Hi all
I have been trying to graph access list hits for the past couple of hours but I'm having some issues. Basically, I would like to graph the access list hits on a cisco asa firewall.
Therefore, I have created a graph template whose data source is an SNMP OID which returns the value of hits (this number is an always increasing number). The output from an snmpwalk is:
SNMPv2-SMI::enterprises.9.9.278.1.2.1.1.1.13.69.88.84.95.97.99.99.101.115.115.95.105.110.1 = Counter64: 423484
The value is always increasing.
I want to have the graph display the number of hits between one polling and another. Therefore, let's say we start at 10pm with 1000 hits. and 10.05pm there are 1050 hits and at 10.10pm there are 1160 hits. I want to graph 50 between 10pm and 10.05pm and 110 between 10.05pm and 10.10pm.
For the data template I selected counter.
For the graph I am using:
Item # 1 (snmp_oid_ext): AREA AVERAGE F5F800
Item # 2 (snmp_oid_ext): Ext Current: GPRINT LAST
Item # 3 (snmp_oid_ext): Average: GPRINT AVERAGE
Item # 4 (snmp_oid_ext): Maximum:<HR> GPRINT MAX
The created values on the graph don't seem to make any sense though so any help would be appreciated.
Monitoring ACL hits on Cisco FW (ASA)
Moderators: Developers, Moderators
Re: Monitoring ACL hits on Cisco FW (ASA)
>> For the data template I selected counter.
Please perform "rrdtool info <your_RRD_file>" to verify actual settings in the RRD file.
(Once RRD file was created, it won't be affected whatever you modified settings of data template. In such a case, you should re-create graph & datasource.)
Please perform "rrdtool info <your_RRD_file>" to verify actual settings in the RRD file.
(Once RRD file was created, it won't be affected whatever you modified settings of data template. In such a case, you should re-create graph & datasource.)
Re: Monitoring ACL hits on Cisco FW (ASA)
It seems fine so that's not the issue I think:noname wrote:>> For the data template I selected counter.
Please perform "rrdtool info <your_RRD_file>" to verify actual settings in the RRD file.
(Once RRD file was created, it won't be affected whatever you modified settings of data template. In such a case, you should re-create graph & datasource.)
rrd_version = "0003"
step = 300
last_update = 1310369702
ds[snmp_oid_ext].type = "COUNTER"
ds[snmp_oid_ext].minimal_heartbeat = 600
ds[snmp_oid_ext].min = 0.0000000000e+00
ds[snmp_oid_ext].max = 1.0000000000e+08
ds[snmp_oid_ext].last_ds = "423526"
ds[snmp_oid_ext].value = 0.0000000000e+00
ds[snmp_oid_ext].unknown_sec = 0
rra[0].cf = "AVERAGE"
rra[0].rows = 600
rra[0].pdp_per_row = 1
rra[0].xff = 5.0000000000e-01
rra[0].cdp_prep[0].value = NaN
rra[0].cdp_prep[0].unknown_datapoints = 0
rra[1].cf = "AVERAGE"
rra[1].rows = 700
rra[1].pdp_per_row = 6
rra[1].xff = 5.0000000000e-01
rra[1].cdp_prep[0].value = 0.0000000000e+00
rra[1].cdp_prep[0].unknown_datapoints = 0
rra[2].cf = "AVERAGE"
rra[2].rows = 775
rra[2].pdp_per_row = 24
rra[2].xff = 5.0000000000e-01
rra[2].cdp_prep[0].value = 0.0000000000e+00
rra[2].cdp_prep[0].unknown_datapoints = 0
rra[3].cf = "AVERAGE"
rra[3].rows = 797
rra[3].pdp_per_row = 288
rra[3].xff = 5.0000000000e-01
rra[3].cdp_prep[0].value = 0.0000000000e+00
rra[3].cdp_prep[0].unknown_datapoints = 0
rra[4].cf = "MAX"
rra[4].rows = 600
rra[4].pdp_per_row = 1
rra[4].xff = 5.0000000000e-01
rra[4].cdp_prep[0].value = NaN
rra[4].cdp_prep[0].unknown_datapoints = 0
rra[5].cf = "MAX"
rra[5].rows = 700
rra[5].pdp_per_row = 6
rra[5].xff = 5.0000000000e-01
rra[5].cdp_prep[0].value = 0.0000000000e+00
rra[5].cdp_prep[0].unknown_datapoints = 0
rra[6].cf = "MAX"
rra[6].rows = 775
rra[6].pdp_per_row = 24
rra[6].xff = 5.0000000000e-01
rra[6].cdp_prep[0].value = 0.0000000000e+00
rra[6].cdp_prep[0].unknown_datapoints = 0
rra[7].cf = "MAX"
rra[7].rows = 797
rra[7].pdp_per_row = 288
rra[7].xff = 5.0000000000e-01
rra[7].cdp_prep[0].value = 0.0000000000e+00
rra[7].cdp_prep[0].unknown_datapoints = 0
Re: Monitoring ACL hits on Cisco FW (ASA)
Perhaps I've been misunderstanding.. (Sorry for lacking my language skills)
Do you want to view as just difference from the value which polled at the previous,
not as rate (=averaged by 5min)?
Then, you may create custom CDEF which multiply by 300.
See also: http://forums.cacti.net/viewtopic.php?f=21&t=43347
Do you want to view as just difference from the value which polled at the previous,
not as rate (=averaged by 5min)?
Then, you may create custom CDEF which multiply by 300.
See also: http://forums.cacti.net/viewtopic.php?f=21&t=43347
Re: Monitoring ACL hits on Cisco FW (ASA)
Yes, that is what I need...
Is there a different way to do it rather than CDEF?
Is there a different way to do it rather than CDEF?
Re: Monitoring ACL hits on Cisco FW (ASA)
>> Is there a different way to do it rather than CDEF?
Unfortunately I don't know.
But I think using CDEF is easiest way..
(1) Graph Management -> CDEFs -> Add:
Mimic existing CDEF "Multiply by 1024"
(2) Graph Templates -> (your template) -> Click "Item #1":
Select your CDEF (e.g. "Multiply by 300") for CDEF Function
Unfortunately I don't know.
But I think using CDEF is easiest way..
(1) Graph Management -> CDEFs -> Add:
Mimic existing CDEF "Multiply by 1024"
(2) Graph Templates -> (your template) -> Click "Item #1":
Select your CDEF (e.g. "Multiply by 300") for CDEF Function
Re: Monitoring ACL hits on Cisco FW (ASA)
I have just tried to do that and will be checking to see if the values will now match; thanks for your help so far.
-
prospero63
- Posts: 48
- Joined: Sun Apr 12, 2009 7:51 pm
Re: Monitoring ACL hits on Cisco FW (ASA)
Xonacs, if you got this working do you mind sharing the template? I'm looking for the exact same thing.
Who is online
Users browsing this forum: No registered users and 2 guests