Few Templates (NetScreen,Nokia,Cisco,Fortigate)

kayalinux · Post by **kayalinux** » Mon Oct 31, 2005 4:50 am

Hi, here are some template i made or modify.

NetScreen (NS204, N5X)
Nokia IP380
Fortigate
Cisco Catalyst 4500
Cisco 6500

kayalinux · Post by **kayalinux** » Mon Oct 31, 2005 4:52 am

Add last template Cisco 6500.

The forum doesn't allow more than 3 attach files.

hvbuel · Post by **hvbuel** » Mon Oct 31, 2005 6:57 am

So, where did the Netscreen template go ?

kayalinux · Post by **kayalinux** » Mon Oct 31, 2005 11:10 am

You right, i forgot it.

ioiioi · Post by **ioiioi** » Tue Nov 01, 2005 6:51 am

Any description about these templates?
what are they doing for?

kayalinux · Post by **kayalinux** » Wed Nov 02, 2005 5:35 am

Any description about these templates?

For all of them you CPU Usage, Memory Usage.
It is write in the template description.
For some other you have temparature or sessions.

what are they doing for?

Generate graph.
Those templates are like any other except than they are specific to the list of equipments below. When i looked for template inside the forum, not all of them was working due to OID problem. So i made those template and specifiy the model equipment working with it.

NetScreen (NS204, N5X)
Nokia IP380
Fortigate
Cisco Catalyst 4500
Cisco 6500

tommyj · Post by **tommyj** » Wed Nov 02, 2005 4:02 pm

Looks good. I'm looking for scripts to monitor VPN tunnel traffic on Netscreen and Pixes, has anyone created any similar?

hvbuel · Post by **hvbuel** » Thu Nov 03, 2005 8:53 am

Monitoring Netscreen VPN traffic is #1 on my wish list.
That would be tha bomb !!

I tried digging in the MIB's myself, but I am just not skilled enough to get any results.

kayalinux · Post by **kayalinux** » Thu Nov 03, 2005 11:03 am

Actually i monitore all interface of all the equipment list with the standard SNMP - Interface Statistics from cacti.

But i can't tell you for netscreen if it is VPN or not.
it is just an interface. It doesn't look like the MIB make a difference between traffic and VPN traffic.
Or i miss undestand you question.

ScottTFrazer · Post by **ScottTFrazer** » Thu Nov 03, 2005 4:10 pm

I tried digging in the MIB's myself, but I am just not skilled enough to get any results.

I'm pretty new at this myself, but I was able to get a bit of useful information about my Netscreen firewall, so I thought I'd share how I did it.

Check out SNMPLink.org's online mib browser here:
http://www.snmplink.org/src/MIB.html

I used the Juniper Networks link from there, then expanded NetScreen - ScreenOS v5.0.0.r8.1 (that's what I've got for a firewall) and dug down through smiv2 and NS-INTERFACE.mib, then selected NETSCREEN-INTERFACE-MIB.

The stuff in the right pane is the actual mib text, but I don't really need that. Instead, I expanded out the nsIfFlowTable and selected the nsIfFlowInByte entry.

The top of the screen now has the numerical OID of this entry. Run snmpwalk from the cacti box using this OID and your community string like so:

Code: Select all

snmpwalk -v 1 -c public ip.ad.dr.es .1.3.6.1.4.1.3224.9.3.1.3

which returns:

Code: Select all

SNMPv2-SMI::enterprises.3224.9.3.1.3.0 = Counter32: 2529568317
SNMPv2-SMI::enterprises.3224.9.3.1.3.1 = Counter32: 0
SNMPv2-SMI::enterprises.3224.9.3.1.3.2 = Counter32: 1049037947
SNMPv2-SMI::enterprises.3224.9.3.1.3.3 = Counter32: 27478534
SNMPv2-SMI::enterprises.3224.9.3.1.3.4 = Counter32: 0

Now I just plug those into data sources created using the SNMP - Generic OID Template and then link the graphs to em and hopefully it works.

For the Netscreen OS, there's a nsIfFlowInVpn counter as well.

hvbuel · Post by **hvbuel** » Fri Nov 04, 2005 4:42 am

well ScottTFrazer, your certainly pointing me in the right direction.
I did some digging on the web page you suggested and also some snmpwalks
unfortunatly the nsIfFlowInVpn counter is a total for all VPN tunnels.
I have 15 tunnels comming in to 1 device, a total VPN bytes in does not give me the information I want.

Further investigation of the MIB shows me that tunnel interfaces are present and recognised by snmpwalk, but again the counters are only for the physical interfaces i.e. TRUST,UNTRUST,DMZ,etc, and not for the tunnel interfaces TUNNEL.1 TUNNEL2, etc. these counters exist but remain at 0.

Good news : browsing thru the MIBS available I stumbled accros this one : netscreenVpnMon and it has some counters in it for the SA.
.1.3.6.1.4.1.3224.4.1.1.1.35 for bytes in.
.1.3.6.1.4.1.3224.4.1.1.1.36 for bytes out.
An snmpwalk gave me decent numbers

All I need to know now is how to create some decent graphs.
Do I make some sort of template ? or edit an existing like interfaces.xml ?
How does cacti know howmany tunnels I have, for I have Netscreens with only 1 tunnel but also with over 10 tunnels.

I feel i am close, now how to finish...........

ScottTFrazer · Post by **ScottTFrazer** » Fri Nov 04, 2005 4:26 pm

I'm staill a real noob at this, but if you've got the data sources set up, you should just need to create a seperate traffic graph (with an in and out datasource) for each tunnel.

I'm sure there's a way to get fancy and have them all show up on the same graph, but like I said: noob.

kayalinux · Post by **kayalinux** » Mon Dec 19, 2005 8:42 am

Here are 2 templates.

Fortigate 5X and 6X
And for the Fortigate 'Fortinet Security Gateway'

If you wish to complete the template with more data (Antivirus, Webfilter) here are the MIB.
http://www.somix.com/support/mib_resources.php

dinux · Post by **dinux** » Tue Feb 06, 2007 1:18 pm

Has anyone been able to monitor the internal Temperature of the Netscreen products? I was hoping to be able to do this.

ceoby · Post by **ceoby** » Thu Mar 29, 2007 9:47 am

It's imposible to import this script

cacti_host_template_fortigate.xml

Cacti

Few Templates (NetScreen,Nokia,Cisco,Fortigate)

Few Templates (NetScreen,Nokia,Cisco,Fortigate)

Who is online