: PIX Firewall 'extranet' interface
IF-MIB::ifDescr.3 = STRING: PIX Firewall 'intranet' interface
IF-MIB::ifDescr.4 = STRING: PIX Firewall 'inside' interface

Normally, devices have a simple string as a description. The PIX includes single quotes which in Perl, is interpreted or translated causing a script to fail. That is, when you query the PIX for an interface description, you get the following "PIX Firewall 'inside' interface" and not "inside" like you'd expect and only need.

..::BFS::.. · Post by **..::BFS::..** » Fri Oct 08, 2004 2:58 am

When I graph the connections I don't get any input on my graphs. I do get the CPU Usage and Interfaces but no Connections or Memory.

Polling a couple of Pix's running on Cisco PIX Firewall Version 6.3(1)

egarnel · Post by **egarnel** » Fri Oct 08, 2004 10:13 am

what are the OIDs under your data template for pix connections?
should be 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6

and memory should be
1.3.6.1.4.1.9.9.48.1.1.1.5.1

I built the template based on a pix running 6.3(1) and under Cacti .8.5.a. It still works under .8.6.a for me.

I also imported it into another Cacti server that monitors a pix running 6..1.x and memory graphing does not work with that version

what are your snmp settings on the PIX? It is odd that you would get CPU and not interfaces

guerra6880 · Post by **guerra6880** » Mon Oct 11, 2004 8:43 pm

..::BFS::.. wrote:When I graph the connections I don't get any input on my graphs. I do get the CPU Usage and Interfaces but no Connections or Memory.

Polling a couple of Pix's running on Cisco PIX Firewall Version 6.3(1)

I used to have this problem and it was driving me nuts until I figured out that the maximum value was set at 100 so anything over 100 connections was being dropped. As most my pixes have more then 100 connections this was a must for me.

cpdans · Post by **cpdans** » Tue Oct 26, 2004 12:03 pm

Anonymous wrote:Once I applied the single quote patch the template worked. Thanks.

I noticed the above post. I thiink am having the same problem. I am running 0.8.6b and am not getting the connections and memory graph. However, I do get the CPU Usage graph. Any ideas? If I do need this patch where might I get it?

Thanks,

Dan

cpdans · Post by **cpdans** » Tue Oct 26, 2004 1:53 pm

Not to over post myself, but upon further examination it appears that the data is getting dumped into the rrd file for both connections and memory. However the graphs are not displaying the information. I did notice that the upper limit of the datasource and the graph were set at 100 for connections. I currently have over 1100 so I uped that limit to 100000. Don't know if that make a difference or not.

Thanks for the help.

Bioman · Post by **Bioman** » Thu Nov 04, 2004 10:36 am

Hi !
I just uploaded this PIX template to my Cacti server.
Both the CPU and Conns graphs are created. Though, for the moment, there is no data in it (might be normal as this firewall is not busy at all for now).

I have a problem with the Memory graph.
The graph templates does NOT refere to any data source at all.

For instance, for the Connection graph, there has been a pixconn data template created, and this template is used to create the Conn graph.
The memory data template does not exist... How come ?

Thanx for your help...

Bioman · Post by **Bioman** » Thu Nov 04, 2004 11:00 am

Sorry for the flood, but I also cannot get any Interface information... Anything I have to do ?...

Thanx

Cacti

pix firewall template

pix firewall template

Doesn't work...

PIX

Pix

Who is online