Trying to get interface stats on a Cisco 5520 ASA, I have the Cacti server configured as an snmp-server on the ASA. I have tried the ASA device in the Cacti GUI configured as a Cisco router, Generic SNMP-enabled host, and ucd/net SNMP host. Syslog entries from the ASA do not show that the ASA is blocking the SNMP queries from the Cacti host. Packet captures reveal that the ASA is simply not responding to these queries. They also reveal that the OIDs being used in the queries are 1.3.5.1.2.1.2.2.1.1 (IF-MIB::ifIndex) and 1.3.6.1.2.1.1.3.0 (SNMPv2-MIB::sysUpTime.0).
Cisco support tech tells me that the IF-MIB::ifIndex OID is not supported on the ASA. However there are other OIDs that are supported and should provide the interface stats: 1.3.6.1.2.1.2.2.1.1.1 and 1.3.6.1.2.1.2.2.1.1.2. Is there a way within Cacti that the OIDs being used on a particular device can be changed to make this work?
Thanks for your help!
Can't get interface stats from a Cisco 5520 ASA
Moderators: Developers, Moderators
Cisco Tech Support guy was a moron -- the standard "Interface - Traffic" Data Template should suffice. That's what I'm using on PIX-515 (v7.x) and ASA-5510s.
You weren't clear if you could actually poll your FW devices, so give snmpwalk a spin from your cacti server:
The MIB/OIDs I use are:
Interface: IF-MIB::ifIndex
free memory: .1.3.6.1.4.1.9.9.48.1.1.1.6.1
used memory: .1.3.6.1.4.1.9.9.48.1.1.1.5.1
5min cpu: .1.3.6.1.4.1.9.9.109.1.1.1.1.5.1
connections: .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6
You weren't clear if you could actually poll your FW devices, so give snmpwalk a spin from your cacti server:
Code: Select all
snmpwalk -v 2c -c <community> <ip> | lessInterface: IF-MIB::ifIndex
free memory: .1.3.6.1.4.1.9.9.48.1.1.1.6.1
used memory: .1.3.6.1.4.1.9.9.48.1.1.1.5.1
5min cpu: .1.3.6.1.4.1.9.9.109.1.1.1.1.5.1
connections: .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6
Yes I can poll the device successfully with snmpwalk from the Cacti host machine - but I can't seem to get the output in OID format and have tried just about every switch I can find in the -h output.
Guess I'm a moron also as I don't know what you mean by "Interface-Traffic" template. In the Cacti device GUI that isn't an option as a Graph Template or as a Host Template. Can you elaborate?
Also you mention OIDs that you use, are you using them with Cacti and if so where is it that you configure the OIDs that Cacti uses? Sorry if I seem to be asking stupid questions.
We are running 7.x also on the ASA.
Thanks.
Guess I'm a moron also as I don't know what you mean by "Interface-Traffic" template. In the Cacti device GUI that isn't an option as a Graph Template or as a Host Template. Can you elaborate?
Also you mention OIDs that you use, are you using them with Cacti and if so where is it that you configure the OIDs that Cacti uses? Sorry if I seem to be asking stupid questions.
We are running 7.x also on the ASA.
Thanks.
Sorry, I forgot to list everything like we're supposed to:
OS: Windows 2000 Pro
Webserver: Apache 2.2.8
Cacti version: 8.07b
Spine: Not sure how to check the version (it is installed but not in use)
MySQL: 5.5.1a
RRDTool: 1.2.15
Net-SNMP: 5.4.1.3
Cygwin: 2.573.2.2
Thus far I've been able to add every Ethernet switch (layer 2/3) on our network of interest, and graph interface statistics successfully. However when attempting to add and graph our Cisco ASA 5520 things don't quite work. I've tried creating an SNMP-Generic OID Template graph template and assign it to the ASA, with one of the Cisco-recommended OIDs (1.3.6.1.2.1.2.2.1.1.2) configured.
In the device config page for the ASA under "Associated Graph Templates" under the Status heading for the SNMP-Generic OID Template row it states "Is Being Graphed" yet no graph is being produced - I can see the "data" when I search for this host in Data Sources but when I assign this data source to my graph I only see the data source names.
When I turn on Data Source Debug mode on the SNMP-Generic OID Template I see the following:
c:/rrdtool/rrdtool.exe create \
C:/Apache2/htdocs/cacti/rra/asa_5520_snmp_oid_1654.rrd \
--step 300 \
DS:snmp_oid:COUNTER:600:0:100 \
RRA:AVERAGE:0.5:1:600 \
RRA:AVERAGE:0.5:6:700 \
RRA:AVERAGE:0.5:24:775 \
RRA:AVERAGE:0.5:288:797 \
RRA:MAX:0.5:1:600 \
RRA:MAX:0.5:6:700 \
RRA:MAX:0.5:24:775 \
RRA:MAX:0.5:288:797 \
Yet when I look in the C:/Apache2/htdocs/cacti/rra/ folder I do NOT see this .rrd file. If I look at Poller Cache Items for this device I see four entries (ASA 5520, ASA 5520 - Load Average 1 minute, ASA 5520 - Load Average 5 minute, ASA 5520 - Load Average 15 minute) all with .rrd files in the /rra folder which I do NOT see when looking at the folder.
Any assistance/suggestions, etc. are greatly appreciated.
Thanks.
OS: Windows 2000 Pro
Webserver: Apache 2.2.8
Cacti version: 8.07b
Spine: Not sure how to check the version (it is installed but not in use)
MySQL: 5.5.1a
RRDTool: 1.2.15
Net-SNMP: 5.4.1.3
Cygwin: 2.573.2.2
Thus far I've been able to add every Ethernet switch (layer 2/3) on our network of interest, and graph interface statistics successfully. However when attempting to add and graph our Cisco ASA 5520 things don't quite work. I've tried creating an SNMP-Generic OID Template graph template and assign it to the ASA, with one of the Cisco-recommended OIDs (1.3.6.1.2.1.2.2.1.1.2) configured.
In the device config page for the ASA under "Associated Graph Templates" under the Status heading for the SNMP-Generic OID Template row it states "Is Being Graphed" yet no graph is being produced - I can see the "data" when I search for this host in Data Sources but when I assign this data source to my graph I only see the data source names.
When I turn on Data Source Debug mode on the SNMP-Generic OID Template I see the following:
c:/rrdtool/rrdtool.exe create \
C:/Apache2/htdocs/cacti/rra/asa_5520_snmp_oid_1654.rrd \
--step 300 \
DS:snmp_oid:COUNTER:600:0:100 \
RRA:AVERAGE:0.5:1:600 \
RRA:AVERAGE:0.5:6:700 \
RRA:AVERAGE:0.5:24:775 \
RRA:AVERAGE:0.5:288:797 \
RRA:MAX:0.5:1:600 \
RRA:MAX:0.5:6:700 \
RRA:MAX:0.5:24:775 \
RRA:MAX:0.5:288:797 \
Yet when I look in the C:/Apache2/htdocs/cacti/rra/ folder I do NOT see this .rrd file. If I look at Poller Cache Items for this device I see four entries (ASA 5520, ASA 5520 - Load Average 1 minute, ASA 5520 - Load Average 5 minute, ASA 5520 - Load Average 15 minute) all with .rrd files in the /rra folder which I do NOT see when looking at the folder.
Any assistance/suggestions, etc. are greatly appreciated.
Thanks.
Who is online
Users browsing this forum: No registered users and 0 guests