VPN Tunnel monitoring

Templates, scripts for templates, scripts and requests for templates.

Moderators: Moderators, Developers

Author
Message
nduda78
Cacti User
Posts: 106
Joined: Tue Mar 01, 2005 11:26 am
Contact:

#46 Post by nduda78 » Tue Nov 06, 2007 11:05 am

ok still nothing, but a couple question...

Does the script get the data for octects(bytes) counting up? so each time you run the script you would need to run a diff against the previous results then graph it?

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#47 Post by aquila125 » Tue Nov 06, 2007 11:13 am

are you sure the tunnel is up and being used?

Check the TX and RX results in the log file. They should be higher in the second check... else no data has been transferred and the graphs are correct...

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#48 Post by aquila125 » Tue Nov 06, 2007 11:14 am

Cacti does this automatically. You set the data source to 'Counter' and that should do it... It also takes care of overruns

nduda78
Cacti User
Posts: 106
Joined: Tue Mar 01, 2005 11:26 am
Contact:

#49 Post by nduda78 » Tue Nov 06, 2007 12:09 pm

yea the tunnels are very much being used...the data keeps going up when i run the scripts....cacti just is staying at 0...grrrr

whats the best way to remove all this and redo it...so frustrating...cacti is getting the data just not graphing it.

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#50 Post by aquila125 » Tue Nov 06, 2007 4:34 pm

I changed my script several times and created the data sources from scratch. So perhaps it's best if you delete everything you have. Just leave the script on the harddrive (but delete all the related RRD files).
Then import the template down here and create a new datasource from this template. Enter the correrct IP address and add 'ASA'.
Now create a new Graph (Graph Management) from the graph template.
This should work. I exported the templates from our cacti system and those are working...

If that still doesn't work, give me the results (TX and RX) from one of the tunnels...

Good luck!
Attachments
cacti_graph_template_cisco_vpn_tunnel.xml
(13.43 KiB) Downloaded 1329 times

cbrmig
Posts: 14
Joined: Mon Sep 24, 2007 5:02 am

#51 Post by cbrmig » Thu Nov 08, 2007 9:45 am

Is it possible to aplicate this template to a PIX 515 E firewall? Or is there any other way to see the VPN usage or sessions?

Thnks.

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#52 Post by aquila125 » Thu Nov 08, 2007 9:51 am

I believe the MIB's are the same for the PIX515E and the ASA. So try and you shall find out :)
Keep us informed!

cbrmig
Posts: 14
Joined: Mon Sep 24, 2007 5:02 am

#53 Post by cbrmig » Thu Nov 08, 2007 11:14 am

aquila125 wrote:I believe the MIB's are the same for the PIX515E and the ASA. So try and you shall find out :)
Keep us informed!
HI..witch MIB's are u talking about?
I'm using the host template "Cisco PIX Firewall".

thnks

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#54 Post by aquila125 » Fri Nov 09, 2007 4:33 am

Add a new graph and choose the data template Cisco VPN Tunnel.

cbrmig
Posts: 14
Joined: Mon Sep 24, 2007 5:02 am

#55 Post by cbrmig » Fri Nov 09, 2007 7:32 am

aquila125 wrote:Add a new graph and choose the data template Cisco VPN Tunnel.
HI.
I already done that :(...graphics all empty...

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#56 Post by aquila125 » Fri Nov 09, 2007 7:46 am

check the cacti.log file. Make sure logging is on debug.

cbrmig
Posts: 14
Joined: Mon Sep 24, 2007 5:02 am

#57 Post by cbrmig » Fri Nov 09, 2007 9:10 am

aquila125 wrote:check the cacti.log file. Make sure logging is on debug.

I have this int the log:

11/09/2007 02:04:02 PM - CACTID: Poller[0] Host[6] ERROR: Problems parsing Multi SNMP OID! (oid: SNMPv2-SMI::enterprises.3224.16.2.3.0 )

11/09/2007 02:04:02 PM - CACTID: Poller[0] Host[6] ERROR: Problems parsing Multi SNMP OID! (oid: SNMPv2-SMI::enterprises.3224.16.2.2.0 )

11/09/2007 02:04:02 PM - CACTID: Poller[0] Host[6] ERROR: Problems parsing Multi SNMP OID! (oid: SNMPv2-SMI::enterprises.3224.16.2.1.0 )

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#58 Post by aquila125 » Fri Nov 09, 2007 9:34 am

I'm sorry. I don't have a pix firewall here to test my script with. Probably the PIX uses different MIB's then the ASA.

aquila125
Posts: 23
Joined: Fri Oct 19, 2007 6:37 am

#59 Post by aquila125 » Fri Nov 09, 2007 11:48 am

You can always try to locate the MIB's by using the snmpwalk utility. Cisco also has a pretty decent site where you can search for MIB's. The url is posted in one of the first posts here I believe...

Leeroy
Posts: 14
Joined: Fri Jan 18, 2008 6:36 am
Location: Paris, France

#60 Post by Leeroy » Tue Jan 22, 2008 11:00 am

Hi. i've a problem with the script (lan2lan_cisco.pl) because it takes too much time to execute (about 1 min for 1 execution and i have at least 40 execution to do). So it works fine for 2 or 3 tunnels but i can't monitoring 40 tunnels.

Any idea?

thanks

Post Reply