Cacti (home)ForumsRepositoryDocumentation
Cacti: offical forums and support  

 FAQFAQ   SearchSearch   MemberlistMemberlist    RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in    


Monitoring a Netscreen Firewall

 
Post new topic   Reply to topic    Cacti Forum Index -> Scripts and Templates
Author Message
Burke



Joined: 05 Nov 2002
Posts: 42
Location: Virginia, USA
PostPosted: Tue Dec 02, 2003 1:30 pm    Post subject: Monitoring a Netscreen Firewall Reply with quote
The following was obtained while working with a NS208

When you login to the web interface of a netscreen, you're presented with a nice summary screen. We have found the "Sessions" bar graph to be an excellent indicator of virus activity. One of the networks we have Cacti monitoring has roughly 500 workstations and 25 servers (Linux, Netware, Windws NT/2K/2K3). Typically, the Sessions should hover right around 800-1100 or so. When a Virus is actively trying to spread, the sessions on the firewall jump to somewhere between 4,000-20,000. This activitiy is also visible on our Cisco routers by looking at the Memory usage - it becomes VERY unstable.

Here are the OIDs to monitor for CPU load, Memory, and Sessions:

.1.3.6.1.4.1.3224.16.1.2.0 = Cpu Last 1 Minute
.1.3.6.1.4.1.3224.16.1.3.0 = Cpu Last 5 Minutes
.1.3.6.1.4.1.3224.16.1.4.0 = Cpu Last 15 Minutes
.1.3.6.1.4.1.3224.16.2.1.0 = Memory Allocated
.1.3.6.1.4.1.3224.16.2.2.0 = Memory Available
.1.3.6.1.4.1.3224.16.2.3.0 = Memory Fragmented
.1.3.6.1.4.1.3224.16.3.2.0 = Sessions Allocated
.1.3.6.1.4.1.3224.16.3.3.0 = Sessions Maximum
.1.3.6.1.4.1.3224.16.3.4.0 = Sessions Failed

Perhaps this could be included in some templates like the Novell & Windows systems.
Back to top
Guest
PostPosted: Sat Dec 27, 2003 11:38 am    Post subject: Reply with quote
Which OS version do you use?
Back to top
Burke



Joined: 05 Nov 2002
Posts: 42
Location: Virginia, USA
PostPosted: Sat Dec 27, 2003 10:21 pm    Post subject: Reply with quote
Anonymous wrote:
Which OS version do you use?

If you're referring to the NS208:

Hardware Version: 0110(0)
Software Version: 4.0.0r10.0 (Firewall+VPN)

However, if you're asking about the monitoring server (running Cacti), then it's Linux Mandrake 9.0
.
Back to top
fletch
Cacti User


Joined: 06 Oct 2003
Posts: 108
Location: Stanford, CA
PostPosted: Fri Jan 09, 2004 8:34 pm    Post subject: XML? Reply with quote
Excellent!
Can someone supply the XML Template for this?
Or I might have to learn to write my own

Thanks,
Fletch.
Back to top
fletch
Cacti User


Joined: 06 Oct 2003
Posts: 108
Location: Stanford, CA
PostPosted: Mon Jan 12, 2004 1:49 pm    Post subject: closer to netscreen montoring Reply with quote
Ok, I am close using RaX's instructions over here:
http://www.raxnet.net/board/viewtopic.php?p=10354&sid=4f419edc8c475c74ff5eed800bd374e4#10354

Debugging why I'm getting NaN in cacti - but the script outputs fine on command line...
Back to top
fletch
Cacti User


Joined: 06 Oct 2003
Posts: 108
Location: Stanford, CA
PostPosted: Mon Jan 12, 2004 5:53 pm    Post subject: CPU graphs going Reply with quote
Ok, I removed the rrd file and the CPU graphs are now going, but the sessionsAllocated, memoryAllocated are still NaN - here is the cactid log which looks pretty clean:
Code:

[44] MUTLI command: /usr/local/cacti/scripts/getNSData, output: cpu1:1 cpu5:1 cpu15:1 memoryAllocated:131975312 memoryAvailable:1175
85776 memoryFragmented:8665 sessionsAllocated:850 sessionsMaximum:250000 sessionsFailed:0
MULTI expansion: found fieldname: cpu1, found rrdname: cpu1, local_data_id: 830
MULTI expansion: found fieldname: cpu5, found rrdname: cpu5, local_data_id: 830
MULTI expansion: found fieldname: cpu15, found rrdname: cpu15, local_data_id: 830
MULTI expansion: found fieldname: memoryAllocated, found rrdname: memoryAllocated, local_data_id: 830
MULTI expansion: found fieldname: memoryAvailable, found rrdname: memoryAvailable, local_data_id: 830
MULTI expansion: found fieldname: memoryFragmented, found rrdname: memoryFragmented, local_data_id: 830
MULTI expansion: found fieldname: sessionsAllocated, found rrdname: sessionsAllocated, local_data_id: 830
MULTI expansion: found fieldname: sessionsMaximum, found rrdname: sessionsMaximum, local_data_id: 830
MULTI expansion: found fieldname: sessionsFailed, found rrdname: sessionsFailed, local_data_id: 830
RRDCMD: update '/export/web/crawlspace/htdocs/cacti-0.8.4/rra/irtscreen1_cpu1_830.rrd' --template cpu1:cpu5:cpu15:memoryAllocated:me
moryAvailable:memoryFragmented:sessionsAllocated:sessionsMaximum:sessionsFailed N:1:1:1:131975312:117585776:8665:850:250000:0
Back to top
fletch
Cacti User


Joined: 06 Oct 2003
Posts: 108
Location: Stanford, CA
PostPosted: Tue Jan 13, 2004 5:22 pm    Post subject: upper limits raised for memory and session in data templates Reply with quote
Ok, finally figured out the memory and session #s where not being collected because they exceeded the upper limits set in the Data Template - fixed those and now have CPU, Session and Memory graphs going for the netscreen.
Will clean up and post the exported XML soon...
Back to top
fletch
Cacti User


Joined: 06 Oct 2003
Posts: 108
Location: Stanford, CA
PostPosted: Thu Jan 15, 2004 2:37 pm    Post subject: [XML] Netscreen CPU Memory and Session stats Reply with quote
Posted in the Scripts/AddOns section:
http://www.raxnet.net/board/viewtopic.php?t=3078

Do we have a central repository for these XML templates yet?
That'd be cool
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Cacti Forum Index -> Scripts and Templates All times are GMT - 5 Hours
Page 1 of 1

 



Powered by phpBB © 2001, 2005 phpBB Group