how to configure, to get data from a cisco pix ??

[cradke]

Does anyone know how to configure cacti to get data from a cisco pix ?

- Carsten

[egarnel]

Ummm.... snmp?

Seriously, You can basic info from a PIX just by configuring snmp on it and adding it to Cacti as any other polling host (cisco router). If you are trying to monitor other things on the pix, your best bet is to browse the MRTG lists as there are plenty of threads on the PIX. A while back, I wrote a script that utilized mrat to telnet into the pix, run a command and then spit the info into an MRTG graph. I did it at the time to monitor vpn connections (determined by the show uauth command). There may snmp support for that now, for all I know, I haven't used it since PIX rev 6.1 The pix is very good at providing info via syslog, you could try a script that pulls info from syslog. Note, running a script that logs into the pix creates more log entries, fortunately, you can tweak the logging on the PIX.

[cradke]

I've tried to do it but I get :

+ Running data query [1].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/usr/local/cacti-0.8.4/resource/snmp_queries/interface.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.2.1.2.2.1.1'
+ No SNMP data returned

What I'm doing wrong ??

-Carsten

[egarnel]

Can you do an snmpwalk on the pix from the cli on the cacti server?

[Yvan]

Just pretend it is a Cisco router. Well, this is what I did.

All the interfaces will appear.

Have fun,

Yvan

[Deano]

I have a CPU template and some additional connection templates for PIX if anyone wants to try them ?

CPU only works on a later IOS though. (I dont have the detail to hand but can get it)

Deano

[egarnel]

I pushed up a pix template to the board. I can add your info to it

[aphyr]

Actually--I've been having the same sort of difficulties. If you run an snmpwalk [pixaddress] [snmpcommunity], things might run fine for a bit, then return

Code: Select all

snmpwalk 10.110.0.1 public
...
interfaces.ifTable.ifEntry.ifSpecific.3 = OID: .ccitt.zeroDotZero
interfaces.ifTable.ifEntry.ifSpecific.4 = OID: .ccitt.zeroDotZero
ip.ipAddrTable.ipAddrEntry.ipAdEntAddr.208.187.34.194 = IpAddress: 208.187.34.194
ip.ipAddrTable.ipAddrEntry.ipAdEntAddr.10.110.0.1 = IpAddress: 10.110.0.1
Error: OID not increasing: ip.ipAddrTable.ipAddrEntry.ipAdEntAddr.208.187.34.194 >= ip.ipAddrTable.ipAddrEntry.ipAdEntAddr.10.110.0.1

As it turns out, revision 6.2 of Cisco IOS is broken--6.3 fixes it (see link for table of resolved bugs). It tries to enumerate OIDs by it's own internal system, but their labels resolve to the IP addresses, which may not be in order, and thus makes snmpwalk (which expects to get in-order sequences) get confused. Upgrading the firmware might help, if you are running one of the older versions of the PIX OS.

http://www.cisco.com/en/US/products/sw/ ... html#32553[/code]

[egarnel]

I put together a template that was built against a pair of pixes running 6.3. It works great. I tried to apply to template to another pix running 6.1.x and it did not work very well.

I will hobble along with the pix until I can upgrade it.