11-12-2008 12:01 PM - edited 03-10-2019 04:22 AM
Hi,
I have just had the AIP 10 IPS module installed onto my ASA 5520. I have now setup the SNMP and my SNMP server (solarwinds) can detect the CPU, Memory and sensors to monitor.
The problem I have is the SNMP server is getting data form the sensors but not data from the CPU or memory mibs, is something denying this from the IPS?
11-16-2008 12:08 AM
If you can get other data from the sensor, then the solarwinds product does not support the IDS cpu/memory MIB. We faced the same issue with BMC Dashboard/Entuity and we had to build a custom forumula for that.
Regards
Farrukh
11-21-2008 12:07 PM
Hi Farrukh, Hello All,
could you post the OIDs of the values your are monitoring? I'm very interested for the CPU status.
Looking at the SNMP navigator tool, I didn't found any list of supported MIBs on the IPS modules.
Thanks
Mathias
11-21-2008 10:24 PM
The following are some IDS mibs, Cisco forgot to link them on the MIBs page located at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-ENHANCED-MEMPOOL-MIB.my
ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-PROCESS-MIB.my
ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-CIDS-MIB.my
ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-CIDS-MIB.oid
ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-ENHANCED-MEMPOOL-MIB.oid
Here is the forula we are using to get the memory utlization percentage(in BMC Dashboard):
average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) / ( average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) + average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.7 ) ) * 100
Which translates to:
average ( select cempmempoolfree ) / ( average ( select cempmempoolfree ) + average ( select cempmempoolused ) ) * 100
I'm unable to find the formula for the CPU, but try loading the PROCESS mib for that.
average ( select 1.3.6.1.4.1.9.9.109.1.1.1.1.5 )
Please rate if helpful.
Regards
Farrukh
11-22-2008 02:00 AM
Hi,
So have you managed to monitor you CPU of your IPS?
So do you have to load the mibs into your snmp software?
11-22-2008 02:39 AM
We were not getting any valid data for the CPU in our IDSM-2. However the BMC development teams was able to get values in their simulation lab. The issue later died as we decided not to renew the BMC product for the next (Due to other reasons).
Yes I had to load the MIBs in the software.
Regards
Farrukh
11-22-2008 02:44 AM
Hi,
I use Orion Solarwinds, I really need to monitor my CPU and memory of the IPS as it can hit 100%.
Any other way?
11-22-2008 02:47 AM
If youa are running 6.1.x you can use the IPS Manager Express (IME) to monitor CPU/Memory.
Regards
Farrukh
11-22-2008 03:03 AM
That's what I'm using but I need some sort email alert as what can't look at that screen 24/7.
Solarwinds currently does this
11-22-2008 03:22 AM
Did you try polling the MIBs I gave you earlier?
Can you load external MIB files in Solarwinds?
Regards
Farrukh
11-22-2008 03:46 AM
Not sure if you can load those into solarwinds, will have to log a call with them.
They update their mib db all the time and boast having 100,000's in it. So surprising IPS isn't in it, but IDS is. I does an auto detection.
Thing it does detect the sensors and CPU and memory, but just doesn't gather data for the memory or cpu, but does for the sensors.
11-22-2008 07:10 AM
Thanks for the OID hints. I finally managed to get the CPU values from the AIP-IPS modules with:
host$ snmpwalk -v 2c -c
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.1 = INTEGER: 0
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.6.1 = Gauge32: 33
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.7.1 = Gauge32: 38
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.8.1 = Gauge32: 29
This looks quite the same like getting the value via the IPS CLI ("sh statistics host"):
CPU Statistics
Usage over last 5 seconds = 23
Usage over last minute = 38
Usage over last 5 minutes = 29
(Last 5 seconds differs since I can't set up both requests simultaniously for obvious reasons ;-).
Thanks a lot for your hints and the links!
I'll work futher on it to write NAGIOS check scripts...
Regards
Mathias
11-22-2008 11:07 PM
Its great that you have made progress mathias.
Please update us once you have the scripts :). And also please rate if you find any post helpful.
Regards
Farrukh
11-23-2008 09:25 AM
Nagios check scripts are running and can also be used just as Linux CLI tools:
host$ ./check_cisco_ips.pl -H
Cisco IPS CPU : 5sec = 13 %, 2min = 13 %, 5min = 18 % : OK
host$ ./check_cisco_ips.pl -H
Cisco IPS Memory : used = 977 MB, free = 1018 MB, utilization = 48 % : OK
host$ ./check_cisco_ips.pl -H
Cisco IPS Health : inactive = 0, memory critical = 0, packet loss = 0 %, packet deny rate = 0 % : OK
host$ ./check_cisco_ips_int.pl -H
ge0_1:Unpaired (in=597.9KBps/out=597.9KBps), ge0_0:UP (in=0.4KBps/out=4.1KBps) : 2 UP : OK
Tested with AIP-IPS-20 modules hosted in an ASA5540. May have still bugs, any feedback is welcome.
12-10-2008 02:23 AM
Minor bugfixes done. Attached the lastest scripts.
See also http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F2849.html;d=1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: