Few Templates (NetScreen,Nokia,Cisco,Fortigate)

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
kayalinux
Posts: 23
Joined: Mon Oct 31, 2005 4:38 am

Few Templates (NetScreen,Nokia,Cisco,Fortigate)

#1 Post by kayalinux » Mon Oct 31, 2005 4:50 am

Hi, here are some template i made or modify.
  • NetScreen (NS204, N5X)
    Nokia IP380
    Fortigate
    Cisco Catalyst 4500
    Cisco 6500
Attachments
cacti_host_template_fortigate.xml
1) Fortigate - CPU Load
2) Fortigate - Memory Usage
3) Fortigate - Session
(23.89 KiB) Downloaded 14139 times
cacti_host_template_nokia_ip.xml
1) Nokia IP - CPU Load
2) Nokia IP - Memory Usage
(18.89 KiB) Downloaded 3600 times
cacti_host_template_cisco_catalyst_4500.xml
1) 1 Cisco - CPU Usage
2) 2 Cisco - Memory Usage
3) 3 Cisco - Temperature
(27.3 KiB) Downloaded 5449 times

kayalinux
Posts: 23
Joined: Mon Oct 31, 2005 4:38 am

#2 Post by kayalinux » Mon Oct 31, 2005 4:52 am

Add last template Cisco 6500.

The forum doesn't allow more than 3 attach files.
Attachments
cacti_host_template_cisco_6500.xml
1) 1 Cisco Catalyst - CPU Usage
2) 2 Cisco - Memory Usage
(18.44 KiB) Downloaded 4190 times

hvbuel
Posts: 6
Joined: Mon Jun 20, 2005 3:42 am

#3 Post by hvbuel » Mon Oct 31, 2005 6:57 am

So, where did the Netscreen template go ?

kayalinux
Posts: 23
Joined: Mon Oct 31, 2005 4:38 am

#4 Post by kayalinux » Mon Oct 31, 2005 11:10 am

You right, i forgot it.
Attachments
cacti_host_template_netscreen.xml
1) Netscreen - Load Average
2) Netscreen - Memory
3) NetScreen - Sessions
(36.98 KiB) Downloaded 6759 times

ioiioi
Cacti User
Posts: 52
Joined: Mon Mar 28, 2005 8:57 am

#5 Post by ioiioi » Tue Nov 01, 2005 6:51 am

Any description about these templates?
what are they doing for?

kayalinux
Posts: 23
Joined: Mon Oct 31, 2005 4:38 am

#6 Post by kayalinux » Wed Nov 02, 2005 5:35 am

Any description about these templates?
For all of them you CPU Usage, Memory Usage.
It is write in the template description.
For some other you have temparature or sessions.
what are they doing for?
Generate graph.
Those templates are like any other except than they are specific to the list of equipments below. When i looked for template inside the forum, not all of them was working due to OID problem. So i made those template and specifiy the model equipment working with it.

NetScreen (NS204, N5X)
Nokia IP380
Fortigate
Cisco Catalyst 4500
Cisco 6500
Attachments
Cisco.png
Cisco
Cisco.png (7.17 KiB) Viewed 105997 times
Nokia.png
Nokia2
Nokia.png (8.73 KiB) Viewed 105997 times
netscreeen.png
Netscreeen
netscreeen.png (12.11 KiB) Viewed 106155 times
Last edited by kayalinux on Thu Nov 03, 2005 10:54 am, edited 1 time in total.

tommyj
Posts: 43
Joined: Thu Jun 23, 2005 5:16 pm
Location: Stockholm, Sweden

#7 Post by tommyj » Wed Nov 02, 2005 4:02 pm

Looks good. I'm looking for scripts to monitor VPN tunnel traffic on Netscreen and Pixes, has anyone created any similar?

hvbuel
Posts: 6
Joined: Mon Jun 20, 2005 3:42 am

#8 Post by hvbuel » Thu Nov 03, 2005 8:53 am

Monitoring Netscreen VPN traffic is #1 on my wish list.
That would be tha bomb !!

I tried digging in the MIB's myself, but I am just not skilled enough to get any results. :cry:

kayalinux
Posts: 23
Joined: Mon Oct 31, 2005 4:38 am

#9 Post by kayalinux » Thu Nov 03, 2005 11:03 am

Actually i monitore all interface of all the equipment list with the standard SNMP - Interface Statistics from cacti.

But i can't tell you for netscreen if it is VPN or not.
it is just an interface. It doesn't look like the MIB make a difference between traffic and VPN traffic.
Or i miss undestand you question.

ScottTFrazer
Posts: 4
Joined: Thu Nov 03, 2005 3:56 pm

#10 Post by ScottTFrazer » Thu Nov 03, 2005 4:10 pm

I tried digging in the MIB's myself, but I am just not skilled enough to get any results.
I'm pretty new at this myself, but I was able to get a bit of useful information about my Netscreen firewall, so I thought I'd share how I did it.

Check out SNMPLink.org's online mib browser here:
http://www.snmplink.org/src/MIB.html

I used the Juniper Networks link from there, then expanded NetScreen - ScreenOS v5.0.0.r8.1 (that's what I've got for a firewall) and dug down through smiv2 and NS-INTERFACE.mib, then selected NETSCREEN-INTERFACE-MIB.

The stuff in the right pane is the actual mib text, but I don't really need that. Instead, I expanded out the nsIfFlowTable and selected the nsIfFlowInByte entry.

The top of the screen now has the numerical OID of this entry. Run snmpwalk from the cacti box using this OID and your community string like so:

Code: Select all

snmpwalk -v 1 -c public ip.ad.dr.es .1.3.6.1.4.1.3224.9.3.1.3
which returns:

Code: Select all

SNMPv2-SMI::enterprises.3224.9.3.1.3.0 = Counter32: 2529568317
SNMPv2-SMI::enterprises.3224.9.3.1.3.1 = Counter32: 0
SNMPv2-SMI::enterprises.3224.9.3.1.3.2 = Counter32: 1049037947
SNMPv2-SMI::enterprises.3224.9.3.1.3.3 = Counter32: 27478534
SNMPv2-SMI::enterprises.3224.9.3.1.3.4 = Counter32: 0
Now I just plug those into data sources created using the SNMP - Generic OID Template and then link the graphs to em and hopefully it works.

For the Netscreen OS, there's a nsIfFlowInVpn counter as well.

hvbuel
Posts: 6
Joined: Mon Jun 20, 2005 3:42 am

#11 Post by hvbuel » Fri Nov 04, 2005 4:42 am

well ScottTFrazer, your certainly pointing me in the right direction.
I did some digging on the web page you suggested and also some snmpwalks
unfortunatly the nsIfFlowInVpn counter is a total for all VPN tunnels.
I have 15 tunnels comming in to 1 device, a total VPN bytes in does not give me the information I want. :(
Further investigation of the MIB shows me that tunnel interfaces are present and recognised by snmpwalk, but again the counters are only for the physical interfaces i.e. TRUST,UNTRUST,DMZ,etc, and not for the tunnel interfaces TUNNEL.1 TUNNEL2, etc. these counters exist but remain at 0.

Good news : browsing thru the MIBS available I stumbled accros this one : netscreenVpnMon and it has some counters in it for the SA.
.1.3.6.1.4.1.3224.4.1.1.1.35 for bytes in.
.1.3.6.1.4.1.3224.4.1.1.1.36 for bytes out.
An snmpwalk gave me decent numbers :)

All I need to know now is how to create some decent graphs.
Do I make some sort of template ? or edit an existing like interfaces.xml ?
How does cacti know howmany tunnels I have, for I have Netscreens with only 1 tunnel but also with over 10 tunnels.

I feel i am close, now how to finish...........

ScottTFrazer
Posts: 4
Joined: Thu Nov 03, 2005 3:56 pm

#12 Post by ScottTFrazer » Fri Nov 04, 2005 4:26 pm

I'm staill a real noob at this, but if you've got the data sources set up, you should just need to create a seperate traffic graph (with an in and out datasource) for each tunnel.

I'm sure there's a way to get fancy and have them all show up on the same graph, but like I said: noob. :D

kayalinux
Posts: 23
Joined: Mon Oct 31, 2005 4:38 am

#13 Post by kayalinux » Mon Dec 19, 2005 8:42 am

Here are 2 templates.

Fortigate 5X and 6X
And for the Fortigate 'Fortinet Security Gateway'

If you wish to complete the template with more data (Antivirus, Webfilter) here are the MIB.
http://www.somix.com/support/mib_resources.php
Attachments
cacti_host_template_fortinet_security_gateway.xml
1) Fortinet - CPU Load
2) Fortinet - Memory Usage
3) Fortinet - Session
(127.32 KiB) Downloaded 4042 times
Fortinet.PNG
Sample graph for the Fortinet Security Gateway
Fortinet.PNG (23.71 KiB) Viewed 104793 times
cacti_host_template_fortigate.xml
Model 5X and 6X
1) Fortigate - CPU Load
2) Fortigate - Memory Usage
3) Fortigate - Session
(20.93 KiB) Downloaded 4589 times

dinux
Posts: 15
Joined: Tue Dec 20, 2005 6:55 pm
Location: Scottsdale, AZ, USA
Contact:

#14 Post by dinux » Tue Feb 06, 2007 1:18 pm

Has anyone been able to monitor the internal Temperature of the Netscreen products? I was hoping to be able to do this.

ceoby
Posts: 13
Joined: Thu Nov 24, 2005 5:39 am
Contact:

#15 Post by ceoby » Thu Mar 29, 2007 9:47 am

It's imposible to import this script :( cacti_host_template_fortigate.xml
Attachments
untitled.JPG
untitled.JPG (139.3 KiB) Viewed 95975 times
I'm from romania

Post Reply