cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3185
Views
14
Helpful
16
Replies

Can't get SNMP data from ASA's AIP 10 IPS module

whiteford
Level 1
Level 1

Hi,

I have just had the AIP 10 IPS module installed onto my ASA 5520. I have now setup the SNMP and my SNMP server (solarwinds) can detect the CPU, Memory and sensors to monitor.

The problem I have is the SNMP server is getting data form the sensors but not data from the CPU or memory mibs, is something denying this from the IPS?

16 Replies 16

Farrukh Haroon
VIP Alumni
VIP Alumni

If you can get other data from the sensor, then the solarwinds product does not support the IDS cpu/memory MIB. We faced the same issue with BMC Dashboard/Entuity and we had to build a custom forumula for that.

Regards

Farrukh

Hi Farrukh, Hello All,

could you post the OIDs of the values your are monitoring? I'm very interested for the CPU status.

Looking at the SNMP navigator tool, I didn't found any list of supported MIBs on the IPS modules.

Thanks

Mathias

The following are some IDS mibs, Cisco forgot to link them on the MIBs page located at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-ENHANCED-MEMPOOL-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-PROCESS-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-CIDS-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-CIDS-MIB.oid

ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-ENHANCED-MEMPOOL-MIB.oid

Here is the forula we are using to get the memory utlization percentage(in BMC Dashboard):

average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) / ( average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) + average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.7 ) ) * 100

Which translates to:

average ( select cempmempoolfree ) / ( average ( select cempmempoolfree ) + average ( select cempmempoolused ) ) * 100

I'm unable to find the formula for the CPU, but try loading the PROCESS mib for that.

average ( select 1.3.6.1.4.1.9.9.109.1.1.1.1.5 )

Please rate if helpful.

Regards

Farrukh

Hi,

So have you managed to monitor you CPU of your IPS?

So do you have to load the mibs into your snmp software?

We were not getting any valid data for the CPU in our IDSM-2. However the BMC development teams was able to get values in their simulation lab. The issue later died as we decided not to renew the BMC product for the next (Due to other reasons).

Yes I had to load the MIBs in the software.

Regards

Farrukh

Hi,

I use Orion Solarwinds, I really need to monitor my CPU and memory of the IPS as it can hit 100%.

Any other way?

If youa are running 6.1.x you can use the IPS Manager Express (IME) to monitor CPU/Memory.

Regards

Farrukh

That's what I'm using but I need some sort email alert as what can't look at that screen 24/7.

Solarwinds currently does this

Did you try polling the MIBs I gave you earlier?

Can you load external MIB files in Solarwinds?

Regards

Farrukh

Not sure if you can load those into solarwinds, will have to log a call with them.

They update their mib db all the time and boast having 100,000's in it. So surprising IPS isn't in it, but IDS is. I does an auto detection.

Thing it does detect the sensors and CPU and memory, but just doesn't gather data for the memory or cpu, but does for the sensors.

Thanks for the OID hints. I finally managed to get the CPU values from the AIP-IPS modules with:

host$ snmpwalk -v 2c -c 1.3.6.1.4.1.9.9.109.1.1.1.1

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.1 = INTEGER: 0

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.6.1 = Gauge32: 33

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.7.1 = Gauge32: 38

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.8.1 = Gauge32: 29

This looks quite the same like getting the value via the IPS CLI ("sh statistics host"):

CPU Statistics

Usage over last 5 seconds = 23

Usage over last minute = 38

Usage over last 5 minutes = 29

(Last 5 seconds differs since I can't set up both requests simultaniously for obvious reasons ;-).

Thanks a lot for your hints and the links!

I'll work futher on it to write NAGIOS check scripts...

Regards

Mathias

Its great that you have made progress mathias.

Please update us once you have the scripts :). And also please rate if you find any post helpful.

Regards

Farrukh

Nagios check scripts are running and can also be used just as Linux CLI tools:

host$ ./check_cisco_ips.pl -H -C -2 -T cpu -w 70%,50%,40% -c 90%,70%,50%

Cisco IPS CPU : 5sec = 13 %, 2min = 13 %, 5min = 18 % : OK

host$ ./check_cisco_ips.pl -H -C -2 -T mem -w 60% -c 80%

Cisco IPS Memory : used = 977 MB, free = 1018 MB, utilization = 48 % : OK

host$ ./check_cisco_ips.pl -H -C -2 -T health -w 1,0,1,1 -c 0,1,5,5

Cisco IPS Health : inactive = 0, memory critical = 0, packet loss = 0 %, packet deny rate = 0 % : OK

host$ ./check_cisco_ips_int.pl -H -C -2 -n ge0_[0,1] -k -w 10000,10000 -c 20000,20000 --label

ge0_1:Unpaired (in=597.9KBps/out=597.9KBps), ge0_0:UP (in=0.4KBps/out=4.1KBps) : 2 UP : OK

Tested with AIP-IPS-20 modules hosted in an ASA5540. May have still bugs, any feedback is welcome.

Minor bugfixes done. Attached the lastest scripts.

See also http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F2849.html;d=1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: