pix firewall template

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

pix firewall template

#1 Post by egarnel » Fri Jan 09, 2004 11:48 am

This is my 1st template, but it should work fine for most applications.

It is a host template (with dependancies) fro Cisco Pix firewalls. The template measures CPU load, interfaces , Free memory and connections.

Good luck with it. Please let me know if you have any questions or improvements on it.


Eric
Attachments
cacti_host_template_pix_firewall.xml
pix template
(15.71 KiB) Downloaded 18097 times

booyaa

#2 Post by booyaa » Tue Jun 29, 2004 2:28 pm

Does this work? Anyone tried? How do I install it?

kirbini

Doesn't work...

#3 Post by kirbini » Thu Jul 08, 2004 1:32 pm

I just loaded this template into the newest version (0.8.5a). It loads correctly but it does not query the correct MIBs. In fact, it queries the

enterprises.109....

tree which doesn't exist on my PIX running PIXOS 6.1.

User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

PIX

#4 Post by egarnel » Fri Jul 09, 2004 10:27 am

Yes, it works for 6.3
I have the same issue. I have 3 pixs, two of which are on 6.3 and the other on 6.1
the pix running 6.1 does not show the graphs & my fix for that is to upgrade the PIX.

claytondukes

Pix

#5 Post by claytondukes » Wed Aug 18, 2004 9:10 pm

It seems to be missing the memory cdef's
Otherwise, it worked.

Guest

#6 Post by Guest » Sun Aug 22, 2004 8:30 am

Once I applied the single quote patch the template worked. Thanks.

..::BFS::..
Cacti User
Posts: 52
Joined: Fri Mar 12, 2004 3:01 am
Location: Beusichem
Contact:

#7 Post by ..::BFS::.. » Tue Sep 28, 2004 6:08 am

Anonymous wrote:Once I applied the single quote patch the template worked. Thanks.
Can somebody explain to me what this single quote patch means? Sorry for kicking an old topic...

BitFlipper
Posts: 14
Joined: Sat Aug 14, 2004 10:30 am

#8 Post by BitFlipper » Mon Oct 04, 2004 10:43 pm

I am not an expert on Perl but understand the 'why' and the 'reason' for the fix.

The short version ... take a look at the following from a PIX walk:

IF-MIB::ifDescr.1 = STRING: PIX Firewall 'unused' interface
IF-MIB::ifDescr.2 = STRING: PIX Firewall 'extranet' interface
IF-MIB::ifDescr.3 = STRING: PIX Firewall 'intranet' interface
IF-MIB::ifDescr.4 = STRING: PIX Firewall 'inside' interface

Normally, devices have a simple string as a description. The PIX includes single quotes which in Perl, is interpreted or translated causing a script to fail. That is, when you query the PIX for an interface description, you get the following "PIX Firewall 'inside' interface" and not "inside" like you'd expect and only need.

..::BFS::..
Cacti User
Posts: 52
Joined: Fri Mar 12, 2004 3:01 am
Location: Beusichem
Contact:

#9 Post by ..::BFS::.. » Fri Oct 08, 2004 2:58 am

When I graph the connections I don't get any input on my graphs. I do get the CPU Usage and Interfaces but no Connections or Memory.

Polling a couple of Pix's running on Cisco PIX Firewall Version 6.3(1)

User avatar
egarnel
Cacti Pro User
Posts: 703
Joined: Thu Nov 21, 2002 8:55 am
Location: Austin, TX

#10 Post by egarnel » Fri Oct 08, 2004 10:13 am

what are the OIDs under your data template for pix connections?
should be 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6

and memory should be
1.3.6.1.4.1.9.9.48.1.1.1.5.1

I built the template based on a pix running 6.3(1) and under Cacti .8.5.a. It still works under .8.6.a for me.

I also imported it into another Cacti server that monitors a pix running 6..1.x and memory graphing does not work with that version

what are your snmp settings on the PIX? It is odd that you would get CPU and not interfaces

guerra6880
Posts: 33
Joined: Mon Apr 19, 2004 7:47 am
Contact:

#11 Post by guerra6880 » Mon Oct 11, 2004 8:43 pm

..::BFS::.. wrote:When I graph the connections I don't get any input on my graphs. I do get the CPU Usage and Interfaces but no Connections or Memory.

Polling a couple of Pix's running on Cisco PIX Firewall Version 6.3(1)
I used to have this problem and it was driving me nuts until I figured out that the maximum value was set at 100 so anything over 100 connections was being dropped. As most my pixes have more then 100 connections this was a must for me.

cpdans
Posts: 43
Joined: Mon Oct 28, 2002 7:59 am

#12 Post by cpdans » Tue Oct 26, 2004 12:03 pm

Anonymous wrote:Once I applied the single quote patch the template worked. Thanks.
I noticed the above post. I thiink am having the same problem. I am running 0.8.6b and am not getting the connections and memory graph. However, I do get the CPU Usage graph. Any ideas? If I do need this patch where might I get it?

Thanks,

Dan

cpdans
Posts: 43
Joined: Mon Oct 28, 2002 7:59 am

#13 Post by cpdans » Tue Oct 26, 2004 1:53 pm

Not to over post myself, but upon further examination it appears that the data is getting dumped into the rrd file for both connections and memory. However the graphs are not displaying the information. I did notice that the upper limit of the datasource and the graph were set at 100 for connections. I currently have over 1100 so I uped that limit to 100000. Don't know if that make a difference or not.

Thanks for the help.

Bioman
Posts: 15
Joined: Tue Aug 31, 2004 9:13 am

#14 Post by Bioman » Thu Nov 04, 2004 10:36 am

Hi !
I just uploaded this PIX template to my Cacti server.
Both the CPU and Conns graphs are created. Though, for the moment, there is no data in it (might be normal as this firewall is not busy at all for now).

I have a problem with the Memory graph.
The graph templates does NOT refere to any data source at all.

For instance, for the Connection graph, there has been a pixconn data template created, and this template is used to create the Conn graph.
The memory data template does not exist... How come ?

Thanx for your help...

Bioman
Posts: 15
Joined: Tue Aug 31, 2004 9:13 am

#15 Post by Bioman » Thu Nov 04, 2004 11:00 am

Sorry for the flood, but I also cannot get any Interface information... Anything I have to do ?...

Thanx :roll:

Post Reply