pix firewall template

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

darthbator
Posts: 29
Joined: Wed Sep 27, 2006 7:02 pm

Post by darthbator »

I don't seem to be understanding what defines the values on the left side vertical column. For example my CPU graph has a tag labeled "percent" but the numbers then go 0.0,1.0,2.0,3.0,4.0 so what up to 4.0%? This is slightly confusing...

EDIT: I installed the updated memory graph and it still doesn't graph memory use :( This update also appears to have broken my connections graph as it no longer graphs data :(

EDIT: Ok so after recreating all the graphs memory now appears to be reporting correctly. The only issue I am still having is the confusing vertical values on the left side of the CPU graph. Is there any way to tell rrd or cacti how I want to define that column. I would love for my CPU graph to go from 1-100% instead of from 0.0-4.0
michael.williams
Posts: 30
Joined: Tue Oct 24, 2006 11:02 am

Post by michael.williams »

Might this script also work on a cisco asa firewall?
michael.williams
Posts: 30
Joined: Tue Oct 24, 2006 11:02 am

Post by michael.williams »

once I import the template, copy the perl script to the correct directory, I then need to edit the data input methods to enter the user name and password. Correct?

So, I went to Data input methods - "Cisco VPN - Active VPN users"
Here, I see router, username, password, and enpassword.

Once I click username, should I enter the user name in the "Regular Expression Match" field or "Special Type Code" field?

Also, should this work on a asa firewall?
bitgod
Posts: 25
Joined: Thu Mar 31, 2005 2:03 pm
Location: Texas, USA

Post by bitgod »

Are you guys getting the bandwidth and error statistics off your PIX interfaces? Everything is working but that for me... the most important one! Im trying to setup triggered alerts based on errors off a PIX interface.
warnesj
Cacti User
Posts: 173
Joined: Sun May 29, 2005 7:34 pm

Post by warnesj »

Yeah, I'm using the PIX Firewall template from here and I'm getting both bandwidth and error stats off my 515's and 506's. I'm still running v6.3.3. of the PIX OS though.
bitgod
Posts: 25
Joined: Thu Mar 31, 2005 2:03 pm
Location: Texas, USA

Post by bitgod »

Well bits/sec works now.. still no errors/discards. progress nonetheless.
warnesj
Cacti User
Posts: 173
Joined: Sun May 29, 2005 7:34 pm

Post by warnesj »

That's odd, because my errors and discarded packets work. I needed to use SNMP v1 though to monitor the PIX. SNMP v2 just didn't work. :(
SaeZ
Posts: 1
Joined: Fri Dec 15, 2006 9:19 am

Update of template

Post by SaeZ »

Hi,
I updated your template with a fix of CPU graph size and the memory graph (I/O Memory = Free Memory and Used Proc = Used Memory).

It was tested on 0.8.7a.
Attachments
cacti_host_template_cisco_pix_firewall.xml
Updated Pix Template
(140.9 KiB) Downloaded 3843 times
liimuu
Posts: 12
Joined: Tue Jan 16, 2007 3:49 am

Post by liimuu »

Thank you for your hard work,but i found a error.
Management->Graph Management->pix
pix - Traffic - X.X.X.X (PIX Firewall ou)
I think it should be
pix - Traffic - X.X.X.X (PIX Firewall out)
MoifMurphy
Posts: 3
Joined: Tue Mar 10, 2009 7:37 am
Location: Brighton, UK

Post by MoifMurphy »

Hello, will this work on Version 0.8.7d?
cyd777
Posts: 3
Joined: Tue Mar 10, 2009 2:29 pm

status problem

Post by cyd777 »

I'm newbee in cacti.
I installed in debian lenny from package.
I used the template what I found here.
I added a new device with pix template, TCP PING and SNMP Downed Device Detection and I got TCP PING success and every snmp information what set up in pix.

My problem is in device list my pix status is Unknown and the cacti didn't do any graph.

My system is Debian lenny, my pix System is Cisco PIX Firewall Version 6.3(5).
Cacti Version 0.8.7b

Has anyone any idea what make I wrong?

Thans,
cyd
anerot
Posts: 7
Joined: Thu Mar 05, 2009 10:12 am
Location: Paris

Post by anerot »

Hi cyd777

did you try a snmpget (or snmpgetnext) at your server command line ?
did you try with snmp version 1 instead of 2 ?
cyd777
Posts: 3
Joined: Tue Mar 10, 2009 2:29 pm

Post by cyd777 »

Hi anerot!

I think snmp is working, because in command line i get every information from pix in my linux box and when I choose the device in device list I can see every information from pix, but the status is unknown.
Attachments
pix1.JPG
pix1.JPG (50.09 KiB) Viewed 10047 times
pix2.JPG
pix2.JPG (44.39 KiB) Viewed 10047 times
anerot
Posts: 7
Joined: Thu Mar 05, 2009 10:12 am
Location: Paris

Post by anerot »

Hi Cyd,

mmm... it seems that your server has no other device currently monitored. Maybe you have to check your global configuration, specially the polling config.
Are you using ping or snmp for default check for your availability in your global settings ?
sabin16
Posts: 7
Joined: Mon Apr 06, 2009 5:08 pm

Post by sabin16 »

I'm having the same problem as CYD. I think I might have some sort of SNMP problem because under the device under "SNMP Information" it says in red "SNMP error". not really the most descriptive error in the world. I've tried SNMP version 1 and 2. What else should I check out? I'm pretty new to the Cacti world and am trying my best to not just bore you guys with my questions.

Thanks,
Shane
Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests