Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't get SNMP data from ASA's AIP 10 IPS module

Hi,

I have just had the AIP 10 IPS module installed onto my ASA 5520. I have now setup the SNMP and my SNMP server (solarwinds) can detect the CPU, Memory and sensors to monitor.

The problem I have is the SNMP server is getting data form the sensors but not data from the CPU or memory mibs, is something denying this from the IPS?

16 REPLIES

Re: Can't get SNMP data from ASA's AIP 10 IPS module

If you can get other data from the sensor, then the solarwinds product does not support the IDS cpu/memory MIB. We faced the same issue with BMC Dashboard/Entuity and we had to build a custom forumula for that.

Regards

Farrukh

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Hi Farrukh, Hello All,

could you post the OIDs of the values your are monitoring? I'm very interested for the CPU status.

Looking at the SNMP navigator tool, I didn't found any list of supported MIBs on the IPS modules.

Thanks

Mathias

Re: Can't get SNMP data from ASA's AIP 10 IPS module

The following are some IDS mibs, Cisco forgot to link them on the MIBs page located at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-ENHANCED-MEMPOOL-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-PROCESS-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/v2/CISCO-CIDS-MIB.my

ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-CIDS-MIB.oid

ftp://ftp-sj.cisco.com/pub/mibs/oid/CISCO-ENHANCED-MEMPOOL-MIB.oid

Here is the forula we are using to get the memory utlization percentage(in BMC Dashboard):

average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) / ( average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.8 ) + average ( select 1.3.6.1.4.1.9.9.221.1.1.1.1.7 ) ) * 100

Which translates to:

average ( select cempmempoolfree ) / ( average ( select cempmempoolfree ) + average ( select cempmempoolused ) ) * 100

I'm unable to find the formula for the CPU, but try loading the PROCESS mib for that.

average ( select 1.3.6.1.4.1.9.9.109.1.1.1.1.5 )

Please rate if helpful.

Regards

Farrukh

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Hi,

So have you managed to monitor you CPU of your IPS?

So do you have to load the mibs into your snmp software?

Re: Can't get SNMP data from ASA's AIP 10 IPS module

We were not getting any valid data for the CPU in our IDSM-2. However the BMC development teams was able to get values in their simulation lab. The issue later died as we decided not to renew the BMC product for the next (Due to other reasons).

Yes I had to load the MIBs in the software.

Regards

Farrukh

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Hi,

I use Orion Solarwinds, I really need to monitor my CPU and memory of the IPS as it can hit 100%.

Any other way?

Re: Can't get SNMP data from ASA's AIP 10 IPS module

If youa are running 6.1.x you can use the IPS Manager Express (IME) to monitor CPU/Memory.

Regards

Farrukh

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

That's what I'm using but I need some sort email alert as what can't look at that screen 24/7.

Solarwinds currently does this

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Did you try polling the MIBs I gave you earlier?

Can you load external MIB files in Solarwinds?

Regards

Farrukh

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Not sure if you can load those into solarwinds, will have to log a call with them.

They update their mib db all the time and boast having 100,000's in it. So surprising IPS isn't in it, but IDS is. I does an auto detection.

Thing it does detect the sensors and CPU and memory, but just doesn't gather data for the memory or cpu, but does for the sensors.

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Thanks for the OID hints. I finally managed to get the CPU values from the AIP-IPS modules with:

host$ snmpwalk -v 2c -c 1.3.6.1.4.1.9.9.109.1.1.1.1

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.2.1 = INTEGER: 0

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.6.1 = Gauge32: 33

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.7.1 = Gauge32: 38

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.8.1 = Gauge32: 29

This looks quite the same like getting the value via the IPS CLI ("sh statistics host"):

CPU Statistics

Usage over last 5 seconds = 23

Usage over last minute = 38

Usage over last 5 minutes = 29

(Last 5 seconds differs since I can't set up both requests simultaniously for obvious reasons ;-).

Thanks a lot for your hints and the links!

I'll work futher on it to write NAGIOS check scripts...

Regards

Mathias

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Its great that you have made progress mathias.

Please update us once you have the scripts :). And also please rate if you find any post helpful.

Regards

Farrukh

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Nagios check scripts are running and can also be used just as Linux CLI tools:

host$ ./check_cisco_ips.pl -H -C -2 -T cpu -w 70%,50%,40% -c 90%,70%,50%

Cisco IPS CPU : 5sec = 13 %, 2min = 13 %, 5min = 18 % : OK

host$ ./check_cisco_ips.pl -H -C -2 -T mem -w 60% -c 80%

Cisco IPS Memory : used = 977 MB, free = 1018 MB, utilization = 48 % : OK

host$ ./check_cisco_ips.pl -H -C -2 -T health -w 1,0,1,1 -c 0,1,5,5

Cisco IPS Health : inactive = 0, memory critical = 0, packet loss = 0 %, packet deny rate = 0 % : OK

host$ ./check_cisco_ips_int.pl -H -C -2 -n ge0_[0,1] -k -w 10000,10000 -c 20000,20000 --label

ge0_1:Unpaired (in=597.9KBps/out=597.9KBps), ge0_0:UP (in=0.4KBps/out=4.1KBps) : 2 UP : OK

Tested with AIP-IPS-20 modules hosted in an ASA5540. May have still bugs, any feedback is welcome.

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

Minor bugfixes done. Attached the lastest scripts.

See also http://www.nagiosexchange.org/cgi-bin/page.cgi?g=Detailed%2F2849.html;d=1

New Member

Re: Can't get SNMP data from ASA's AIP 10 IPS module

FYI, there is currently a feature request open to add SNMP information regarding the IPS inspection load:

"CSCsu08529 Unable to monitor sensor health via SNMP.

This is not a bug, this is an enhancement request to add SNMP OIDs to

retrieve sensor health data such as the inspection load."

New Member

Can't get SNMP data from ASA's AIP 10 IPS module

Hi,

Did anyone manage to import the load % into Solarwinds in the end, looks like the CPU is possible, but the Load is the most important one in my eyes?

Thanks

2243
Views
14
Helpful
16
Replies