Juniper/Netscreen ScreenOS 5.3 Policy Counters

Templates, scripts for templates, scripts and requests for templates.

Moderators: Developers, Moderators

Post Reply
srhuston
Posts: 19
Joined: Fri Mar 02, 2007 8:44 pm

Juniper/Netscreen ScreenOS 5.3 Policy Counters

Post by srhuston »

Here's the stuff I just finished up for getting policy counter data out of a Netscreen. There's only one graph template, for the total bytes, but you can see from there how to create other graphs.

I'm using cacti 0.8.6i, and polling a Netscreen NS-500 running ScreenOS 5.3.x - so some of the OIDs may change based on whatever you're running; I know for a fact that earlier versions of ScreenOS did their OIDs differently, for example the policy ID branch was 1.3.6.1.4.1.3224.10.2.1.1.<number> while I think starting with 5.x they're at
1.3.6.1.4.1.3224.10.2.1.1.<number>.0 - as are all the values - which is why a standard SNMP query won't work right (or if it would, I couldn't figure out how to massage it properly).

Standard disclaimers apply - no warranty, no support, if it breaks something you keep the pieces, if it runs off with your wife you can cry in your beer next to me (you supply the beer).

[edit - changed version of "starting with 5.x" since I think it was consistent through the 5.x series but changed from 4.x]
Attachments
netscreen-policy-counters.zip
Netscreen policy counter templates &amp; script
(9.69 KiB) Downloaded 1526 times
Image of the graph created (hadn't run very long yet)
Image of the graph created (hadn't run very long yet)
graph_image.php.png (18.66 KiB) Viewed 19167 times
DevilSun
Cacti User
Posts: 166
Joined: Fri Jul 16, 2004 1:59 pm
Location: Oregon

Post by DevilSun »

I couldn't import the data query netscreen policy counters without removing the "&#34" from the sv_graph and sv_data_source items. Then everything imported fine...just an FYI. Having problems getting it to work but I'll work on it some more...
srhuston
Posts: 19
Joined: Fri Mar 02, 2007 8:44 pm

Post by srhuston »

Ahh, those were the quotes around the policy name. Just thought it looked cleaner in the templates and such - but something must've translated them into those characters in the process of downloading the XML from cacti here.

I did note that of the two graphs I've created so far, one exports fine and one does not, but I've yet to figure out why that is.

And don't forget, before you'll get any data back from the queries, you have to turn on the "Counting" option in the policy you're interested in (look in "Advanced" in the Web UI of the firewall).
packet7
Posts: 30
Joined: Thu Mar 29, 2007 9:10 am

RE: Policy Counters

Post by packet7 »

Hi,

I was unable to get this working. By data query shows 0 items 0 rows. Anyone know what I should try? I have:

1. Copied the xx.xml files from "resources" and "scripts" folder over to the Cacti Server.
2. Imported the 3 xxx.xml templates.
3. Created new device.
4. Assigned data query
5. Unable to create graph

We have other Cacti Templates working. Specifically, the previous post regarding tunnel interfaces. We monitor the BW associated with each VPN. Any help would be appreciated.

Thank you!

John
glista
Posts: 10
Joined: Mon Mar 19, 2007 12:43 am

Post by glista »

Hi

I was having problems to work with cacti 0.8.7b. So i patched this template.
Now works fine
Attachments
netscreen-policy-counters_cacti-0.8.7b.zip
for cacti 0.8.7b
(10.21 KiB) Downloaded 1217 times
ivanwong
Posts: 3
Joined: Wed May 28, 2008 4:39 am

Post by ivanwong »

I run:
# /usr/bin/php -q /usr/share/cacti/scripts/snmp_netscreen_policy_counters.php a.b.c.d cacti 1 161 500 "" "" get PlyMonTotByte 1

Ok no problem.

But, inside Cacti, can't draw the graph...
# tail /var/log/cacti/cacti.log
...
CMDPHP: Poller[0] Host[1] DS[x] WARNING: Result from CMD not valid. Partial Result:

What should I check?
cbennett
Posts: 4
Joined: Thu Nov 12, 2009 7:41 am

Post by cbennett »

I too have exactly the same problem... PHP is returning the correct values:

GGCWCacti01:/var/log/cacti# /usr/bin/php -q /usr/share/cacti/site/scripts/snmp_netscreen_policy_counters.php 10.1.2.1 publiv 1 161 500 "" "" get PlyMonTotByte 30
543021816

but the log file is showing all sorts of crazy stuff...
11/12/2009 02:15:03 PM - SYSTEM STATS: Time:1.1450 Method:cmd.php Processes:1 Threads:N/A Hosts:3 HostsPerProcess:3 DataSources:20 RRDsProcessed:14
11/12/2009 02:20:01 PM - CMDPHP: Poller[0] Host[2] DS[40] WARNING: Result from CMD not valid. Partial Result:
11/12/2009 02:20:02 PM - CMDPHP: Poller[0] Host[2] DS[39] WARNING: Result from CMD not valid. Partial Result:
11/12/2009 02:20:02 PM - CMDPHP: Poller[0] Host[2] DS[41] WARNING: Result from CMD not valid. Partial Result:
11/12/2009 02:20:02 PM - SYSTEM STATS: Time:1.1438 Method:cmd.php Processes:1 Threads:N/A Hosts:3 HostsPerProcess:3 DataSources:20 RRDsProcessed:14
11/12/2009 02:25:02 PM - CMDPHP: Poller[0] Host[2] DS[40] WARNING: Result from CMD not valid. Partial Result:
11/12/2009 02:25:02 PM - CMDPHP: Poller[0] Host[2] DS[39] WARNING: Result from CMD not valid. Partial Result:
11/12/2009 02:25:02 PM - CMDPHP: Poller[0] Host[2] DS[41] WARNING: Result from CMD not valid. Partial Result:
11/12/2009 02:25:03 PM - SYSTEM STATS: Time:1.1456 Method:cmd.php Processes:1 Threads:N/A Hosts:3 HostsPerProcess:3 DataSources:20 RRDsProcessed:14


Has any one resolved this?
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests