problems with xml snmp query and pf (i think (long))

strgout · Post by **strgout** » Wed Jun 08, 2005 8:48 pm

This is the snmp query i've created.

<interface>
        <name>Get Stats on pf State Table</name>
        <oid_index>.1.3.6.1.4.1.12325.1.200.1.3</oid_index>        
<oid_index_parse>OID/REGEXP:\.1\.3\.6\.1\.4\.1\.12325\.1\.200\.1\.3\.(\d\.0)</oid_index_parse>
        <index_order>pfStateTableIndex</index_order>
        <index_order_type>numeric</index_order_type>
        <fields>
                <pfStateTableIndex>
                        <name>Index</name>
                        <source>index</source>
                        <direction>input</direction>
                </pfStateTableIndex>
                <Count>
                        <name>Count</name>
                        <method>walk</method>
                        <source>value</source>
                        <direction>input</direction>
                        <oid>.1.3.6.1.4.1.12325.1.200.1.3.1.0</oid>
                </Count>
                <Searches>
                        <name>Searches</name>
                        <method>walk</method>
                        <source>value</source>
                        <direction>input</direction>
                        <oid>.1.3.6.1.4.1.12325.1.200.1.3.2.0</oid>
                </Searches>
                <Inserts>
                        <name>Inserts</name>
                        <method>walk</method>
                        <source>value</source>
                        <direction>input</direction>
                        <oid>.1.3.6.1.4.1.12325.1.200.1.3.3.0</oid>
                </Inserts>
                <Removals>
                        <name>Removals</name>
                        <method>walk</method>
                        <source>value</source>
                        <direction>input</direction>
                        <oid>.1.3.6.1.4.1.12325.1.200.1.3.4.0</oid>
                </Removals>
        </fields>
</interface>

This is what i see from a verbose query.

Code: Select all

+ Running data query [15].
+ Found type = '3' [snmp query].
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pfstatetable.xml'
+ XML file parsed ok.
+ Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.12325.1.200.1.3'
+ Inserting index data [value='.1.3.6.1.4.1.12325.1.200.1.3.1.0']
+ Inserting index data [value='.1.3.6.1.4.1.12325.1.200.1.3.2.0']
+ Inserting index data [value='.1.3.6.1.4.1.12325.1.200.1.3.3.0']
+ Inserting index data [value='.1.3.6.1.4.1.12325.1.200.1.3.4.0']
+ Located input field 'Count' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.12325.1.200.1.3.1.0'
+ Found item [Count='19'] index: .1.3.6.1.4.1.12325.1.200.1.3.1.0 [from value]
+ Located input field 'Searches' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.12325.1.200.1.3.2.0'
+ Found item [Searches='3409556'] index: .1.3.6.1.4.1.12325.1.200.1.3.2.0 [from value]
+ Located input field 'Inserts' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.12325.1.200.1.3.3.0'
+ Found item [Inserts='174162'] index: .1.3.6.1.4.1.12325.1.200.1.3.3.0 [from value]
+ Located input field 'Removals' [walk]
+ Executing SNMP walk for data @ '.1.3.6.1.4.1.12325.1.200.1.3.4.0'
+ Found item [Removals='174141'] index: .1.3.6.1.4.1.12325.1.200.1.3.4.0 [from value]
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pfstatetable.xml'
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pfstatetable.xml'
+ Found data query XML file at '/usr/local/share/cacti/resource/snmp_queries/pfstatetable.xml'

This is a snmpwalk if it helps

Code: Select all

snmpwalk -v 2c -c public 10.253.254.1 .1.3.6.1.4.1.12325.1.200.1.3
SNMPv2-SMI::enterprises.12325.1.200.1.3.1.0 = Gauge32: 7
SNMPv2-SMI::enterprises.12325.1.200.1.3.2.0 = Counter64: 3409653
SNMPv2-SMI::enterprises.12325.1.200.1.3.3.0 = Counter64: 174169
SNMPv2-SMI::enterprises.12325.1.200.1.3.4.0 = Counter64: 174162

Check out the jpeg, that is what i see when i create graphs for that Data Query. I'm thinking its some kind of problem with the index not being picked up correctly but i've been fighting this off and on for a few days now. Any help anyone can offer would be great.

oh btw this is the error once i pick those 4 and click create

Code: Select all

Notice: Undefined index: sgg_15 in /usr/local/share/cacti/graphs_new.php on line 71

Notice: Undefined index: sgg_15 in /usr/local/share/cacti/graphs_new.php on line 71

Notice: Undefined index: sgg_15 in /usr/local/share/cacti/graphs_new.php on line 71

Notice: Undefined index: sgg_15 in /usr/local/share/cacti/graphs_new.php on line 71

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/share/cacti/graphs_new.php:71) in /usr/local/share/cacti/graphs_new.php on line 310

Edit: Made it easier to read..

strgout · Post by **strgout** » Wed Jun 08, 2005 11:00 pm

for some reason i think you might want to know what ver of cacti also

cacti-0.8.6d

(doh!)

Post by **rony** » Thu Jun 09, 2005 7:46 am

Um....

This is a case where you shouldn't use a data query. But you might have to for the regex stuff.

What is the root of the OID tree of values you are trying to query? .1.3.6.1.4.1.12325.1.200.1? or .1.3.6.1.4.1.12325.1.200.1.3?

I'm assuming that .3 is the index value of this tree of items. I can only guess with out seeing a walk of the parent object.

As for the data query, well, the fact that the values are not all lined up leads me to believe that you are using the wrong index for the values. A data query is used to get a list of items that change per host. If this list doesn't change, other than the values, then this is not a case where a data query would apply.

strgout · Post by **strgout** » Thu Jun 09, 2005 8:56 am

ok, so no data query. Does that mean i can't use the xml file at all? Not a problem if so, i'm just not real clear on where to go from here. btw pf is a firewall package if that isn't clear (came from OpenBSD also ships in FreeBSD).

It looks like .3 is the root for this branch (or whatever the snmp term is)
pfStateTable OBJECT IDENTIFIER ::= { begemotPfObjects 3 }

I don't have access to do a 2nd snmpwalk from where i'm at so i'll do that latter tonight but maybe this can answer your question.

This is a clip of from the mib and the statetable tree. It should define
.200.1.3.[1-4]

Code: Select all

BEGEMOT-PF-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Counter64, Integer32,
    TimeTicks, Unsigned32
	FROM SNMPv2-SMI
    TruthValue
	FROM SNMPv2-TC
    begemot
	FROM BEGEMOT-MIB;

begemotPf MODULE-IDENTITY
    LAST-UPDATED "200501240000Z"
    ORGANIZATION "NixSys BVBA"
    CONTACT-INFO "see url at end for this"
    DESCRIPTION "The Begemot MIB for the pf packet filter."
    ::= { begemot 200 }

begemotPfObjects	OBJECT IDENTIFIER ::= { begemotPf 1 }

-- --------------------------------------------------------------------------

pfStatus		OBJECT IDENTIFIER ::= { begemotPfObjects 1 }
pfCounter		OBJECT IDENTIFIER ::= { begemotPfObjects 2 }
pfStateTable	OBJECT IDENTIFIER ::= { begemotPfObjects 3 }
pfSrcNodes	OBJECT IDENTIFIER ::= { begemotPfObjects 4 }
pfLimits		OBJECT IDENTIFIER ::= { begemotPfObjects 5 }
pfTimeouts	OBJECT IDENTIFIER ::= { begemotPfObjects 6 }
pfLogInterface	OBJECT IDENTIFIER ::= { begemotPfObjects 7 }
pfInterfaces	OBJECT IDENTIFIER ::= { begemotPfObjects 8 }
pfTables		OBJECT IDENTIFIER ::= { begemotPfObjects 9 }
pfAltq		OBJECT IDENTIFIER ::= { begemotPfObjects 10 }

-- --------------------------------------------------------------------------

-- --------------------------------------------------------------------------

--
-- state table
--

pfStateTableCount OBJECT-TYPE
    SYNTAX	Unsigned32
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"Number of entries in the state table."
    ::= { pfStateTable 1 }

pfStateTableSearches OBJECT-TYPE
    SYNTAX	Counter64
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"Number of searches against the state table."
    ::= { pfStateTable 2 }

pfStateTableInserts OBJECT-TYPE
    SYNTAX	Counter64
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"Number of entries inserted into the state table."
    ::= { pfStateTable 3 }

pfStateTableRemovals OBJECT-TYPE
    SYNTAX	Counter64
    MAX-ACCESS	read-only
    STATUS	current
    DESCRIPTION
	"Number of entries removed from the state table."
    ::= { pfStateTable 4 }

-- --------------------------------------------------------------------------

http://www.freebsd.org/cgi/cvsweb.cgi/s ... web-markup
that url has a simple view of the tree. see pfStateTable

http://www.freebsd.org/cgi/cvsweb.cgi/s ... web-markup
That url is the real mib (full view).

Thanks so much for the help!

strgout · Post by **strgout** » Thu Jun 09, 2005 6:42 pm

here is the snmpwalk

SNMPv2-SMI::enterprises.12325.1.200.1.1.1.0 = INTEGER: 1
SNMPv2-SMI::enterprises.12325.1.200.1.1.2.0 = Timeticks: (61354700) 7 days, 2:25:47.00
SNMPv2-SMI::enterprises.12325.1.200.1.1.3.0 = INTEGER: 1
SNMPv2-SMI::enterprises.12325.1.200.1.1.4.0 = STRING: "0x20355aad"
SNMPv2-SMI::enterprises.12325.1.200.1.2.1.0 = Counter64: 243507
SNMPv2-SMI::enterprises.12325.1.200.1.2.2.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.2.3.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.2.4.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.2.5.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.2.6.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.3.1.0 = Gauge32: 15
SNMPv2-SMI::enterprises.12325.1.200.1.3.2.0 = Counter64: 3843360
SNMPv2-SMI::enterprises.12325.1.200.1.3.3.0 = Counter64: 202342
SNMPv2-SMI::enterprises.12325.1.200.1.3.4.0 = Counter64: 202327
SNMPv2-SMI::enterprises.12325.1.200.1.4.1.0 = Gauge32: 0
SNMPv2-SMI::enterprises.12325.1.200.1.4.2.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.4.3.0 = Counter64: 0
SNMPv2-SMI::enterprises.12325.1.200.1.4.4.0 = Counter64: 0

i only want the data in .200.1.3.[1-4].0

Cacti

problems with xml snmp query and pf (i think (long))

problems with xml snmp query and pf (i think (long))

ver?

Who is online