Cisco CSS SNMP rosetta stone

richrumble · Post by **richrumble** » Wed Oct 06, 2004 3:37 pm

Here is what I've learned on the cisco 11506 series of Content Services Switch (css) for OID queries

1.3.6.1.4.1.2467.1.16.4.1.25= Total number of bytes passed using this content rule.
<char-count> = The number of characters in the name of the object (owner, content rule, or service)
<asciii-xxxx> = The name of the object (service, content rule, owner), converted into ascii codes, each character delimited by a dot "."
.1.3.6.1.4.1.2467.1.16.4.1.25.<char-count>.<ascii-owner>.<char-count>.<ascii-content-rule>

for example
.1.3.6.1.4.1.2467.1.16.4.1.25.7.101.120.97.109.112.108.101 =
.1.3.6.1.4.1.2467.1.16.4.1.25.7.e.x.a.m.p.l.e (there are 7 characters in "example")

.1.3.6.1.4.1.2467.1.16.4.1.25.7.e.x.a.m.p.l.e.10.s.e.r.v.i.c.e.1.0.1
.1.3.6.1.4.1.2467.1.16.4.1.25.7.101.120.97.109.112.108.101.10.115.101.114.118.105.99.101.49.48.49
========

.1.3.6.1.4.1.2467.1.16.4.1.26= Total number of frames passed using this content rule.
.1.3.6.1.4.1.2467.1.16.4.1.26.<char-count>.<ascii-owner-name>.<char-count>.<ascii-content-rule>

.1.3.6.1.4.1.2467.1.16.4.1.18= Number of times user request was detected which invoked this content rule.
.1.3.6.1.4.1.2467.1.16.4.1.18.<char-count>.<ascii-owner-name>.<char-count>.<ascii-content-rule>

.1.3.6.1.4.1.2467.1.34.18.1.6= This object specifies the average CPU utilization

.1.3.6.1.4.1.2467.1.15.2.1.17= The current service state

.1.3.6.1.4.1.2467.1.15.2.1.40= The Service currently sensed average load

.1.3.6.1.4.1.2467.1.15.2.1.20= The current number of TCP connections to this service

.1.3.6.1.4.1.2467.1.15.2.1.63= This object will return the current number of local connections that are active on this service.

Most of these are easily found on cisco's site, but they do not explain how to convert the values returned by a snmpwalk into a plain text value.
http://www.cisco.com/en/US/products/hw/ ... ml#1049415

Attached is a perl script to convert plain-text into ascii, with the prepended character count. You can CAT a file through it, 1 entry per line like:

example
service101
et-cet-er-ah

-rich

richrumble · Post by **richrumble** » Tue Oct 19, 2004 12:06 pm

These are total's for the owner, which means all content rules under that owner
The Equivilant show command is:
show owner <owner-name> statistics
All values are from 0-4294967295 as far as i can tell, once 4294967295 is reached, the count starts back over at 0

Hits (owner)
.1.3.6.1.4.1.2467.1.25.2.1.15.<char-count>.<ascii-owner>

Reject No Services (owner)
.1.3.6.1.4.1.2467.1.25.2.1.18.<char-count>.<ascii-owner>

Bytes (owner)
.1.3.6.1.4.1.2467.1.25.2.1.22.<char-count>.<ascii-owner>

Frames (owner)
.1.3.6.1.4.1.2467.1.25.2.1.23. <char-count>.<ascii-owner>
I've not found these documented by cisco yet...

thadhinz · Post by **thadhinz** » Tue Mar 01, 2005 3:55 pm

This is great information. The perl script was very useful as well. I have converted it to a function for those who would like to use it in a perl snmp script.

##################################
#!/usr/bin/perl

sub CssOidConv () {
my($line) = @_;
my @a = ();

chomp $line;

while ($line =~ m/^(.)./) {
push @a, $1;
#print "$1\n";
$line =~ s/^.//;
}

push @a, $line;

my @oidName = ();
push @oidName, $#a+1;
for ($y = 0; $y <= $#a; $y++) { push @oidName, ord($a[$y]); }
my $outOid = join(".", @oidName);
return($outOid);
}

my $cssOid = &CssOidConv("usfcss.sby.test.com_p80");
print "$cssOid\n";

##############################################

chrism · Post by **chrism** » Wed Mar 09, 2005 9:09 am

Hi all,

I'm interested in how you're managing to use this within Cacti? How did you go about creating graphs using the above script/functions?

We've got a few Cisco 11506's, and at the moment they're very much a black hole. We'd like to get a true picture of data flowing in and out via the various virtual addresses, or by content rule. Is there a relatively simple way of using the above in cacti (perhaps via a graph or data template) to produce such information easily, or is it a case of manually adding SNMP OID collectors for each of the content rules, and hand-crafting some graphs?

