Partial workaround for PIX/ASA lack of SNMP ARP data

[ryanjwh]

Hey guys,

Long time forum reader, but rare if ever contributor. Figured I'd give back what I could.

We've been building out Mactrack here for the last week or so, and had just about all the devices we wanted working (including Cisco CSS's, if anybody cares), except Cisco PIX/ASA's. Since those are the gateway for many of our systems, not having ARP data from them is frustrating and puts a big empty hole in the IP column for our entries in Mactrack.

As a workaround, I did the following:

1) Identified one linux system on each subnet, preferrably systems with interfaces on multiple subnets. Obviously the important ones are subnets where systems use the PIX/ASA as their gateway, and so we're not able to pull ARP data for them in Mactrack.

2) Created a crontab entry that runs every 2 minutes and executes the following nmap command to ping every host on locally connected networks, which populates the linux system's ARP cache:
*/2 * * * * nmap -sP -n x.x.x.1-254 >/dev/null 2>&1
(Runs every 2 minutes because Linux defaults to purge unused entries from the ARP cache after 120 seconds)

3) Created devices and device types in Mactrack defining our Linux servers. I went really generic on the device types, and set the System Description Match to "Linux" and the Vendor snmp Object ID Match to ".1.3.6.1"

4) Manually force execute the Mactrack poller and watch your data populate!
php /path/to/cacti/plugins/mactrack/poller_mactrack.php -d -f

Cheers,
-ryan.