Archived community.zenoss.org | full text search
Skip navigation
17357 Views 10 Replies Latest reply: Jun 29, 2010 2:07 PM by istoptofly RSS
Matt Ray Rank: Zen Master 2,484 posts since
Apr 5, 2008
Currently Being Moderated

May 17, 2010 2:39 PM

New Cisco ASA VPN ZenPack

Thanks to ZenMaster Mike Albon for generously providing his new Cisco ASA VPN ZenPack.  This SNMP-based ZenPack monitors Cisco ASA VPN devices.  It provides a  ASAVPN template in the /Devices/Network/Cisco/ASA Device Class that graphs:

  • Packets
  • Octets
  • Connection  Counts

 

Thanks Mike!

  • ionut1985 Rank: White Belt 72 posts since
    Jun 25, 2008
    Currently Being Moderated
    1. Jun 28, 2010 4:21 PM (in response to Matt Ray)
    Re: New Cisco ASA VPN ZenPack

    im  getting this error on new installation of 2.5.2

     

    zenpack  --install=ZenPacks.community.CiscoASAVPN-1.1-py2.4.egg
    2010-06-28  16:08:47,880 INFO zen.ZPLoader: Loading  /usr/local/zenoss/zenoss/ZenPacks/ZenPacks.community.CiscoASAVPN-1.1-py2.4.egg/ZenPacks/community/CiscoASAVPN/objects/objects.xml
    2010-06-28  16:08:47,904 WARNING zen.AddToPack: Unable to find context path  /zport/dmd/Devices/Network/Cisco/ASA/rrdTemplates (line 4 ?) for ASAVPN
    2010-06-28  16:08:47,905 WARNING zen.AddToPack: Not committing any changes
    ERROR:  zenpack command failed. Reason: Exception: Unable to create object  using the following attributes:
      * id:  /zport/dmd/Devices/Network/Cisco/ASA/rrdTemplates/ASAVPN
      * module:  Products.ZenModel.RRDTemplate
      * class: RRDTemplate

  • istoptofly Rank: Green Belt 305 posts since
    Apr 20, 2010
    Currently Being Moderated
    2. Jun 28, 2010 4:23 PM (in response to ionut1985)
    Re: New Cisco ASA VPN ZenPack

    Hi,

     

    REQUIREMENTS:

    • Zenoss Version: 2.4
    • ZenPack Dependencies:
    • External Dependencies:
    • Installation: create the /Devices/Network/Cisco/ASA Device Class before installing.

     

    Did you create the class first?

     

    John

  • ionut1985 Rank: White Belt 72 posts since
    Jun 25, 2008
    Currently Being Moderated
    3. Jun 28, 2010 4:29 PM (in response to istoptofly)
    Re: New Cisco ASA VPN ZenPack

    That solved it, thank you

  • ionut1985 Rank: White Belt 72 posts since
    Jun 25, 2008
    Currently Being Moderated
    4. Jun 28, 2010 5:05 PM (in response to ionut1985)
    Re: New Cisco ASA VPN ZenPack

    i dont see any graphs after i took a look at the template i noticed that the datasources have no oids.. is this right?

     

    the log says:

     

    Pulled process status for 0 devices and 0 processes

     

     

    i have 2 devices in:

     

    /Devices /Network /Cisco /ASA

  • istoptofly Rank: Green Belt 305 posts since
    Apr 20, 2010
    Currently Being Moderated
    5. Jun 29, 2010 10:36 AM (in response to ionut1985)
    Re: New Cisco ASA VPN ZenPack

    Did you restart Zope after installing the zenpack?  It doesn't say but restarting zenoss isn't a bad idea after installing a zenpack too.

     

    John

  • ionut1985 Rank: White Belt 72 posts since
    Jun 25, 2008
    Currently Being Moderated
    6. Jun 29, 2010 10:54 AM (in response to istoptofly)
    Re: New Cisco ASA VPN ZenPack

    yes i did but its still the same thing, could you maybe post the oids for the datasources?

  • istoptofly Rank: Green Belt 305 posts since
    Apr 20, 2010
    Currently Being Moderated
    7. Jun 29, 2010 11:16 AM (in response to ionut1985)
    Re: New Cisco ASA VPN ZenPack

    Well I just loaded it up in my QA box and I don't have any OID's listed either.  Must be an oversight.  You may be able to find the OIDs by doing snmpwalks by name instead of OID.  For instance, and I don't have an ASA I can test with right now, snmpwalk -v 2c -c rocommunity hostname/ip (count, indrops, inoctets, etc. but no parenthesis and only one parameter at a time) - does that return you the OID?

     

    John

  • istoptofly Rank: Green Belt 305 posts since
    Apr 20, 2010
    Currently Being Moderated
    8. Jun 29, 2010 11:20 AM (in response to istoptofly)
    Re: New Cisco ASA VPN ZenPack

    Scratch that, the names don't seem to reflect the object name after all.  I'll do some more digging.  Which ASA do you have and what version IOS?

     

    John

  • ionut1985 Rank: White Belt 72 posts since
    Jun 25, 2008
    Currently Being Moderated
    9. Jun 29, 2010 11:22 AM (in response to istoptofly)
    Re: New Cisco ASA VPN ZenPack

    i got 5510 5520 and 5550

     

    ASA Version 8.0(4)37

  • istoptofly Rank: Green Belt 305 posts since
    Apr 20, 2010
    Currently Being Moderated
    10. Jun 29, 2010 2:07 PM (in response to ionut1985)
    Re: New Cisco ASA VPN ZenPack

    This is what I found -

     

    cfwConnectionStatCount       1.3.6.1.4.1.9.9.147.1.2.2.2.1.4 Counter32 (count)
    ifInDiscards                               1.3.6.1.2.1.2.2.1.13                Counter32 (indrops)
    ifInOctets                                  1.3.6.1.2.1.2.2.1.10                Counter32 (inoctets)
    ifInUcastPkts                             1.3.6.1.2.1.2.2.1.11               Counter32 (inpkts - unicast)
    ifOutOctets                               1.3.6.1.2.1.2.2.1.16                Counter32 (outoctets)
    ifOutDiscards                            1.3.6.1.2.1.2.2.1.19                Counter32 (outdrops)
    ifOutUcastPkts                         1.3.6.1.2.1.2.2.1.17                 Counter32 (outpkts - unicast)
    There are also OID's for multicast in/out packets, along with many other things you might find valuable to add to the template.
    I was only able to find this for version 7 so try a snmpget with these against your ASA before loading them up in the template.  If the get doesn't work try a walk (as-is, dropping the last digit(s) and by object name) and see if you can find the correct OID's.
    GL!
    John

More Like This

  • Retrieving data ...