Netscreen Template to monitor traffic for sub-interfaces

[jay]

Hi

I have created a template which allows you to monitor traffic for sub-interfaces for Netscreen firewalls as the default traffic templates won't do this.

The template monitors in and outbound traffic and also errors and discards.

This is my first post to the forum so go easy on me. I won't have a lot of time to answer any queries so i apologise if i don't get back to you very quickly.

I have added an attachment which shows a sub-interface being monitored.

I also have templates which monitor IDS counters such as ping of death and also interface monitoring counters such as authfail. I will post these if anyone is interested and people don't have too many issues with the attached template.

Jay

[ttl]

Hi,

Package does not contain the snmp_query file 'Netscreen_Interface_Counters.xml' or did i miss something?

<clip>
+ Running data query [12].
+ Found type = '3' [snmp query].
+ Could not find data query XML file at '/var/www/cacti/resource/snmp_queries/Netscreen_Interface_Counters.xml'
+ Error parsing XML file into an array.
+ Could not find data query XML file at '/var/www/cacti/resource/snmp_queries/Netscreen_Interface_Counters.xml'
+ Could not find data query XML file at '/var/www/cacti/resource/snmp_queries/Netscreen_Interface_Counters.xml'
+ Could not find data query XML file at '/var/www/cacti/resource/snmp_queries/Netscreen_Interface_Counters.xml'
</clip>

[jay]

Hi

I have checked the the data query is included in the package.

Can you check in your the directory (/var/www/cacti/resource/snmp_queries) and see if the xml template is in there.

What version of Cacti are you using? I take it from the path that its a unix server you are using.

Jay

[ttl]

Hi

There's no any netscreen xml files in /var/www/cacti/resource/snmp_queries and i'm using Cacti 0.86g in Linux Debian 3.1.

I have downloaded cacti_data_template_netscreen_interface_stats.zip and imported all files in to Cacti.

cacti_data_template_netscreen_interface_stats.zip contains files:

cacti_data_query_netscreen_interface_statistics.xml
cacti_data_template_netscreen_interface_stats.xml
cacti_graph_template_netscreen_interface_traffic_bitssec.xml
cacti_graph_template_netscreen_interface_traffic_bytessec.xml

How this 'Netscreen_Interface_Counters.xml' data query XML file is created in snmp_queries directory? I have assumed that file must manually copied from cacti_data_template_netscreen_interface_stats.zip to /var/www/cacti/resource/snmp_queries directory, but there's no that file.

[jay]

Hi

The 4 files are correct. I'm not sure what happens when you export. I haven't exported any templates myself. I have been creating them myself.

I have attached a screen shot of what you should see for the data query.

I have also attached the .txt data query which you can add to your resource directory. You will need to change the extension to .xml .You will then need to add your graph templates to the data query as shown in the screenshot.

The screenshot is in word format..not sure if you will be able to open this as you are using Debian. Maybe you can open it in a windown machine so you can see the screen shot.

I will not be logged in from now until tuesday so won't be able to answer any of your queries until then.

Have a good new year.

Jay

[muraping]

thank jay. i import your xml files in my cacti system.
but no data soure

[muraping]

jay
can you got us this xml file?i import your zip files,but no this xml also.
i copy interface.xml to Netscreen_Interface_Counters.xml,

[jay]

Hi

Here is what i want you to do. Check your Cacti configuration.

You should have the following.

Data Template - netscreen - interface stats
2 Graph Templates - Netscreen - Interface Traffic (bits/sec) and Netscreen - Interface Traffic (bytes/sec)

You should also have a data query - Netscreen - Interface Statistics

Is this correct??

If so i want you to delete the data query. Do NOT delete the data and graph templates.

Add the following Netscreen_Interface_Counters.txt into your resource directory for snmp_queries. Change the .txt to .xml. The file is attached with this reply.

Then create a new data query. Look at the screen shots i sent in a previous post to see how to do this.

Your xml path will look something like this.

<path_cacti>/resource/snmp_queries/Netscreen_Interface_Counters.xml

I have removed the discards and errors from the data query as i'm seeing issues on my Cacti server with this query. The interface stats are ok though.

Let me know how you get on with the above.

Jay

[muraping]

thank for jay
i used you files that is OK,thank very much!

[aboyz]

Hi,

Anyone got session to graph on the netscreen? I can't seem to get it working. I'm using the netscreen 2000. Anyone know what OID to use?

[jay]

Hi

Check out this forum

http://forums.cacti.net/viewtopic.php?t=3078&highlight=netscreen

There is a script which allows you to monitor CPU, Memory and Sessions. The script was written for a Unix enviroment but i made a few changes to get it to work in Windows.

