Help..Netscreen Policy Stats

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
jay
Cacti User
Posts: 390
Joined: Wed Aug 31, 2005 8:55 am
Location: Bristol, England

Help..Netscreen Policy Stats

Post by jay »

Hi

I have created a template which hopefully allows me to monitor traffic levels of a Netscreen firewall policy. I want to be able to monitor traffic levels over a vpn tunnel by monitoring a policy.

I have 2 netscreen firewalls which run VPN tunnels. When i run the data query on one of the NS it only shows me one policy, (there are about 15 in total). When i run the query on the other NS fwl it shows me all the policys. This firewall is also running an older firmware version. They are both NS25.

This is the output i get from a verbose query. It looks to be picking up the policy id and other data but its not getting the index value.


+ Running data query [26].
+ Found type = '3' [snmp query].
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/snmp_queries/Netscreen_policy_monitor.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.3224.10.2.1.1'
+ Located input field 'nsPlyId' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.3224.10.1.1.1'
+ Found item [nsPlyId='7'] index: 0 [from value]
+ Found item [nsPlyId='27'] index: 0 [from value]
+ Found item [nsPlyId='32'] index: 0 [from value]
+ Found item [nsPlyId='34'] index: 0 [from value]
+ Found item [nsPlyId='36'] index: 0 [from value]
+ Found item [nsPlyId='37'] index: 0 [from value]
+ Found item [nsPlyId='46'] index: 0 [from value]
+ Found item [nsPlyId='48'] index: 0 [from value]
+ Found item [nsPlyId='51'] index: 0 [from value]
+ Found item [nsPlyId='52'] index: 0 [from value]
+ Found item [nsPlyId='53'] index: 0 [from value]
+ Found item [nsPlyId='55'] index: 0 [from value]
+ Found item [nsPlyId='56'] index: 0 [from value]
+ Found item [nsPlyId='57'] index: 0 [from value]
+ Found item [nsPlyId='58'] index: 0 [from value]
+ Found item [nsPlyId='59'] index: 0 [from value]
+ Located input field 'nsPlySrcAddr' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.3224.10.1.1.5'
+ Found item [nsPlySrcAddr='CTS Manila'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Pavs.32.0'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Pavs.4.0'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Pavs.16.0'] index: 0 [from value]
+ Found item [nsPlySrcAddr='EMEA network'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Kowloon'] index: 0 [from value]
+ Found item [nsPlySrcAddr='CTS Manila'] index: 0 [from value]
+ Found item [nsPlySrcAddr='CTS Manila'] index: 0 [from value]
+ Found item [nsPlySrcAddr='BRSPTSE7'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Flag LAN'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Rome Subnet'] index: 0 [from value]
+ Found item [nsPlySrcAddr='CSJersey subnet'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Any'] index: 0 [from value]
+ Found item [nsPlySrcAddr='CSJersey subnet'] index: 0 [from value]
+ Found item [nsPlySrcAddr='CSJersey subnet'] index: 0 [from value]
+ Found item [nsPlySrcAddr='Any'] index: 0 [from value]
+ Located input field 'nsPlyDstAddr' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.3224.10.1.1.6'
+ Found item [nsPlyDstAddr='EMEA network'] index: 0 [from value]
+ Found item [nsPlyDstAddr='CTS Manila'] index: 0 [from value]
+ Found item [nsPlyDstAddr='CTS Manila'] index: 0 [from value]
+ Found item [nsPlyDstAddr='CTS Manila'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Kowloon'] index: 0 [from value]
+ Found item [nsPlyDstAddr='EMEA network'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Manila FTP server'] index: 0 [from value]
+ Found item [nsPlyDstAddr='BRSPFTP_dmz'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Flag LAN'] index: 0 [from value]
+ Found item [nsPlyDstAddr='BRSPTSE7'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Any'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Any'] index: 0 [from value]
+ Found item [nsPlyDstAddr='CSJersey subnet'] index: 0 [from value]
+ Found item [nsPlyDstAddr='UK Production cluster'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Syntegra Crest gateways'] index: 0 [from value]
+ Found item [nsPlyDstAddr='Rome Subnet'] index: 0 [from value]
+ Located input field 'nsPlyName' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.3224.10.1.1.24'
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='Kow to Emea'] index: 0 [from value]
+ Found item [nsPlyName='Kow to Emea'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='Flag access'] index: 0 [from value]
+ Found item [nsPlyName='Flag access'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Found item [nsPlyName='N/A'] index: 0 [from value]
+ Located input field 'nsPlyActiveStatus' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.3224.10.1.1.23'
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found item [nsPlyActiveStatus='1'] index: 0 [from value]
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/snmp_queries/Netscreen_policy_monitor.xml'
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/snmp_queries/Netscreen_policy_monitor.xml'
+ Found data query XML file at 'C:/Apache2/htdocs/cacti/resource/snmp_queries/Netscreen_policy_monitor.xml'


THis is also the same when i run an snmpwalk


C:\net-snmp\bin>snmpwalk -v1 -c public x.x.x.x 1.3.6.1.4.1.3224.10.2.1.1
SNMPv2-SMI::enterprises.3224.10.2.1.1.7.0 = INTEGER: 7
SNMPv2-SMI::enterprises.3224.10.2.1.1.27.0 = INTEGER: 27
SNMPv2-SMI::enterprises.3224.10.2.1.1.32.0 = INTEGER: 32
SNMPv2-SMI::enterprises.3224.10.2.1.1.34.0 = INTEGER: 34
SNMPv2-SMI::enterprises.3224.10.2.1.1.36.0 = INTEGER: 36
SNMPv2-SMI::enterprises.3224.10.2.1.1.37.0 = INTEGER: 37
SNMPv2-SMI::enterprises.3224.10.2.1.1.46.0 = INTEGER: 46
SNMPv2-SMI::enterprises.3224.10.2.1.1.48.0 = INTEGER: 48
SNMPv2-SMI::enterprises.3224.10.2.1.1.51.0 = INTEGER: 51
SNMPv2-SMI::enterprises.3224.10.2.1.1.52.0 = INTEGER: 52
SNMPv2-SMI::enterprises.3224.10.2.1.1.53.0 = INTEGER: 53
SNMPv2-SMI::enterprises.3224.10.2.1.1.55.0 = INTEGER: 55
SNMPv2-SMI::enterprises.3224.10.2.1.1.56.0 = INTEGER: 56
SNMPv2-SMI::enterprises.3224.10.2.1.1.57.0 = INTEGER: 57
SNMPv2-SMI::enterprises.3224.10.2.1.1.58.0 = INTEGER: 58
SNMPv2-SMI::enterprises.3224.10.2.1.1.59.0 = INTEGER: 59



The other NS seems to pick up the index value.

C:\net-snmp\bin>snmpwalk -v1 -c public x.x.x.x 1.3.6.1.4.1.3224.10.2.1.1
SNMPv2-SMI::enterprises.3224.10.2.1.1.0 = INTEGER: 37
SNMPv2-SMI::enterprises.3224.10.2.1.1.1 = INTEGER: 36
SNMPv2-SMI::enterprises.3224.10.2.1.1.2 = INTEGER: 7
Etc...


Is this because the firmware is different??? I have changed the version the NS uses to V2c.

The NS that works use 4.0.0r1.0 (Firewall+VPN)
The one thaty doesn't uses 5.1.0r1.0 (Firewall+VPN)

Any assitance is appreciated.

Jay
Cacti Version 0.8.7e, Spine 0.8.7e, Apache 2.2.15, Mysql 5.0.88, PHP 5.2.13, RRDTool 1.2.30, NET-SNMP 5.5
Quad Core AMD Opteron Processor 2384, 2.70Ghz, 2GB RAM , 1 CPU used
Windows Server 2003 (X64), VMWARE ESX
Plugins: Aggregate 0.75

SYSTEM STATS: Time:12.5140 Method:spine Processes:2 Threads:15 Hosts:400 HostsPerProcess:200 DataSources:2909 RRDsProcessed:1384
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Post by gandalf »

Please try the last link of my signature. If trouble persists, please post your XML file
Reinhard
jay
Cacti User
Posts: 390
Joined: Wed Aug 31, 2005 8:55 am
Location: Bristol, England

Post by jay »

Hi

I know the XML file is ok as i can poll the policy id from another firewall.

Here is the xml file.


