Solved

SNMP OID for a Cisco ASA Firewalll for Interfaces defined as "inside" and "outside"

Posted on 2010-09-10
7
2,968 Views
Last Modified: 2012-05-10
Question: I am trying to extract SNMP stats for interfaces on a CISCO PIX. I have the OID for the Interface description but, this does not contain any stats for traffic.

Whats is the OID for the physical interfaces showing traffic throughput - mainly for "inside" and "outside"
I have been returned the answer below but as it says this is only
a description. What is the OID for actual traffic in/out of the interafces  
OID for "INSIDE"
1.3.6.1.2.1.2.2.1.2
Instance:  2
Label:  iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
0
Comment
Question by:ccfcfc
  • 5
  • 2
7 Comments
 
LVL 28

Expert Comment

by:bgoering
ID: 33650968
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33650981
You should be able to monitor with MRTG - it will extract the OIDs for you and track bandwidth/throughput over time
0
 

Author Comment

by:ccfcfc
ID: 33660401
Yes those OID's returned are exactly as I said, a description they dont contain any vales I can use in a formual to calculate traffic on the 2 interafecs "outside" and "inside"

What is MTRG  ? I can walk the whole mid wib with a WIB Walker but I need to know the MID values for both interfaces. Any monitoring application will need to know what MIB you want to report on surely ?


0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 28

Expert Comment

by:bgoering
ID: 33662513
MRTG is a free application that monitors traffic throughput through interfaces. See http://oss.oetiker.ch/mrtg/

For the PIX/ASA this document (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a13.shtml) has a description of most of what can be monitored including links to the MIB information.

Note that SNMPv1 will return 32 bit counters - these will roll over fairly frequently in a high traffic environment so you may want to use SNMPv2 to get the 64-bit counters.

Good Luck
0
 

Author Comment

by:ccfcfc
ID: 33671547
MRTG - thanks for the link to this. Looks very interesting indeed. What are the restrictions if any for reporting ion this. Any on reporting frequency , alertign ?

I can walk an SNMP MIB and extract all information. What I am looking for is the OID that contains information concerning data volumes through interfaces. I was provided with an OID that is :-
iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr
But as it says this is solely a description and does not contain any value I can use to graph
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 33672850
There are no restrictions for MRTG - I would set it up, let it add the ASA device (there is a perl script called cfgmaker to do that) and see what it comes up with for sampling the throughput.

When it runs it creates some graphs and statistics for utilization over daily (5 minute averages), weekly (30 minute averages), Monthly (2 hour), and Yearly (1 day). See Screenshot

It saves the samples in text files that I suppose you could run any type of application to report from.

I have not tried to run it directly against a PIX or ASA - but I do run it extensively against routers and switches in order to determine throughput - so if for some reason it won't work against your firewall you could always run it against the switch port the firewall is plugged into. Should work fine except that the input/output numbers would be reversed.

As far as the various counters you might look at iso.org.dod.internet.mgmt.mib-2.interfaces.  

interfaces.ifTable.ifEntry.ifInOctets.#
interfaces.ifTable.ifEntry.ifInUcastPkts.#
interfaces.ifTable.ifEntry.ifInNUcastPkts.#
interfaces.ifTable.ifEntry.ifInDiscards.#
interfaces.ifTable.ifEntry.ifInErrors.#
interfaces.ifTable.ifEntry.ifOutOctets.#
interfaces.ifTable.ifEntry.ifOutUcastPkts.#
interfaces.ifTable.ifEntry.ifOutNUcastPkts.#
interfaces.ifTable.ifEntry.ifOutDiscards.#
interfaces.ifTable.ifEntry.ifOutErrors.#

Where '#' is the interface number


mrtg-sample.jpg
0
 
LVL 28

Expert Comment

by:bgoering
ID: 33672866
whoops - had an extra "interfaces." keyword above, I really should proofread
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now