Can't get SNMP data from ASA's AIP 10 IPS module

Unanswered Question
Nov 12th, 2008


I have just had the AIP 10 IPS module installed onto my ASA 5520. I have now setup the SNMP and my SNMP server (solarwinds) can detect the CPU, Memory and sensors to monitor.

The problem I have is the SNMP server is getting data form the sensors but not data from the CPU or memory mibs, is something denying this from the IPS?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Farrukh Haroon Sun, 11/16/2008 - 00:08

If you can get other data from the sensor, then the solarwinds product does not support the IDS cpu/memory MIB. We faced the same issue with BMC Dashboard/Entuity and we had to build a custom forumula for that.



mathias.mahnke Fri, 11/21/2008 - 12:07

Hi Farrukh, Hello All,

could you post the OIDs of the values your are monitoring? I'm very interested for the CPU status.

Looking at the SNMP navigator tool, I didn't found any list of supported MIBs on the IPS modules.



Farrukh Haroon Fri, 11/21/2008 - 22:24

The following are some IDS mibs, Cisco forgot to link them on the MIBs page located at

Here is the forula we are using to get the memory utlization percentage(in BMC Dashboard):

average ( select ) / ( average ( select ) + average ( select ) ) * 100

Which translates to:

average ( select cempmempoolfree ) / ( average ( select cempmempoolfree ) + average ( select cempmempoolused ) ) * 100

I'm unable to find the formula for the CPU, but try loading the PROCESS mib for that.

average ( select )

Please rate if helpful.



whiteford Sat, 11/22/2008 - 02:00


So have you managed to monitor you CPU of your IPS?

So do you have to load the mibs into your snmp software?

Farrukh Haroon Sat, 11/22/2008 - 02:39

We were not getting any valid data for the CPU in our IDSM-2. However the BMC development teams was able to get values in their simulation lab. The issue later died as we decided not to renew the BMC product for the next (Due to other reasons).

Yes I had to load the MIBs in the software.



whiteford Sat, 11/22/2008 - 02:44


I use Orion Solarwinds, I really need to monitor my CPU and memory of the IPS as it can hit 100%.

Any other way?

Farrukh Haroon Sat, 11/22/2008 - 02:47

If youa are running 6.1.x you can use the IPS Manager Express (IME) to monitor CPU/Memory.



whiteford Sat, 11/22/2008 - 03:03

That's what I'm using but I need some sort email alert as what can't look at that screen 24/7.

Solarwinds currently does this

Farrukh Haroon Sat, 11/22/2008 - 03:22

Did you try polling the MIBs I gave you earlier?

Can you load external MIB files in Solarwinds?



whiteford Sat, 11/22/2008 - 03:46

Not sure if you can load those into solarwinds, will have to log a call with them.

They update their mib db all the time and boast having 100,000's in it. So surprising IPS isn't in it, but IDS is. I does an auto detection.

Thing it does detect the sensors and CPU and memory, but just doesn't gather data for the memory or cpu, but does for the sensors.

mathias.mahnke Sat, 11/22/2008 - 07:10

Thanks for the OID hints. I finally managed to get the CPU values from the AIP-IPS modules with:

host$ snmpwalk -v 2c -c

SNMPv2-SMI::enterprises. = INTEGER: 0

SNMPv2-SMI::enterprises. = Gauge32: 33

SNMPv2-SMI::enterprises. = Gauge32: 38

SNMPv2-SMI::enterprises. = Gauge32: 29

This looks quite the same like getting the value via the IPS CLI ("sh statistics host"):

CPU Statistics

Usage over last 5 seconds = 23

Usage over last minute = 38

Usage over last 5 minutes = 29

(Last 5 seconds differs since I can't set up both requests simultaniously for obvious reasons ;-).

Thanks a lot for your hints and the links!

I'll work futher on it to write NAGIOS check scripts...



Farrukh Haroon Sat, 11/22/2008 - 23:07

Its great that you have made progress mathias.

Please update us once you have the scripts :). And also please rate if you find any post helpful.



mathias.mahnke Sun, 11/23/2008 - 09:25

Nagios check scripts are running and can also be used just as Linux CLI tools:

host$ ./ -H -C -2 -T cpu -w 70%,50%,40% -c 90%,70%,50%

Cisco IPS CPU : 5sec = 13 %, 2min = 13 %, 5min = 18 % : OK

host$ ./ -H -C -2 -T mem -w 60% -c 80%

Cisco IPS Memory : used = 977 MB, free = 1018 MB, utilization = 48 % : OK

host$ ./ -H -C -2 -T health -w 1,0,1,1 -c 0,1,5,5

Cisco IPS Health : inactive = 0, memory critical = 0, packet loss = 0 %, packet deny rate = 0 % : OK

host$ ./ -H -C -2 -n ge0_[0,1] -k -w 10000,10000 -c 20000,20000 --label

ge0_1:Unpaired (in=597.9KBps/out=597.9KBps), ge0_0:UP (in=0.4KBps/out=4.1KBps) : 2 UP : OK

Tested with AIP-IPS-20 modules hosted in an ASA5540. May have still bugs, any feedback is welcome.

mathias.mahnke Tue, 12/16/2008 - 07:38

FYI, there is currently a feature request open to add SNMP information regarding the IPS inspection load:

"CSCsu08529 Unable to monitor sensor health via SNMP.

This is not a bug, this is an enhancement request to add SNMP OIDs to

retrieve sensor health data such as the inspection load."

Andy White Wed, 08/01/2012 - 07:12


Did anyone manage to import the load % into Solarwinds in the end, looks like the CPU is possible, but the Load is the most important one in my eyes?



This Discussion