Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Wed Feb 20, 2019 11:07 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 66 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
 Post subject: Nokia IP Firewall Checkpoint Template
PostPosted: Tue Sep 13, 2005 7:48 am 
Offline

Joined: Tue Sep 13, 2005 5:30 am
Posts: 29
Hi,

Here is a template for Nokia IP Firewall with checkpoint.
Need SNMP enable on IPSO and Checkpoint.

It will graph:
- Traffic
- CPU on Nokia MIB
- CPU on Checkpoint MIB (Need because of a bug on IPSO 3.8.1 build 33)
- Nb of connections
- Memory Usage
- Nb of Dropped packets
- Nb of Rejected packets
- Nb of Accepted packets
- Availability
- Response Time


Attachments:
File comment: Script for cacti (to be placed in scripts folder)
checkpointNG.pl.txt [218 Bytes]
Downloaded 4105 times
File comment: Template export from cacti0.8.6g
cacti_host_template_nokia_ip_firewall.xml [185.07 KiB]
Downloaded 4363 times
Top
 Profile  
 
 Post subject: Screenshots
PostPosted: Wed Sep 14, 2005 2:45 am 
Offline

Joined: Tue Sep 13, 2005 5:30 am
Posts: 29
Here are screenshots


Attachments:
File comment: Connections
connections.png
connections.png [ 4.71 KiB | Viewed 38899 times ]
File comment: Accepted Packets
accepted.png
accepted.png [ 4.96 KiB | Viewed 38899 times ]
File comment: Availability
availability.png
availability.png [ 3.77 KiB | Viewed 38899 times ]
Top
 Profile  
 
 Post subject: Screenshots
PostPosted: Wed Sep 14, 2005 2:50 am 
Offline

Joined: Tue Sep 13, 2005 5:30 am
Posts: 29
Screenshots


Attachments:
File comment: Dropped
dropped.png
dropped.png [ 5.75 KiB | Viewed 38897 times ]
File comment: CPU based on Nokia MIB (do not work with 3.8.1Build33 and up) Resolution 24144 & Resolution 24186
cpu nokia.png
cpu nokia.png [ 4.75 KiB | Viewed 38897 times ]
File comment: CPU based on Checkpoint MIB
cpu checkpoint.png
cpu checkpoint.png [ 4.8 KiB | Viewed 38897 times ]
Top
 Profile  
 
 Post subject: Screenshots
PostPosted: Wed Sep 14, 2005 2:50 am 
Offline

Joined: Tue Sep 13, 2005 5:30 am
Posts: 29
Screenshots


Attachments:
File comment: Traffic
traffic.png
traffic.png [ 7.12 KiB | Viewed 38896 times ]
File comment: Rejected Packets
rejected.png
rejected.png [ 5.12 KiB | Viewed 38896 times ]
File comment: Memory Usage
memory.png
memory.png [ 4.16 KiB | Viewed 38896 times ]
Top
 Profile  
 
 Post subject: Screenshots
PostPosted: Wed Sep 14, 2005 2:51 am 
Offline

Joined: Tue Sep 13, 2005 5:30 am
Posts: 29
Screenshots


Attachments:
File comment: Response Time
response time.png
response time.png [ 5.64 KiB | Viewed 38895 times ]
Top
 Profile  
 
 Post subject:
PostPosted: Wed Sep 14, 2005 4:57 am 
Offline
Cacti User
User avatar

Joined: Wed Jan 14, 2004 3:23 am
Posts: 256
Location: Germany
cmarsot, your templates ate looking very interessting. I'll try it.

Hope your work fixed my old problem here:

http://forums.cacti.net/viewtopic.php?t=6838&start=0&postdays=0&postorder=asc&highlight=checkpoint

Thanks !!


Top
 Profile  
 
 Post subject:
PostPosted: Thu Sep 29, 2005 9:09 am 
Offline
Developer
User avatar

Joined: Thu Dec 02, 2004 2:46 am
Posts: 22376
Location: Muenster, Germany
Based on the idea above, I did some modifications. Our fw admin told me, it would be enough to poll snmp port 161 on IPSO. There some "proxy function" in IPSO so there's no need for the script above (that does some snmpwalks against checkpoints snmp port).
So I appended a pure snmp xml. For ease of use I have configured a host template "Checkpint Firewall" that includes all data templates and graph templates.
Do avoid interference with your "SNMP Interface Statistics" I removed them before exporting the host template. So in this themplate, you will only find pure IPSO/Checkpoint stuff.
Another remark: You will notice a black line on the graphs. This represents the MAX values. They will only differ for graphs that represent consolidated values (see http://forums.cacti.net/viewtopic.php?t=9383 for more explanation).
Export is done on cacti 0.8.6c. You will need that version at minimum.
happy cactiing
Reinhard


Attachments:
File comment: A view taken from a test machine
Checkpoint.png
Checkpoint.png [ 32.47 KiB | Viewed 38119 times ]
File comment: The "Checkpint Firewall" host template
cacti_host_template_checkpoint_firewall.xml [49.41 KiB]
Downloaded 2245 times
Top
 Profile  
 
 Post subject:
PostPosted: Fri Sep 30, 2005 4:55 am 
Offline

Joined: Fri Sep 30, 2005 4:49 am
Posts: 2
Hello,

I have just receive a nokia / checkpoint cluster, so I try to integrate it to cacti and I have import your template but I have some problem in getting the data,

I have activate snmp on the IPSO and I can get some simple snmp data, this works fine, but i can not found on the checkpoint interface any option to activate the snmp, so none of the graphs seems to work.

Can you ask your fw admin where is the right option to activate the snmp on checkpoint ?

Thanks,

Regards Claude


Top
 Profile  
 
 Post subject: Checkpoint .... also for SPLAT ? (Secure Platform)
PostPosted: Fri Sep 30, 2005 6:00 am 
Offline

Joined: Fri Sep 30, 2005 4:23 am
Posts: 26
Hi,

(I'm newbie to cacti, so :o ....)

would those checkpoint templates also work with Checkpoints secure platform? in stead of Nokia applicances

there are supposed to be some differences in the SNMP set


Olivier


Top
 Profile  
 
 Post subject: nice job!
PostPosted: Sun Oct 02, 2005 1:46 pm 
Offline

Joined: Fri Aug 05, 2005 2:38 am
Posts: 14
cmarsot, reinhard,

excellent job, thanks a million from a cacti noob! :roll: :wink:

haven't tried either as yet, as I've got some reading to do first, but will let you know how I get on, thanks again.
/riz.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Oct 11, 2005 4:39 am 
Offline
Developer
User avatar

Joined: Thu Dec 02, 2004 2:46 am
Posts: 22376
Location: Muenster, Germany
brassel wrote:
Can you ask your fw admin where is the right option to activate the snmp on checkpoint ?
The admin says that you simply have to start both agents, the checkpoint one and the nokia one. He didn't have to configure something special
Reinhard


Top
 Profile  
 
 Post subject: Using the NOKIA scripts for SPLAT
PostPosted: Wed Oct 12, 2005 9:15 am 
Offline

Joined: Fri Sep 30, 2005 4:23 am
Posts: 26
Hi,

I started by importing the Nokia scripts to query Secure Platform
it seems to be gathering some data, but the script run shows some errors...

Quote:
CACTID: Host[10] DEBUG: HOST COMPLETE: About to Exit Host Polling Thread Function
CACTID: DEBUG: The Value of Active Threads is 0
CACTID: DEBUG: Valid Thread to be Created
CACTID: DEBUG: In Poller, About to Start Polling of Host
CACTID: DEBUG: The Value of Active Threads is 1
CACTID: MYSQL: Connecting to MySQL database 'cacti' on 'mgtserver03'...
CACTID: MYSQL: Connected to MySQL database 'cacti' on 'mgtserver03'...
CACTID: Host[11] PING Result: ICMP: Host is Alive
CACTID: Host[11] SNMP Result: Host responded to SNMP
CACTID: DEBUG: SQLCMD: update host set status='3',status_event_count='0', status_fail_date='0000-00-00 00:00:00',status_rec_date='20
05-10-12 15:44:00',status_last_error='SNMP not performed due to setting or ping result,',min_time='9.999990',max_time='114.000080',c
ur_time='90.999960',avg_time='91.499993',total_polls='9',failed_polls='3',availability='66.6667' where id='11'

CACTID: Host[11] RECACHE: Processing 1 items in the auto reindex cache for 'fwsplat01.mycompany.com'
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7sh: D:/Wwwroot/cacti/scripts/host_availability_current.php
: No such file or directory


CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'D:/Wwwroot/cacti/scripts/host_availability_current.php 'fwsplat01.mycompany.com'
CACTID: Host[11] DS[689] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[689] SCRIPT: D:/Wwwroot/cacti/scripts/host_availability_current.php fwsplat01.mycompany.com, output: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7
sh: D:/Wwwroot/cacti/scripts/host_availability_percent.php: No such file or directory
CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'D:/Wwwroot/cacti/scripts/host_availability_percent.php 'fwsplat01.mycompany.com'
CACTID: Host[11] DS[688] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[688] SCRIPT: D:/Wwwroot/cacti/scripts/host_availability_percent.php fwsplat01.mycompany.com, output: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.6.0'
CACTID: Host[11] DS[685] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[685] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.6.0, ou
tput: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.25.3.0'
CACTID: Host[11] DS[683] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[683] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.25.3.0,
output: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.4.0'
CACTID: Host[11] DS[687] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[687] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.4.0, out
put: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7The system cannot find the path specified.

CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.1.5.0'
CACTID: Host[11] DS[686] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[686] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.1.5.0, out
put: U
CACTID: Host[11] DEBUG: The POPEN returned the following File Descriptor 7
The system cannot find the path specified.
CACTID: Host[11] ERROR: Empty result [fwsplat01.mycompany.com]: 'perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com
.1.3.6.1.4.1.2620.1.6.7.1.4.0'
CACTID: Host[11] DS[684] WARNING: Result from SCRIPT not valid. Partial Result: ...
CACTID: Host[11] DS[684] SCRIPT: perl D:/Wwwroot/cacti/scripts/checkpointNG.pl fwsplat01.mycompany.com .1.3.6.1.4.1.2620.1.6.7.1.4.0,
output: U
CACTID: Host[11] DS[690] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_in, oid: .1.3.6.1.2.1.2.2.1.10.4, value: 2855346129
CACTID: Host[11] DS[691] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_in, oid: .1.3.6.1.2.1.2.2.1.10.6, value: 2558555709
CACTID: Host[11] DS[690] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_out, oid: .1.3.6.1.2.1.2.2.1.16.4, value: 523837009
CACTID: Host[11] DS[691] SNMP: v2: fwsplat01.mycompany.com, dsname: traffic_out, oid: .1.3.6.1.2.1.2.2.1.16.6, value: 2856271348
CACTID: Host[11] DS[682] WARNING: Result from SNMP not valid. Partial Result: ...
CACTID: Host[11] DS[682] SNMP: v2: fwsplat01.mycompany.com, dsname: 5min_cpu, oid: .1.3.6.1.4.1.94.1.21.1.7.1.0, value: U
CACTID: DEBUG: SQLCMD: INSERT INTO poller_output (local_data_id,rrd_name,time,output) VALUES (690,'traffic_in','2005-10-12 15:54:00'
,'2855346129'),(691,'traffic_in','2005-10-12 15:54:00','2558555709'),(690,'traffic_out','2005-10-12 15:54:00','523837009'),(691,'tra
ffic_out','2005-10-12 15:54:00','2856271348'),(682,'5min_cpu','2005-10-12 15:54:00','U'),(689,'responsetime','2005-10-12 15:54:00','
U'),(688,'availability','2005-10-12 15:54:00','U'),(685,'checkpointNG_drop','2005-10-12 15:54:00','U'),(683,'checkpointNG_cnx','2005
-10-12 15:54:00','U'),(687,'checkpointNG_accept','2005-10-12 15:54:00','U'),(686,'checkpointNG_reject','2005-10-12 15:54:00','U'),(6
84,'checkpointNG_mem','2005-10-12 15:54:00','U')
CACTID: Host[11] DEBUG: HOST COMPLETE: About to Exit Host Polling Thread Function
CACTID: DEBUG: The Value of Active Threads is 0
CACTID: DEBUG: SQLCMD: replace into settings (name,value) values ('date',NOW())
CACTID: DEBUG: SQLCMD: insert into poller_time (poller_id, start_time, end_time) values (0, NOW(), NOW())
CACTID: DEBUG: Thread Cleanup Complete
CACTID: DEBUG: PHP Script Server Pipes Closed
CACTID: DEBUG: Allocated Variable Memory Freed



where can I find those missing scripts??
:o
L.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Oct 12, 2005 10:28 am 
Offline
Developer
User avatar

Joined: Thu Dec 02, 2004 2:46 am
Posts: 22376
Location: Muenster, Germany
Sorry, I can't help on this. My post cacti_host_template_checkpoint_firewall.xml does not contain any reference to any php script.
Reinhard


Top
 Profile  
 
 Post subject:
PostPosted: Wed Oct 12, 2005 10:58 am 
Offline

Joined: Fri Sep 30, 2005 4:23 am
Posts: 26
lvm wrote:
Sorry, I can't help on this. My post cacti_host_template_checkpoint_firewall.xml does not contain any reference to any php script.
Reinhard


that is why I'm using your post now :lol: :D
in stead of the nokia one :wink:


Top
 Profile  
 
 Post subject:
PostPosted: Wed Oct 19, 2005 4:42 am 
Offline

Joined: Fri Sep 30, 2005 4:23 am
Posts: 26
lightningbit wrote:
lvm wrote:
Sorry, I can't help on this. My post cacti_host_template_checkpoint_firewall.xml does not contain any reference to any php script.
Reinhard


that is why I'm using your post now :lol: :D
in stead of the nokia one :wink:



however... I cannot get the CPU load from Secure Platform
anyone has ideas?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 66 posts ]  Go to page 1, 2, 3, 4, 5  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: Google Adsense [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group