[mrtg] cfgmaker for a Pix Firewall

Daniel J McDonald dan.mcdonald at austinenergy.com
Thu Jun 28 15:16:01 CEST 2007 

On Wed, 2007-06-27 at 13:20 -0400, Deb.Homan at crown.com wrote:
> 
> I am needing help on running cfgmaker against a PIX 515 Firewall for
> cpu utilization 

It matters a great deal what version of code the pix is running.
Support for the CISCO-PROCESS-MIB was added in the 6.3 train, IIRC.

> The OID I want to run it against is: 
> .1.3.6.1.4.1.9.9.109.1.1.1 
> I am unfamiliar of how to use cfgmaker with an oid? 

You have to use a template.

> Can someone help me on the correct syntax for this or is there a
> better way to get utilization from the firewall than the oid? 


Here is my template for cpu, memory, and connection counts from pixi,
fwsm, and ASA's.  It works from about 6.3 onward for PIX and 2.3 onward
for FWSM.  The syntax for using a template is:
cfgmaker --host-template pix.template community at pix.ip.address

You may want to remove the Directory[] entries, as that will probably
mess things up if you are not using Directory elsewhere.
Also, to use the OID friendly names, you will need to add all of the mib
files referenced in the snmpMIB_to_OID functions to your LoadMibs: line
in the order that they are listed here.  You will also need to edit
those lines to match your paths.  Cisco mibs can be downloaded from
ftp://ftp.cisco.com/pub/mibs/v1 



$head_lines .= <<ECHO
#.....................................................................
# PIX processor utilization.
#
      
ECHO
;
snmpMIB_to_OID("/usr/share/snmp/mibs/CISCO-SMI-V1SMI.my");
snmpMIB_to_OID("/usr/share/snmp/mibs/CISCO-TC-V1SMI.my");
snmpMIB_to_OID("/usr/share/snmp/mibs/CISCO-PROCESS-MIB-V1SMI.my");

my (@temp) = snmpwalk($router_connect,'cpmCPUTotal5sec');
foreach my $tempi(@temp) {
        $tempi =~ /(\d+):\d/;
        my $instance=$1;
        my $target_name=$router_name.".cpu".$instance;
        $target_lines .= <<CPU
Target[$target_name]:
cpmCPUTotal5sec.$instance&cpmCPUTotal1min.$instance:$router_connect
MaxBytes[$target_name]: 100
routers.cgi*ShortDesc[$target_name]:  CPU # $instance
bb*host[$target_name]: $router_name
bb*svc[$target_name]: cpu
bb*red[$target_name]: 90
bb*yellow[$target_name]: 80
Options[$target_name]:  gauge, unknaszero
Directory[$target_name]: $directory_name
WithPeak[$target_name]: wmy
YLegend[$target_name]: % Utilization
ShortLegend[$target_name]: %
Legend1[$target_name]: 5 Second Load
Legend2[$target_name]: 1 Minute Load
LegendI[$target_name]:  5sec :
LegendO[$target_name]:  1min :
Title[$target_name]: $sysname
PageTop[$target_name]: <H1>$sysname Processor Load</H1>
 <TABLE>
   <TR><TD>System:</TD><TD>$sysname  </TD></TR>
   <TR><TD>Location:</TD><TD>$syslocation </TD></TR>
 </TABLE>
CPU
; 
}

snmpMIB_to_OID("/usr/share/snmp/mibs/CISCO-QOS-PIB-MIB-V1SMI.my");
snmpMIB_to_OID("/usr/share/snmp/mibs/CISCO-MEMORY-POOL-MIB-V1SMI.my");
my (@temp) = snmpwalk($router_connect,'ciscoMemoryPoolName');
foreach my $tempi(@temp) {
        $tempi =~ /(\d+):(.+)/;
        my $instance=$1;
        my ($used, $free) =
snmpget($router_connect,'ciscoMemoryPoolUsed.'.$instance,
'ciscoMemoryPoolFree.'.$instance);
        my $target_name=$router_name.".memory";
        my $maxsize = $used+$free;
        $target_lines .= <<DISK
#--------------------------------------------------------------------------------------
# Memory Utilization
    
Target[$target_name]:
ciscoMemoryPoolFree.$instance&ciscoMemoryPoolLargestFree.$instance:
$router_connect
YLegend[$target_name]: Bytes Free
Options[$target_name]: gauge, unknaszero
Directory[$target_name]: $directory_name
MaxBytes[$target_name]: $maxsize
ShortLegend[$target_name]: bytes
routers.cgi*ShortDesc[$target_name]: Memory
bb*host[$target_name]: $router_name
bb*svc[$target_name]: memory
bb*red[$target_name]: 5%:102%
bb*yellow[$target_name]: 7%:101%
Legend1[$target_name]: Free Mem
Legend2[$target_name]: Largest Block
LegendI[$target_name]: Free
LegendO[$target_name]: Block
WithPeak[$target_name]: ymw
Title[$target_name]: $sysname
PageTop[$target_name]: <H1>Memory on $sysname/H1>
 <TABLE>
   <TR><TD>System:</TD><TD>$sysname  </TD></TR>
   <TR><TD>Location:</TD><TD>$syslocation </TD></TR>
 </TABLE>
DISK
;
}

snmpMIB_to_OID("/usr/share/snmp/mibs/CISCO-FIREWALL-MIB-V1SMI.my");
my (@temp) = snmpwalk($router_connect,'cfwConnectionStatDescription');
foreach my $tempi(@temp) {
        $tempi =~ /([\d\.]+):(.+)/;
        my $instance=$1;
        my $description = $2;
        my $target_name=$router_name.'conn.'.$instance;
        my $maxsize = 50000;
        $target_lines .= <<CONNECT
#--------------------------------------------------------------------------------------
# Connection Utilization
    
Target[$target_name]:
cfwConnectionStatValue.$instance&cfwConnectionStatValue.$instance:
$router_connect
YLegend[$target_name]: connections
Options[$target_name]: gauge, unknaszero, noi
Directory[$target_name]: $directory_name
MaxBytes[$target_name]: $maxsize
ShortLegend[$target_name]: bytes
routers.cgi*ShortDesc[$target_name]: $instance
bb*host[$target_name]: $router_name
bb*svc[$target_name]: connections
bb*red[$target_name]: 99%
bb*yellow[$target_name]: 98%
LegendI[$target_name]: connections
WithPeak[$target_name]: ymw
Title[$target_name]: $sysname
PageTop[$target_name]: <H1>Memory on $sysname/H1>
 <TABLE>
   <TR><TD>System:</TD><TD>$sysname  </TD></TR>
   <TR><TD>Location:</TD><TD>$syslocation </TD></TR>
   <TR><TD>Table:</TD><TD>$description </TD></TR>
 </TABLE>
CONNECT
;
}

-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

More information about the mrtg mailing list