Cisco ASA templates - YMMV

[Alberello]

These were created for the Cisco ASA 5520

They doesn't work on my asa 5520 8.0(3)6

Just able to monitor cpu with a data template of cisco router.

[Ilukester]

Hi, I am totally new to this whole Mib's thing. Some how I have my Total Sessions graph working but I don't have any other graph working. Could someone tell me how to fix this problem. Is it the Mibs? And how and which mibs would I need to install?
Thank you in advance. And if I figure it out i will post how I did up here.

[southcat]

These were created for the Cisco ASA 5520

my session no graph? debug :
RRDTool command:

/usr/local/rrdtool/bin/rrdtool graph - \
--imgformat=PNG \
--start=-86400 \
--end=-60 \
--title="ciscoASA_5550 - Sessions" \
--base=1000 \
--height=120 \
--width=500 \
--alt-autoscale-max \
--lower-limit=0 \
--vertical-label="# of Sessions" \
--slope-mode \
--font TITLE:10: \
--font AXIS:8: \
--font LEGEND:8: \
--font UNIT:8: \
DEF:a="/var/www/html/rra/ciscoasa_5550_asa_ras_1341.rrd":asa_ras:AVERAGE \
DEF:b="/var/www/html/rra/ciscoasa_5550_asa_ras_1341.rrd":asa_ras:LAST \
DEF:c="/var/www/html/rra/ciscoasa_5550_asa_ras_1341.rrd":asa_ras:MIN \
DEF:d="/var/www/html/rra/ciscoasa_5550_asa_ras_1341.rrd":asa_ras:MAX \
DEF:e="/var/www/html/rra/ciscoasa_5550_total_1342.rrd":total:MIN \
:a#EAAF00FF:"Remote Access":STACK \
GPRINTLAST:"Current\:%8.0lf" \
GPRINTAVERAGE:"Average\:%8.0lf" \
GPRINT:d:MAX:"Maximum\:%8.0lf\n" \
COMMENT:"Graph Last Updated\:Sun 18 Jan 09\:44\:04 CST 2009\n"
RRDTool say:

ERROR: Could not make sense out of ':a#EAAF00FF:Remote Access:STACK'

[ericgearhart]

Hi folks

I did some work to clean up the ASA memory graph template, so that the Max value is not cut off, I added a 'Min' value and I moved the row labels to the top as column headers

I figured I'd give at least something back to the vibrant Cacti community

[bitgod]

Thanks for the ASA templates. I find these graphs are working well for PIX & ASAs running everything from 6.3(5), 7.2(3), 7.2(4) to 8.0(4).

I've run into one issue, which I don't believe is related to these templates, but someone here may be able to help. I'm not getting any graphs for traffics... I've got errors/discards, connections, cpu, memory - all working great. But the traffic sections just comes up with the names it correctly pulled as hyperlinks, and no graph image at all. If you follow the link you see the names for the 1 minute average, 5 minute, weekly, and so on... but still no graph image at all.

To troubleshoot this so far... I've confirmed my settings are set probably for my version of rrdtools and netsnmp. I've tried SNMP version 1 and 2c. I've also tried all the different options of in/out bits, bytes, 64 bit counters, 95th percentile. I've done a verbose query and see its getting data... but still to no avail.

Seeing that it is ONLY the "SNMP - Interface Statistics" Data Query that is failing, and its failing on PIX & ASAs on different version of code... can anyone provide me some guidance on what to look at trying next?

Thank you!


Regards,

[gandalf]

Thanks for posting this. We now encourage contributors to publish their work at the central cacti repository at http://docs.cacti.net/templates
Reinhard

[bitgod]

FYI, my problem with traffic graphs not working was fixed in 0.8.7d with the official snmp.php patch.

[hinze57]

For the record, this is an awesome template and we rely on it heavily.

I was just wondering if anyone knows what OID's or such to add to graph SSL VPN connections.

Thanks,

[ravenlord2009]

Hello

Can somebody help I am searching for the oid for the l2l Session counter? We want to graph only the l2l session seperated from the r2s sessions. We use an asa 5540 with 8.0(4) ios. In the past we did this with our concentrator 3030.

[hinze57]

I am not at work so can't do this right now, but hop on your ASA and run "show snmp-server oidlist" and it'll kick out all of the MIBs/OIDs it understands. That is how I found the SSL VPN Connection count. Although I'm still testing to see if I am polling the correct one!

[ravenlord2009]

Thanks. But I found only OID counters for IPSec, IKE, r2s, ssl sessions. All work fine. I found no counter for l2l session or tunnels only.

asa supports the following mibs:
ftp://ftp-sj.cisco.com/pub/mibs/support ... tlist.html
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-I ... TOR-MIB.my

I think there is no counter for the l2l sessions.

[MrRat]

I get errors for the null0 interfaces on each of my ASA's

Code: Select all

01/12/2010 10:12:01 AM - SPINE: Poller[0] ERROR: SQL Failed! Error:'1064', Message:'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Null0' interface' WHERE host_id='303' AND data_query_id='1' and arg1='.1.3.6.1.2' at line 1', SQL Fragment:'UPDATE poller_reindex SET assert_value='Adaptive Security Appliance 'Null0' interface' WHERE host_id='303' AND data_query_id='1' and arg1='.1.3.6.1.2.1.2.2.1.2.1''
01/12/2010 10:12:01 AM - SPINE: Poller[0] ERROR: SQL Failed! Error:'1064', Message:'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Null0' interface' WHERE host_id='304' AND data_query_id='1' and arg1='.1.3.6.1.2' at line 1', SQL Fragment:'UPDATE poller_reindex SET assert_value='Adaptive Security Appliance 'Null0' interface' WHERE host_id='304' AND data_query_id='1' and arg1='.1.3.6.1.2.1.2.2.1.2.1''

anyone have any idea how I can fix this one?

[Robbsie]

Thanks for that templates, works fine

Can anyone explain me what "IKE dropped packages" exactly means?
Thanks!

[dunxd]

IKE Dropped Packets are the number of packets within the VPN tunnel that have been dropped for whatever reason. You will likely see a few of these from time to time, but a sudden jump should alert you to a problem.

Can't explain further, and I could be wrong in my interpretation of course. If anyone else has a better understanding, please share!

[abdulet]

Hello all,

Here is a bash script that scan a device and allow the selection of items to be added to a template in a wizard way, it support extension by modules in two ways, to manage some special OIDs (like network device ones) and by defining output modules (that builds the final result, at the moment a zabbix template)

The zabbix template module can build multi or single graph items.

Just download, untar the file, cd make_template and run:

bash make_template.sh -i -a IP_ADDRESS SNMP OPTIONS

and follow the wizard.

The script generate an OID file that is used by template_modules to make the final template

send me bugs (sure they ll be there) improvements you do or whatever related to the script

enjoy it