New Cisco ASA VPN ZenPack

Archived community.zenoss.org | full text search

Skip navigation

Up to Discussions in zenoss-zenpacks

17357 Views 10 Replies Latest reply: Jun 29, 2010 2:07 PM by istoptofly

Matt Ray

2,484 posts since
Apr 5, 2008

Currently Being Moderated

May 17, 2010 2:39 PM

Thanks to ZenMaster Mike Albon for generously providing his new Cisco ASA VPN ZenPack. This SNMP-based ZenPack monitors Cisco ASA VPN devices. It provides a ASAVPN template in the /Devices/Network/Cisco/ASA Device Class that graphs:

Packets
Octets
Connection Counts

Thanks Mike!

Like (0)

Tags: cisco, vpn, asa

ionut1985
72 posts since
Jun 25, 2008

Currently Being Moderated

1. Jun 28, 2010 4:21 PM (in response to Matt Ray)
Re: New Cisco ASA VPN ZenPack

im getting this error on new installation of 2.5.2

zenpack --install=ZenPacks.community.CiscoASAVPN-1.1-py2.4.egg
2010-06-28 16:08:47,880 INFO zen.ZPLoader: Loading /usr/local/zenoss/zenoss/ZenPacks/ZenPacks.community.CiscoASAVPN-1.1-py2.4.egg/ZenPacks/community/CiscoASAVPN/objects/objects.xml
2010-06-28 16:08:47,904 WARNING zen.AddToPack: Unable to find context path /zport/dmd/Devices/Network/Cisco/ASA/rrdTemplates (line 4 ?) for ASAVPN
2010-06-28 16:08:47,905 WARNING zen.AddToPack: Not committing any changes
ERROR: zenpack command failed. Reason: Exception: Unable to create object using the following attributes:
* id: /zport/dmd/Devices/Network/Cisco/ASA/rrdTemplates/ASAVPN
* module: Products.ZenModel.RRDTemplate
* class: RRDTemplate

Report Abuse

Like (0)
istoptofly
305 posts since
Apr 20, 2010

Currently Being Moderated

2. Jun 28, 2010 4:23 PM (in response to ionut1985)
Re: New Cisco ASA VPN ZenPack

Hi,

REQUIREMENTS:
Zenoss Version: 2.4
ZenPack Dependencies:
External Dependencies:
Installation: create the /Devices/Network/Cisco/ASA Device Class before installing.

Did you create the class first?

John

Report Abuse

Like (0)
ionut1985
72 posts since
Jun 25, 2008

Currently Being Moderated

3. Jun 28, 2010 4:29 PM (in response to istoptofly)
Re: New Cisco ASA VPN ZenPack

That solved it, thank you

Report Abuse

Like (0)
ionut1985
72 posts since
Jun 25, 2008

Currently Being Moderated

4. Jun 28, 2010 5:05 PM (in response to ionut1985)
Re: New Cisco ASA VPN ZenPack

i dont see any graphs after i took a look at the template i noticed that the datasources have no oids.. is this right?

the log says:

Pulled process status for 0 devices and 0 processes

i have 2 devices in:

/Devices /Network /Cisco /ASA

Report Abuse

Like (0)
istoptofly
305 posts since
Apr 20, 2010

Currently Being Moderated

5. Jun 29, 2010 10:36 AM (in response to ionut1985)
Re: New Cisco ASA VPN ZenPack

Did you restart Zope after installing the zenpack? It doesn't say but restarting zenoss isn't a bad idea after installing a zenpack too.

John

Report Abuse

Like (0)
ionut1985
72 posts since
Jun 25, 2008

Currently Being Moderated

6. Jun 29, 2010 10:54 AM (in response to istoptofly)
Re: New Cisco ASA VPN ZenPack

yes i did but its still the same thing, could you maybe post the oids for the datasources?

Report Abuse

Like (0)
istoptofly
305 posts since
Apr 20, 2010

Currently Being Moderated

7. Jun 29, 2010 11:16 AM (in response to ionut1985)
Re: New Cisco ASA VPN ZenPack

Well I just loaded it up in my QA box and I don't have any OID's listed either. Must be an oversight. You may be able to find the OIDs by doing snmpwalks by name instead of OID. For instance, and I don't have an ASA I can test with right now, snmpwalk -v 2c -c rocommunity hostname/ip (count, indrops, inoctets, etc. but no parenthesis and only one parameter at a time) - does that return you the OID?

John

Report Abuse

Like (0)
istoptofly
305 posts since
Apr 20, 2010

Currently Being Moderated

8. Jun 29, 2010 11:20 AM (in response to istoptofly)
Re: New Cisco ASA VPN ZenPack

Scratch that, the names don't seem to reflect the object name after all. I'll do some more digging. Which ASA do you have and what version IOS?

John

Report Abuse

Like (0)
ionut1985
72 posts since
Jun 25, 2008

Currently Being Moderated

9. Jun 29, 2010 11:22 AM (in response to istoptofly)
Re: New Cisco ASA VPN ZenPack

i got 5510 5520 and 5550

ASA Version 8.0(4)37

Report Abuse

Like (0)
istoptofly
305 posts since
Apr 20, 2010

Currently Being Moderated

10. Jun 29, 2010 2:07 PM (in response to ionut1985)
Re: New Cisco ASA VPN ZenPack

This is what I found -

cfwConnectionStatCount       1.3.6.1.4.1.9.9.147.1.2.2.2.1.4 Counter32 (count)
ifInDiscards                               1.3.6.1.2.1.2.2.1.13                Counter32 (indrops)
ifInOctets                                  1.3.6.1.2.1.2.2.1.10                Counter32 (inoctets)
ifInUcastPkts                             1.3.6.1.2.1.2.2.1.11               Counter32 (inpkts - unicast)
ifOutOctets                               1.3.6.1.2.1.2.2.1.16                Counter32 (outoctets)
ifOutDiscards                            1.3.6.1.2.1.2.2.1.19                Counter32 (outdrops)
ifOutUcastPkts                         1.3.6.1.2.1.2.2.1.17                 Counter32 (outpkts - unicast)

From here - http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.4.1.9.9.147.1.2.2.2.1.4&translate=Translate&submitValue=SUBMIT&submitClicked=true

There are also OID's for multicast in/out packets, along with many other things you might find valuable to add to the template.

I was only able to find this for version 7 so try a snmpget with these against your ASA before loading them up in the template. If the get doesn't work try a walk (as-is, dropping the last digit(s) and by object name) and see if you can find the correct OID's.

GL!

John

Report Abuse

Like (0)

Go to original post

May 17, 2010 2:39 PM

New Cisco ASA VPN ZenPack

Actions

More Like This

Incoming Links