Cheers,
Chris

richrumble · Post by **richrumble** » Sat Mar 19, 2005 12:41 pm

We've only been able to do this by hand. You could snmpwalk the css and graph things properly, but you'd have to do some cutomization first. With the css you have to use these as a guidline...etc

.1.3.6.1.4.1.2467.1.15.2.1.17= The current service state
.1.3.6.1.4.1.2467.1.15.2.1.40= The Service currently sensed average load
.1.3.6.1.4.1.2467.1.15.2.1.20= The current number of TCP connections to this service
.1.3.6.1.4.1.2467.1.15.2.1.63= This object will return the current number of local connections that are active on this service.

i've really got to mess with it more... i've done everything by hand so far, and it's a pain. Creating the graphs that is. I hope people with more time and experience will better document this.
http://Xinn.org
-rich

sromines · Post by **sromines** » Sun Mar 20, 2005 4:05 pm

Also, keep in mind that in version 7.40 the OID has changed.

from:
.1.3.6.1.4.1.2467.

to:
1.3.6.1.4.1.9.9.368.

Here is the URL:

http://www.cisco.com/en/US/products/hw/ ... #wp1016019

--Shawn

richrumble · Post by **richrumble** » Fri Mar 25, 2005 9:43 am

Good call!
"The .2467 needs to be replaced with 9.9.368 wherever it is used."

The MIBs in 7.40 have been modified to be consistent with other Cisco products within the Cisco private enterprise branch of the MIB tree. The modifications include a change to the enterprise OIDs (Object Identifiers). If you have created any customized network management applications, you must modify these applications in order to use the new OIDs in the modified MIBs in 7.40. If you continue to use the former Arrowpoint enterprise OIDs (.2467), the CSS will not recognize SNMP requests.

The former Arrowpoint enterprise MIB branch was:

•iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).arrowPoint(2467)
1.3.6.1.4.1.2467

The new Cisco enterprise MIB branch is:

•iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).cisco(9).ciscoMgmt(9).arrowPoint(368) 1.3.6.1.4.1.9.9.368

The .2467 needs to be replaced with 9.9.368 wherever it is used. For a graphical view of the updated MIB tree, refer to the Cisco Content Services Switch Administration Guide, Chapter 5, `Configuring Simple Network Management Protocol', Figure 5-2.

After you upgrade the CSS software, you must unload the current CSS MIBs and load the latest CSS MIBs in your network management station. The CSS MIBs are included in the CSS GZIP file. During the software upgrade, the MIBs are loaded into the CSS /mibs directory.

To update the CSS MIBs on your management station after you upgrade the CSS:

1. FTP the specific MIBs or the GZIP file (which contains all the MIBs) from the CSS MIBs (/v1 or /v2) directory to your management station.

2. Unload the CSS MIBs from the management application.

3. Load the MIBs into the management application.

paulvx · Post by **paulvx** » Tue Mar 29, 2005 1:35 pm

Here is something I created to go the other way. I thought it may help someone. It works like this:

[paul@charlize/tmp]# echo "test" | ./mib.pl
4.116.101.115.116
[root@charlize root]# echo "4.116.101.115.116" | ./as_to_st.pl
test
[paul@charlize /tmp]#

-----------------------

#!/usr/bin/perl

my @a = ();

while ($line = <>) {
while (@a) {
pop @a;
}
chomp $line;
while ($line =~ m/^([\d]+)[\D]/) {
push @a, $1;
$line =~ s/($1).//;
}
push @a, $line;
for ($x = 0; $x < $#a; $x++) { print chr($a[$x]); }
print chr($a[$x]), "\n";
}

gondo · Post by **gondo** » Thu May 05, 2005 1:20 pm

Anyone want to take a stab at moving this to php?
Yes, it generates an MRTG config file, but...

Look for the ASNname portion of the config script...
Parses the rule owner and then the rule name...

The code writer is our Senior Net Architect.

This same method is used to get info from LanManager agents to, I believe.
If there is a more complete example on how to do the snmpwalk and parse in-line, please point me in the right direction.
Thanks,
Gondo

linebacker · Post by **linebacker** » Wed May 25, 2005 12:21 pm

Does anyone have the Cisco CSS info put into a template for Cacti yet?

richrumble · Post by **richrumble** » Thu May 26, 2005 11:11 am

Not really formal but....
(old version any version of OS BEFORE 7.40)
CPU (5 minute Avg)
.1.3.6.1.4.1.2467.1.34.17.1.14.1.1
CPU (current)
.1.3.6.1.4.1.2467.1.34.17.1.13.1.1

(7.40 and after)
CPU
.1.3.6.1.4.1.9.9.368.1.34.17.1.14.1.1 (5 min)
.1.3.6.1.4.1.9.9.368.1.34.17.1.13.1.1 (instant)

Again, the release notes for the CSS MIB changes
http://cisco.com/en/US/products/hw/cont ... l#wp182120

You can find more of them here:
http://cisco.com/en/US/products/hw/cont ... #wp1049415
The updated version
http://cisco.com/en/US/products/hw/cont ... #wp1049415

See the attached for a complete list and explainations of the below

ASN Name: apChassisMgrExtSubModuleInstalledMemory
Object Identifier: 1.3.6.1.4.1.2467.1.34.17.1.12

ASN Name: apChassisMgrExtSubModuleSystemHeapFree
Object Identifier: 1.3.6.1.4.1.2467.1.34.17.1.10

ASN Name: apChassisMgrExtSubModuleCPUInstantaneous
Object Identifier: 1.3.6.1.4.1.2467.1.34.17.1.13

ASN Name: apChassisMgrExtSubModuleCPUAverage
Object Identifier: 1.3.6.1.4.1.2467.1.34.17.1.14

ASN Name: apChassisMgrExtSubModuleBufferSize
Object Identifier: 1.3.6.1.4.1.2467.1.34.18.1.4

ASN Name: apChassisMgrExtSubModuleBufferCount
Object Identifier: 1.3.6.1.4.1.2467.1.34.18.1.5

ASN Name: apChassisMgrExtSubModuleBufferAvailable
Object Identifier: 1.3.6.1.4.1.2467.1.34.18.1.6

ASN Name: apChassisMgrExtSubModuleBufferFailures
Object Identifier: 1.3.6.1.4.1.2467.1.34.18.1.7

ASN Name: apChassisMgrExtSubModuleBufferLowBufferCount
Object Identifier: 1.3.6.1.4.1.2467.1.34.18.1.8

ASN Name: apCntName
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.2

ASN Name: apCntHits
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.18

ASN Name: apCntRedirects
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.19

ASN Name: apCntDrops
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.20

ASN Name: apCntRejNoServices
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.21

ASN Name: apCntRejServOverload
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.22

ASN Name: apCntByteCount
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.25

ASN Name: apCntFrameCount
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.26

ASN Name: apCntPrimarySorryHits
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.60

ASN Name: apCntSecondSorryHits
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.60

ASN Name: apCntAvgLocalLoad
Object Identifier: 1.3.6.1.4.1.2467.1.16.4.1.65

ASN Name: apCntsvcHits
Object Identifier: 1.3.6.1.4.1.2467.1.18.2.1.4

ASN Name: apCntsvcBytes
Object Identifier: 1.3.6.1.4.1.2467.1.18.2.1.5

ASN Name: apCntsvcFrames
Object Identifier: 1.3.6.1.4.1.2467.1.18.2.1.6

ASN Name: apSvcNames
Object Identifier: 1.3.6.1.4.1.2467.1.15.2.1.1

ASN Name: apSvcShortLoad
Object Identifier: 1.3.6.1.4.1.2467.1.15.2.1.18

ASN name: apSvcAvgLoad
Object Identifier: 1.3.6.1.4.1.2467.1.15.2.1.40

ASN Name: apSvcLongLoad
Object Identifier: 1.3.6.1.4.1.2467.1.15.2.1.28

ASN Name: apSvcConnections
Object Identifier: 1.3.6.1.4.1.2467.1.15.2.1.20

ASN Name: apGrpHitCount
Object Identifier: 1.3.6.1.4.1.2467.1.17.2.1.10

ASN Name: apFlowMgrExtDosTotalAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.18

ASN Name: apFlowMgrExtDosTotalSynAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.19

ASN Name: apFlowMgrExtDosTotalLandAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.20

ASN Name: apFlowMgrExtDosTotalZeroPortAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.21

ASN Name: apFlowMgrExtDosTotalIllegalSourceAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.22

ASN Name: apFlowMgrExtDosTotalIllegalDestinationAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.23

ASN Name: apFlowMgrExtDosTotalPingOfDeathAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.24

ASN Name: apFlowMgrExtDosTotalSmurfAttacks
Object Identifier: 1.3.6.1.4.1.2467.1.36.25

gondo · Post by **gondo** » Thu May 26, 2005 11:22 am

Thanks Rich!

I removed the mrtg config script and have started the process of getting the content owner / rule info seperated. If there is interest, I would like to "co-author" a cacti template that calls this script in the same manner as the interface templates.

I know that is incredibly vague. I am a newbie to script / template integration, but am willing to learn and contribute. I believe the effort is worthwhile.

Thanks
Frank

bobel · Post by **bobel** » Fri Sep 16, 2005 7:56 am

Here a simple CSS 11500 template for version higher that 7.4.It's not complete (only CPU usage),but can extened

ScOp3 · Post by **ScOp3** » Fri Sep 16, 2005 10:51 am

Cacti is becoming my local "Excalibur" after getting the FC Switches running our CSS seems to be the next patient for treatment.
I will give this CSS Template a try because i finally might be able to retrieve some useful information from this little pesky device.

PS: Ever tried "show group" on the CLI? ^^

richrumble · Post by **richrumble** » Mon Sep 19, 2005 1:57 pm

I've centralized everything I've posted about the CSS snmp OID's into one page here:
http://xinn.org/Css-Rosetta-Stone.html

I hope that I'll have a working template for a CSS 11000 series soon, I have had little time to dedicate to this. I'll post an update once I have more. (soon I hope)
-rich

Cacti

Cisco CSS SNMP rosetta stone

Cisco CSS SNMP rosetta stone

Correction on the MIB's

Good information!

the other way...

Cisco CSS Rosetta Stone

CSS Template

Cisco CSS 11500 template

Who is online