Cisco ASA templates - YMMV

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
fusion
Posts: 2
Joined: Fri Nov 25, 2005 10:46 pm

Cisco ASA templates - YMMV

#1 Post by fusion » Fri Nov 25, 2005 10:52 pm

These were created for the Cisco ASA 5520
Attachments
cacti_graph_template_cisco_asa_sessions.xml
(12.86 KiB) Downloaded 13580 times
cacti_graph_template_cisco_asa_cpu_usage.xml
(10.83 KiB) Downloaded 10537 times
cacti_graph_template_cisco_asa_memory_usage.xml
(14.8 KiB) Downloaded 9234 times

siouxee
Cacti User
Posts: 88
Joined: Wed Sep 07, 2005 9:00 am

No session info...

#2 Post by siouxee » Mon Aug 14, 2006 11:26 pm

I don't see any session info with this template... Any fixes / updates to the template?

knobdy
Cacti User
Posts: 495
Joined: Wed Sep 28, 2005 1:39 pm

#3 Post by knobdy » Tue Sep 12, 2006 12:45 pm

My sessions graph isn't working either.. any news?

User avatar
Setarcos
Cacti User
Posts: 143
Joined: Mon Dec 13, 2004 2:55 pm
Location: San Jose, CA
Contact:

#4 Post by Setarcos » Wed Dec 06, 2006 7:41 pm

Here are a few of mine.
Attachments
IKE-dropped-packets.png
IKE Dropped Packets
IKE-dropped-packets.png (28.69 KiB) Viewed 108385 times
IKE-traffic.png
IKE Traffic
IKE-traffic.png (44.47 KiB) Viewed 108385 times
active-VPN-tunnels.png
Active VPN Tunnels
active-VPN-tunnels.png (24.87 KiB) Viewed 108385 times
RAS-sessions.png
RAS Sessions
RAS-sessions.png (23.62 KiB) Viewed 108385 times
cisco-asa-cacti-templates.zip
XML Templates
(109.88 KiB) Downloaded 7627 times

User avatar
ScOp3
Cacti User
Posts: 61
Joined: Wed Aug 03, 2005 4:14 am
Location: Cologne Germany
Contact:

#5 Post by ScOp3 » Thu Dec 07, 2006 9:42 am

You're templates had some minor errors regarding OID's and Data Sources. Took me a while to find that out. Anyhow i fixed them a bit and combined the whole thing into a Host Template.

If you had problems getting it to work before give this Host Template a try.
Attachments
cacti_host_template_cisco_asa_security_appliance.zip
(15.16 KiB) Downloaded 15603 times
fear leads to anger, anger leads to hate and dancing leads to sex!

User avatar
Setarcos
Cacti User
Posts: 143
Joined: Mon Dec 13, 2004 2:55 pm
Location: San Jose, CA
Contact:

#6 Post by Setarcos » Thu Dec 07, 2006 11:37 am

ScOp3 wrote:You're templates had some minor errors regarding OID's and Data Sources. Took me a while to find that out. Anyhow i fixed them a bit and combined the whole thing into a Host Template.

If you had problems getting it to work before give this Host Template a try.
Thanks ScOp3,

Yea, I forgot to mention that you need the Cisco MIBs installed for my versions to work.

User avatar
ScOp3
Cacti User
Posts: 61
Joined: Wed Aug 03, 2005 4:14 am
Location: Cologne Germany
Contact:

#7 Post by ScOp3 » Thu Dec 07, 2006 11:59 am

Setarcos wrote: Thanks ScOp3,

Yea, I forgot to mention that you need the Cisco MIBs installed for my versions to work.
Yup, figured the MIB issue quite fast. That's why i changed them to numerical notation so we have less dependencies. Nice work on the templates.
fear leads to anger, anger leads to hate and dancing leads to sex!

ntwillie1
Posts: 4
Joined: Thu Sep 22, 2005 4:53 pm
Location: nyc
Contact:

? about the cisco mib's

#8 Post by ntwillie1 » Thu Jan 18, 2007 2:46 pm

hi guys. i'm hoping you can help me out here. Where do i get the cisco mibs and once i have them, where to I install them. Also, i was trying to import that template but am having problems doing so. I keep getting the following errors:


Notice: Only variable references should be returned by reference in C:\Apache2\htdocs\cacti\lib\import.php on line 44

Warning: Cannot modify header information - headers already sent by (output started at C:\Apache2\htdocs\cacti\lib\import.php:44) in C:\Apache2\htdocs\cacti\templates_import.php on line 67

when i hit the back button, it tells me the following:
Error: XML: Hash version does not exist.


If anyone can help I would greatly appreciate it. I'm trying to get some graphs going on my ASA 5505. Thanksa.

joex51
Posts: 32
Joined: Sun Mar 05, 2006 4:05 am
Location: Connecticut
Contact:

Very Nice

#9 Post by joex51 » Wed Aug 08, 2007 3:02 pm

These look awesome I will have to give them a try!!

hinze57
Posts: 6
Joined: Wed Sep 12, 2007 3:31 pm
Location: Colorado

ASA VPN Monitoring

#10 Post by hinze57 » Thu Sep 13, 2007 1:18 pm

A coworker set up NMIS to monitor routers and such. So while searching for information on monitoring VPN tunnels off of multiple ASA's (all remote access IPSec) I found Cacti. I have it installed on a RH Linux box.

I have added the template located in the cacti_host_template_cisco_asa_security_appliance.zip file attachment mentioned previously. But I cannot get any graphs or anything and my polling consistently come back with the following error:
09/13/2007 05:22:34 PM - POLLER: Poller[0] Maximum runtime of 292 seconds exceeded. Exiting.
09/13/2007 05:22:34 PM - SYSTEM STATS: Time:292.9897 Method:cmd.php Processes:1 Threads:N/A Hosts:2 HostsPerProcess:2 DataSources:15 RRDsProcessed:0
PHP Warning: pclose(): 45 is not a valid stream resource in /opt/netmgt/cacti/lib/rrd.php on line 48

Can someone provide some direction or where to look?

Thanks,

hinze57
Posts: 6
Joined: Wed Sep 12, 2007 3:31 pm
Location: Colorado

VPN Monitoring

#11 Post by hinze57 » Thu Sep 13, 2007 1:36 pm

Okay, I changed the SNMP version from 1 to 2 and it worked.

hinze57
Posts: 6
Joined: Wed Sep 12, 2007 3:31 pm
Location: Colorado

ASA Template

#12 Post by hinze57 » Fri Sep 14, 2007 3:33 pm

How did you locate the correct OID's? I'd like to add a graph for IPSec traffic. IKE traffic should primarily be login traffic, and I'd like to see tunnel traffic. I'll look on Cisco's site, but thought you folks would know the answer in your sleep.

Thx

User avatar
solefald
Posts: 38
Joined: Fri Jun 11, 2004 1:35 pm

#13 Post by solefald » Tue Nov 13, 2007 7:07 pm

im having an issue displaying Total Sessions with this.

For some reason i see 65523710 connections in the graph, which is an absolutely crazy number. When i manually run snmpget on the OID provided under "Cisco ASA - Total Sessions" (.1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6) i get somewhere around 750 connections on average, which seems like a reasonable number.

anyone knows how to fix that?
Attachments
graph_image.png
graph_image.png (6.04 KiB) Viewed 101648 times

skinty
Posts: 41
Joined: Sat Aug 12, 2006 6:47 pm

#14 Post by skinty » Thu Nov 15, 2007 12:58 pm

Very minor, but it looks like the legends between Total Sessions and Remote Sessions are transposed.

neodawg
Posts: 10
Joined: Mon Dec 03, 2007 10:22 pm

Cisco ASA 5510 no CPU util graph

#15 Post by neodawg » Tue Dec 04, 2007 9:04 am

all the other graphs work just fine, but on the 5510s the cpu utilization isnt working, there is a graph there, and on one there is some data that comes in but its either a value of 1 or 0. any ideas? Thanks


Update: I have later discovered that after a OS upgrade on the ASA fixed the issue and the ASA was also experiencing little load on it as well.

Post Reply