Hi Philip,

I am trying to build the same  using the below script

#!/usr/bin/perl

######

1. LAN2LAN Traffic Perl Script

2. Created by Dan

3. This script will walk the LAN2LAN sessions on a Cisco VPN3000 and return RX/TX                                                                              Octets

4. based on a session IP search criteria

#

1. Usage: lan2lantraffic.pl community host sessionip rx|tx

2. Session IP is the IP of the LAN2LAN session

3. You must supply tx or rx fields for output octets

######

use Switch;

use Net::SNMP;

1. Set variables based on input parameters

$community      = $ARGV[0];

$host           = $ARGV[1];

$sessionip      = $ARGV[2];

$flow           = $ARGV[3];

1. Set OID variables

$alActiveSessionIpAddressOID    = "1.3.6.1.4.1.3076.2.1.2.17.2.1.4.";

$alActiveSessionOctetsRcvd              = "1.3.6.1.4.1.3076.2.1.2.17.2.1.10.";

$alActiveSessionOctetsSent              = "1.3.6.1.4.1.3076.2.1.2.17.2.1.9.";

1. Check variables to make sure data is there

if(!$community||!$host||!$sessionip||!$flow){

        print "Not all parameters filled.\n";

        print "Usage: lan2lantraffic.pl community host sessionip tx|rx\n";

        exit;

}

1. Create SNMP Session

($session, $error) = Net::SNMP->session(-hostname=>$host,-community=>$community,                                                                             -port=>161);

die "session error: $error" unless ($session);

1. Walk alActiveSessionIpAddress for list of active session OIDs

%result = $session->get_table($alActiveSessionIpAddressOID);

die "request error: ".$session->error unless (defined %result);

1. Grab the oids and stick it into an array (ghetto)

@indexoids = $session->var_bind_names;

1. Loop through the oid array and make a seperate request to get the data (even m                                                                             ore ghetto)

foreach $oid (@indexoids){

1. Split the full OID to get the index

        @splits = split($alActiveSessionIpAddressOID,$oid);

1. Set index var

        $dataindex = @splits[1];

1. Grab a hash of the IP address from the OID

        $getdata = $session->get_request($oid);

1. Take the oid index and the returned value and create a hash

1. This is your datatable with index => ipaddress

        $datatable{$dataindex} = $getdata->{$oid};

}

1. Search datatable for session ip parameter

foreach $key (sort keys (%datatable)){

        #print "$key => $datatable{$key}\n";

        if($datatable{$key} == $sessionip){

1. We have a match, set output index

                $outindex = $key;

        } else {

1. No match, no data

        }

}

1. We now have an index of a matching session ip, lets grab the data

1. Get session traffic octect based on index and flow (tx or rx)

switch ($flow){

        case 'rx' {     # Set output to RX Octets (alActiveSessionOctetsRcvd)

                $outdata = $session->get_request($alActiveSessionOctetsRcvd.$out                                                                             index);

                $output = $outdata->{$alActiveSessionOctetsRcvd.$outindex};

        }

        case 'tx' {     # Set output to TX Octets (alActiveSessionOctetsSent)

                $outdata = $session->get_request($alActiveSessionOctetsSent.$out                                                                             index);

                $output = $outdata->{$alActiveSessionOctetsSent.$outindex};

        }

}

1. Close SNMP session

$session->close;

1. Output data cleanly

chomp($output);

print $output;

Regards,

Vaibhav Narula

Alex:

I will note that v4 enterprise has very good support for ASA monitoring.

Best,

--Shane Scott (Hackman238)

Alex:

It doesn't appear to. It does graph traffic for each Vlan, model the peers and track HA status.

Best,

--Shane Scott (Hackman238)

Shane: thanks for the insight! and Enterprise costs...

Philipp: I wish I had the necessary know how to help developing this. But I will keep watching this thread and I will be happy to perfrom beta tests if needed. Thanks in advance for your time!

I have done something like this in my Juniper ZenPack that models and collects data for VLANs and VPNs - see docs/DOC-10328 .  It uses SNMP to gather the data.  It has both modeler plugins to collect configuration info and performance templates to give you graphs.

What we would need are the SNMP OIDs that provide the data.  This is often fairly complex requiring data from several SNMP tables.  I don't have any of these devices but I might find time to provide some ZenPack coding skills if someone else finds the appropriate SNMP OIDs and can provide some test systems.

Anyone interested in a collaborative project?

Cheers,

Jane