PIX 501 : CPU Load %

rhiez · ‎02-03-2005

dear TS,

i've grab traffif on my pix 515 using mrtg, but when i run this command "/usr/bin/cfgmaker --output=/etc/mrtg/pix.cfg --ifref=descr --global 'workdir: /home/rhiez/tools' --global 'options[_]: growright,bits' idc@212.x.x.10", I got error problem like " NMP Error:

no response received

SNMPv1_Session (remote host: "212.x.x.10" [212.x.x.10].161)

community: "idc"

request ID: -91079101

PDU bufsize: 8000 bytes

timeout: 2s

retries: 5

backoff: 1)

at /usr/bin/../lib/mrtg2/SNMP_util.pm line 621

SNMPWALK Problem for 1.x.6.x.2.1.1 on idc@212.x.x.10::::::v4only

at /usr/bin/cfgmaker line 775

WARNING: Skipping idc@212.x.x.10: as no info could be retreived

--base: Writing /etc/mrtg/pix.cfg"

could you give a clue to troubleshoot that problem, Fyi, I've allow port snmp and trap to my syslog server on pix 515.

thx

umedryk · ‎02-09-2005

Did you allow the traffic in PIX ? Either conduit permit statements or adding the networks in the ACL entreis would be needed

Patrick Iseli · ‎02-09-2005

Here is a config example for MRTG for a PIX !

######################################################################

# System: Cisco PIX Firewall

# Description: 501

# Contact:

# Location:

######################################################################

# .iso.org.dod.internet.private.enterprises.cisco.

# .1.3.6.1.4.1.9

#---------------------------------------------------------------

Target[pix-cpu]:.1.3.6.1.4.1.9.9.109.1.1.1.1.5.1&.1.3.6.1.4.1.9.9.109.1.1.1.1.5.1:snmp-password@PublicIP

RouterUptime[pix-cpu]:snmp-password@PublicIP

Title[pix-cpu]: PIX 501 CPU LOAD

PageTop[pix-cpu]:

PIX 501 : CPU Load %

MaxBytes[pix-cpu]:100

ShortLegend[pix-cpu]:%

XSize[pix-cpu]:380

YSize[pix-cpu]:100

YLegend[pix-cpu]: CPU Utilization

Legend1[pix-cpu]: 5 sec CPU load %

Legend2[pix-cpu]: 1 min CPU load %

Legend3[pix-cpu]: Maximal 5 sec CPU load %

Legend4[pix-cpu]: Maximal 1 min CPU load %

LegendI[pix-cpu]: 5 sec load:

LegendO[pix-cpu]: 1 min load:

Options[pix-cpu]: gauge, growright, nopercent

### Interface 1 >> Descr: 'PIX-Firewall-'outside'-interface' | Name: ''| Ip: '207.x.x.250' | Eth: '00-0a-f4-ec-ef-c4' ###

### The following interface is commented out because:

### * --ifref=name is not unique for this interface

#

Target[pix_outside]: 1:snmp-password@PublicIP

SetEnv[pix_outside]: MRTG_INT_IP="PublicIP"

#MRTG_INT_DESCR="PIX-Firewall-'outside'-interface"

MaxBytes[pix_outside]: 1250000

Title[pix_outside]: 1 -- PIX501

PageTop[pix_outside]:

Outside -- PIX501

System:	PIX501 in Montreal
Maintainer:	admin@domain.com
Description:	PIX Firewall outside interface
ifType:	ethernetCsmacd (6)
ifName:
Max Speed:	10.0 Mbits/s
Ip:	PublicIP ()

### Interface 2 >> Descr: 'PIX-Firewall-'inside'-interface' | Name: '' |Ip: '10.0.0.1' | Eth: '00-0a-f4-ec-ef-c5' ###

### The following interface is commented out because:

### * --ifref=name is not unique for this interface

#

Target[pix_inside]: 2:snmp-password@PublicIP

SetEnv[pix_inside]: MRTG_INT_IP="192.168.1.1"

#MRTG_INT_DESCR="PIX Firewall inside interface"

MaxBytes[pix_inside]: 12500000

Title[pix_inside]: INSIDE -- PIX 501

PageTop[pix_inside]:

INSIDE -- PIX 501

System:	PIX501
Maintainer:
Description:	PIX Firewall inside interface
ifType:	ethernetCsmacd (6)
ifName:
Max Speed:	100.0 Mbits/s
Ip:	192.168.1.1

Verify too that you have the following commands on the PIX:

snmp-server host outside PublicIP

snmp-server host inside InsideIP

snmp-community snmp-password

snmp-server enable traps

Thats it works great !

sincerely

Patrick

snmp walk problem on pix 515

PIX 501 : CPU Load %

Outside -- PIX501

INSIDE -- PIX 501