Here is a link with Netscreen MIB table.

http://200.support.juniper.safeharbor.com/knowbase/root/public/nskb718.htm

1.3.6.1.4.1.3224.16.3 --- nsResSession
1.3.6.1.4.1.3224.16.3.1 --- nsResSessActive (INTEGER)
1.3.6.1.4.1.3224.16.3.2 --- nsResSessAllocate (INTEGER)
1.3.6.1.4.1.3224.16.3.3 --- nsResSessMaxium (INTEGER)
1.3.6.1.4.1.3224.16.3.4 --- nsResSessFailed (INTEGER)

Jay

[abdulcc]

I have a netscreen ns208 and the firewall does not return subinterfaces on my snmp query. How would I enable that?

[jay]

What information do you get when you do an snmpwalk to the firewall?? Change public to your community and x.x.x.x to your IP address.


C:\net-snmp\bin>snmpwalk.exe -v2c -c public x.x.x.x 1.3.6.1.4.1.3224.9.3. 1.1
SNMPv2-SMI::enterprises.3224.9.3.1.1.0 = INTEGER: 0
SNMPv2-SMI::enterprises.3224.9.3.1.1.1 = INTEGER: 1
SNMPv2-SMI::enterprises.3224.9.3.1.1.2 = INTEGER: 2
SNMPv2-SMI::enterprises.3224.9.3.1.1.3 = INTEGER: 3
SNMPv2-SMI::enterprises.3224.9.3.1.1.4 = INTEGER: 4
SNMPv2-SMI::enterprises.3224.9.3.1.1.5 = INTEGER: 5
SNMPv2-SMI::enterprises.3224.9.3.1.1.6 = INTEGER: 6


Check this correlates to the amount of interfaces that you have on the firewall.

Also when you add the template to a device if you do a verbose query what information do you see..please add this to the post.

Jay

[abdulcc]

It also does not show sub interfaces



-bash-2.05b# snmpwalk -v 2c -c public 10.28.2.34
SNMPv2-MIB::sysDescr.0 = STRING: NetScreen-208 version 5.3.0r3.0 (SN: 0099032006000095, Firewall+VPN)
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.3224.1.10
SNMPv2-MIB::sysUpTime.0 = Timeticks: (549295600) 63 days, 13:49:16.00
SNMPv2-MIB::sysContact.0 = STRING: noc
SNMPv2-MIB::sysName.0 = STRING: netscreenfw
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 72
IF-MIB::ifNumber.0 = INTEGER: 9
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifIndex.4 = INTEGER: 4
IF-MIB::ifIndex.5 = INTEGER: 5
IF-MIB::ifIndex.6 = INTEGER: 6
IF-MIB::ifIndex.7 = INTEGER: 7
IF-MIB::ifIndex.8 = INTEGER: 8
IF-MIB::ifIndex.9 = INTEGER: 9
IF-MIB::ifDescr.1 = STRING: ethernet1
IF-MIB::ifDescr.2 = STRING: ethernet2
IF-MIB::ifDescr.3 = STRING: ethernet3
IF-MIB::ifDescr.4 = STRING: ethernet4
IF-MIB::ifDescr.5 = STRING: ethernet5
IF-MIB::ifDescr.6 = STRING: ethernet6
IF-MIB::ifDescr.7 = STRING: ethernet7
IF-MIB::ifDescr.8 = STRING: ethernet8
IF-MIB::ifDescr.9 = STRING: vlan1
IF-MIB::ifType.1 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.2 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.3 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.4 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.5 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.6 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.7 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.8 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifType.9 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.1 = INTEGER: 1500
IF-MIB::ifMtu.2 = INTEGER: 1500
IF-MIB::ifMtu.3 = INTEGER: 1500
IF-MIB::ifMtu.4 = INTEGER: 1500
IF-MIB::ifMtu.5 = INTEGER: 1500
IF-MIB::ifMtu.6 = INTEGER: 1500
IF-MIB::ifMtu.7 = INTEGER: 1500
IF-MIB::ifMtu.8 = INTEGER: 1500
IF-MIB::ifMtu.9 = INTEGER: 1500
IF-MIB::ifSpeed.1 = Gauge32: 100000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifSpeed.3 = Gauge32: 100000000
IF-MIB::ifSpeed.4 = Gauge32: 100000000
IF-MIB::ifSpeed.5 = Gauge32: 100000000
IF-MIB::ifSpeed.6 = Gauge32: 100000000
IF-MIB::ifSpeed.7 = Gauge32: 100000000
IF-MIB::ifSpeed.8 = Gauge32: 100000000
IF-MIB::ifSpeed.9 = Gauge32: 0
IF-MIB::ifPhysAddress.1 = STRING: 0:10:db:ff:20:0
IF-MIB::ifPhysAddress.2 = STRING: 0:10:db:ff:20:50
IF-MIB::ifPhysAddress.3 = STRING: 0:10:db:ff:20:60
IF-MIB::ifPhysAddress.4 = STRING: 0:10:db:ff:20:70
IF-MIB::ifPhysAddress.5 = STRING: 0:10:db:ff:20:80
IF-MIB::ifPhysAddress.6 = STRING: 0:10:db:ff:20:90
IF-MIB::ifPhysAddress.7 = STRING: 0:14:f6:41:93:ca
IF-MIB::ifPhysAddress.8 = STRING: 0:14:f6:41:93:cb
IF-MIB::ifPhysAddress.9 = STRING: 0:10:db:ff:20:f0
IF-MIB::ifAdminStatus.1 = INTEGER: up(1)
IF-MIB::ifAdminStatus.2 = INTEGER: up(1)
IF-MIB::ifAdminStatus.3 = INTEGER: up(1)
IF-MIB::ifAdminStatus.4 = INTEGER: up(1)
IF-MIB::ifAdminStatus.5 = INTEGER: up(1)
IF-MIB::ifAdminStatus.6 = INTEGER: up(1)
IF-MIB::ifAdminStatus.7 = INTEGER: up(1)
IF-MIB::ifAdminStatus.8 = INTEGER: up(1)
IF-MIB::ifAdminStatus.9 = INTEGER: up(1)
IF-MIB::ifOperStatus.1 = INTEGER: up(1)
IF-MIB::ifOperStatus.2 = INTEGER: up(1)
IF-MIB::ifOperStatus.3 = INTEGER: up(1)
IF-MIB::ifOperStatus.4 = INTEGER: up(1)
IF-MIB::ifOperStatus.5 = INTEGER: up(1)
IF-MIB::ifOperStatus.6 = INTEGER: up(1)
IF-MIB::ifOperStatus.7 = INTEGER: up(1)
IF-MIB::ifOperStatus.8 = INTEGER: up(1)
IF-MIB::ifOperStatus.9 = INTEGER: down(2)
IF-MIB::ifLastChange.1 = Timeticks: (53020100) 6 days, 3:16:41.00
IF-MIB::ifLastChange.2 = Timeticks: (53020100) 6 days, 3:16:41.00
IF-MIB::ifLastChange.3 = Timeticks: (53020200) 6 days, 3:16:42.00
IF-MIB::ifLastChange.4 = Timeticks: (900) 0:00:09.00
IF-MIB::ifLastChange.5 = Timeticks: (900) 0:00:09.00
IF-MIB::ifLastChange.6 = Timeticks: (53020200) 6 days, 3:16:42.00
IF-MIB::ifLastChange.7 = Timeticks: (900) 0:00:09.00
IF-MIB::ifLastChange.8 = Timeticks: (900) 0:00:09.00
IF-MIB::ifLastChange.9 = Timeticks: (0) 0:00:00.00
IF-MIB::ifInOctets.1 = Counter32: 2501321180
IF-MIB::ifInOctets.2 = Counter32: 2783533063
IF-MIB::ifInOctets.3 = Counter32: 2458314484
IF-MIB::ifInOctets.4 = Counter32: 1002220517
IF-MIB::ifInOctets.5 = Counter32: 1607903244
IF-MIB::ifInOctets.6 = Counter32: 1070927344
IF-MIB::ifInOctets.7 = Counter32: 717766365
IF-MIB::ifInOctets.8 = Counter32: 329937560
IF-MIB::ifInOctets.9 = Counter32: 0
IF-MIB::ifInUcastPkts.1 = Counter32: 272929349
IF-MIB::ifInUcastPkts.2 = Counter32: 2646558496
IF-MIB::ifInUcastPkts.3 = Counter32: 540699829
IF-MIB::ifInUcastPkts.4 = Counter32: 75443531
IF-MIB::ifInUcastPkts.5 = Counter32: 15982362
IF-MIB::ifInUcastPkts.6 = Counter32: 7340475
IF-MIB::ifInUcastPkts.7 = Counter32: 11019823
IF-MIB::ifInUcastPkts.8 = Counter32: 5498959
IF-MIB::ifInUcastPkts.9 = Counter32: 0

[jay]

Hi

You are walking the Interface MIB and not the netscreen specific MIB. Try walking this OID - 1.3.6.1.4.1.3224.9.3. 1.1 as i did on the previous post. You should see your sub interfaces. The template i posted uses this MIB which then allows you to monitor each sub interface. The standard interface MIB does not.

Jay