<query>
<name>NS Policy Monitor</name>
<description>Monitors Netscreen Policys</description>
<oid_index>.1.3.6.1.4.1.3224.10.2.1.1</oid_index>
<oid_num_indexes>.1.3.6.1.4.1.3224.10</oid_num_indexes>
<index_order>nsPlyId:nsPlyActiveStatus:nsPlySrcAddr:nsPlyDstAddr:nsPlyName</index_order>
<index_order_type>numeric</index_order_type>
<index_title_format>|chosen_order_field|</index_title_format>

<fields>
<nsPlyId>
<name>PlyId</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.3224.10.1.1.1</oid>
</nsPlyId>
<nsPlySrcAddr>
<name>SrcAddr</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.3224.10.1.1.5</oid>
</nsPlySrcAddr>
<nsPlyDstAddr>
<name>DstAddr</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.3224.10.1.1.6</oid>
</nsPlyDstAddr>
<nsPlyName>
<name>PlyName</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.3224.10.1.1.24</oid>
</nsPlyName>
<nsPlyActiveStatus>
<name>ActiveState</name>
<method>walk</method>
<source>value</source>
<direction>input</direction>
<oid>.1.3.6.1.4.1.3224.10.1.1.23</oid>
</nsPlyActiveStatus>

<nsPlyMonBytePerSec>
<name>BytesPerSec</name>
<method>walk</method>
<source>value</source>
<direction>output</direction>
<oid>.1.3.6.1.4.1.3224.10.2.1.6</oid>
</nsPlyMonBytePerSec>
</fields>
</query>



Jay
Cacti Version 0.8.7e, Spine 0.8.7e, Apache 2.2.15, Mysql 5.0.88, PHP 5.2.13, RRDTool 1.2.30, NET-SNMP 5.5
Quad Core AMD Opteron Processor 2384, 2.70Ghz, 2GB RAM , 1 CPU used
Windows Server 2003 (X64), VMWARE ESX
Plugins: Aggregate 0.75

SYSTEM STATS: Time:12.5140 Method:spine Processes:2 Threads:15 Hosts:400 HostsPerProcess:200 DataSources:2909 RRDsProcessed:1384
adamg
Posts: 1
Joined: Thu May 11, 2006 2:58 pm

Templates

Post by adamg »

Hi,

Would it be possible for you to supply your graph and data templates.

Thanks,

Adam
jay
Cacti User
Posts: 390
Joined: Wed Aug 31, 2005 8:55 am
Location: Bristol, England

Post by jay »

Hi Adam

I would post the templates but they dont seem to work properly. I have just checked the graphs and the data that is collected isn't correct. The average for the policy is 50Mbps, yet the amount of traffic going into the firewall doesn't equate to any wherer near that amount.

Let me know if you still want me to post them?

Jay
Cacti Version 0.8.7e, Spine 0.8.7e, Apache 2.2.15, Mysql 5.0.88, PHP 5.2.13, RRDTool 1.2.30, NET-SNMP 5.5
Quad Core AMD Opteron Processor 2384, 2.70Ghz, 2GB RAM , 1 CPU used
Windows Server 2003 (X64), VMWARE ESX
Plugins: Aggregate 0.75

SYSTEM STATS: Time:12.5140 Method:spine Processes:2 Threads:15 Hosts:400 HostsPerProcess:200 DataSources:2909 RRDsProcessed:1384
srhuston
Posts: 19
Joined: Fri Mar 02, 2007 8:44 pm

Re: Help..Netscreen Policy Stats

Post by srhuston »

jay wrote:I have 2 netscreen firewalls which run VPN tunnels. When i run the data query on one of the NS it only shows me one policy, (there are about 15 in total). When i run the query on the other NS fwl it shows me all the policys. This firewall is also running an older firmware version. They are both NS25.
As you noted, I think between 4.x and 5.x they changed how the data is presented in the OIDs - see the note I made in http://forums.cacti.net/viewtopic.php?t=20143

Have a look at those templates and see how they compare to yours - I haven't done a lot of research to see how accurate they are, I'm just happy I got the policy counter data out of the box :>
jay
Cacti User
Posts: 390
Joined: Wed Aug 31, 2005 8:55 am
Location: Bristol, England

Post by jay »

Hi srhuston

I gave up with the templates in the end. I think we are going to be getting Netscreen Security Manager at some point so will be able to get traffic stats using that.

Jay
Cacti Version 0.8.7e, Spine 0.8.7e, Apache 2.2.15, Mysql 5.0.88, PHP 5.2.13, RRDTool 1.2.30, NET-SNMP 5.5
Quad Core AMD Opteron Processor 2384, 2.70Ghz, 2GB RAM , 1 CPU used
Windows Server 2003 (X64), VMWARE ESX
Plugins: Aggregate 0.75

SYSTEM STATS: Time:12.5140 Method:spine Processes:2 Threads:15 Hosts:400 HostsPerProcess:200 DataSources:2909 RRDsProcessed:1384
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests