07-14-2024 07:34 AM
I am using Prometheus SNMP to get info from my Cisco ASA 5585 clusters. However, I was unable to find any MIB/OID containing information about last failover - neither time nor a reason. Pretty simple information that exists in CLI. Could someone, please, point me to the right direction?
07-14-2024 09:02 AM
- Ref : https://community.cisco.com/t5/security-knowledge-base/snmp-mibs-and-traps-on-the-asa-additional-information/ta-p/3116514
Not everything is always implemented in MIBS ; if you look for standby or failover with find in the browser I could not come up with anything related.
M.
07-15-2024 09:01 AM
ASA5506/pri/act# show snmp oid | i 1.3.6.1.4.1.9.9.491.1.4
[601] .1.3.6.1.4.1.9.9.491.1.4.2.1.1.1 CISCO-UNIFIED-FIREWALL-MIB::cufwFOGroupIndex
[602] .1.3.6.1.4.1.9.9.491.1.4.2.1.1.2 CISCO-UNIFIED-FIREWALL-MIB::cufwFOGrpLastFailoverAt
[603] .1.3.6.1.4.1.9.9.491.1.4.2.1.1.3 CISCO-UNIFIED-FIREWALL-MIB::cufwFOGrpHAstate
[604] .1.3.6.1.4.1.9.9.491.1.4.2.1.1.4 CISCO-UNIFIED-FIREWALL-MIB::cufwFOGrpUpTime
[605] .1.3.6.1.4.1.9.9.491.1.4.2.1.1.5 CISCO-UNIFIED-FIREWALL-MIB::cufwFOGrpContextCount
.1.3.6.1.4.1.9.9.491.1.4.2.1.1.1.0 = INTEGER: 0 <-- failover group
.1.3.6.1.4.1.9.9.491.1.4.2.1.1.2.0 = STRING: "12:14:55 CET Feb 5 2021" <-- "show failover" Last Failover at: 12:14:55 CET Feb 5 2021
.1.3.6.1.4.1.9.9.491.1.4.2.1.1.3.0 = INTEGER: 9 <-- state = active
.1.3.6.1.4.1.9.9.491.1.4.2.1.1.4.0 = Gauge32: 180065 <-- active time in seconds -- see below
.1.3.6.1.4.1.9.9.491.1.4.2.1.1.5.0 = Gauge32: 0 <-- number of contexts
Active time:
- when unit becomes active this value becomes zero and start counting
- when unit becomes standby the value freezes and not counting anymore
State:
- 1 - other
- 2 - up
- 3 - down
- 4 - error
- 5 - overTemp
- 6 - busy
- 7 - noMedia
- 8 - backup
- 9 - active
- 10 - standby
HTH
07-16-2024 12:34 AM
Unfortunately our ASA5585 doesn't respond well to snmpwalk using CISCO-UNIFIED-FIREWALL-MIB
and
ASA5585#show snmp oid | i 1.3.6.1.4.1.9.9.491.1.4 returns nothing
07-16-2024 01:00 AM
Right, I believe this OID is supported as of 9.15.1 and the latest ASA release for ASA5585 is 9.12. In 9.12 few failover OIDs are available in CISCO-FIREWALL-MIB, but this MIB doesn't have info you need.
07-16-2024 01:24 AM
- Make sure you are on the latest advisory software version ,
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide