Matthew,
I use the standard cisco Imapper PIX MIB witch I have dowloaded from the
Imappersite ( http://www.intermapper.com/contrib/customprobes.html`)
When I uses erros it will generate a alarm but I want to refine especially
for the pix.
I have now a map of our pix with interfaces (vlans) and attached devices.
It would be a good thing that I can monitor the pix every 15 sec and de
attached devices every 2 minutes. That would increases performace be a good
thing for all my maps.
witch regards Hans
<!--
SNMP - Cisco Pix (com.ecornell.snmp.cisco.pix)
Copyright (c) 2004 eCornell/TILS. All rights reserved.
created on 6/21/04 by mwillis
-->
<header>
"type" = "custom-snmp"
"package" = "com.ecornell"
"probe_name" = "snmp.cisco.pix"
"human_name" = "SNMP - Cisco Pix"
"version" = "2.0"
"address_type" = "IP"
"port_number" = "161"
</header>
<description>
\b0\SNMP - Cisco Pix\p0\
This probe monitors the CPU and Memory utilization and number of
connections of a Cisco PIX Firewall.
\i0\CPU Busy - Alarm\p0\ is the ALARM threshold for CPU utilization. If the
average percentage of CPU usage exceeds this threshold, the device will
enter the Alarm state.
\i0\CPU Busy - Warning\p0\ is the WARNING threshold for CPU utilization. If
the average percentage of CPU usage exceeds this threshold, the device will
enter the Warning state.
\i0\Low Memory - Alarm\p0\ is the ALARM threshold for the amount of free
memory remaining (in bytes). If the free memory drops below this threshold,
the device will enter the Alarm state.
\i0\Low Memory - Warning\p0\ is the WARNING threshold for the amount of
free memory remaining (in bytes). If the free memory drops below this
threshold, the device will enter the Warning state.
\i0\Connections - Alarm\p0\ is the ALARM threshold for the number of
connections. If the number of connections exceeds this threshold, the
device will enter the Alarm state.
\i0\Connections - Warning\p0\ is the WARNING threshold for the number of
connections. If the number of connections exceeds this threshold, the
device will enter the Alarm state.
</description>
<parameters>
"CPU Busy - Alarm" = "90"
"CPU Busy - Warning" = "75"
"Low Memory - Alarm" = "32000000"
"Low Memory - Warning" = "56000000"
"Connections - Alarm" = "25000"
"Connections - Warning" = "10000"
</parameters>
<snmp-device-variables>
-- MIB Variable -- -- OID --
-- TYPE -- -- LEGEND --
totalConnections, 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6,
default, "number of connections currently in use"
ciscoMemoryPoolFree, 1.3.6.1.4.1.9.9.48.1.1.1.5.1,
default, "Low Memory"
cpmCPUTotal5sec, 1.3.6.1.4.1.9.9.109.1.1.1.1.3.1,
Total-Valuation, "CPU Busy % (5 sec.)"
cpmCPUTotal1min, 1.3.6.1.4.1.9.9.109.1.1.1.1.4.1,
Total-Valuation, "Avg. CPU Busy % (1 min.)"
cpmCPUTotal5min, 1.3.6.1.4.1.9.9.109.1.1.1.1.5.1,
Total-Valuation, "Avg. CPU Busy % (5 min.)"
</snmp-device-variables>
<snmp-device-thresholds>
alarm: ${cpmCPUTotal5sec} > ${CPU Busy -
Alarm} "Critically high CPU utilization"
alarm: ${totalConnections} > ${Connections -
Alarm} "Critically high # of connections"
alarm: ${ciscoMemoryPoolFree} < ${Low Memory - Alarm}
"Critically low Memory Free"
warning: ${cpmCPUTotal5sec} > ${CPU Busy - Warning}
"High CPU utilization"
warning: ${totalConnections} > ${Connections -
Warning} "High # of connections"
warning: ${ciscoMemoryPoolFree} < ${Low Memory - Warning}
"Low Memory Free"
</snmp-device-thresholds>
<snmp-device-display>
\b5\Cisco Pix Status\0p\
\4\CPU Percent Busy:\0\ ${cpmCPUTotal5sec} % \3ig\(of last 5 seconds)
\p0m\
\4\Avg. CPU % Busy:\0\ ${cpmCPUTotal1min} % \3ig\(1 min.)\p0m\,
${cpmCPUTotal5min} % \3ig\(5 min.)\p0m\
\4\Available Memory:\0\ ${ciscoMemoryPoolFree} bytes
\4\Connections:\0\ ${totalConnections} connections
</snmp-device-display>
|---------+------------------------------------>
| | Matthew Willis |
| | <[EMAIL PROTECTED]> |
| | Sent by: |
| | <[EMAIL PROTECTED]|
| | rtware.com> |
| | |
| | |
| | 20-12-2004 12:24 |
| | Please respond to |
| | "InterMapper Discussion" |
| | |
|---------+------------------------------------>
>-------------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: "InterMapper Discussion"
<[EMAIL PROTECTED]>
|
| cc:
|
| Subject: Re: [IM-Talk] request for a discard alarm
|
>-------------------------------------------------------------------------------------------------------------------------------------|
Hans,
What SNMP variable are you using to monitor discards on your Pix?
-lilmatt
--
Matthew Willis
Director, Information Technology
eCornell
On Dec 20, 2004, at 6:12 AM, Hans Heger wrote:
> Hi,
>
> We uses monitor our pix-firewall and de number of discard is a
> indication
> of a attack ore denied traffic.
> In Im 4.2.3 is it not possible to notify because there is no way to
> create
> a threshold for discards.
> It would also be nice in the standard snmp-probe to monitor servers (
> menu
> -> device threshold)
>
> with regards, Hans Heger RIVM the Netherlands
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
____________________________________________________________________
List archives:
http://www.mail-archive.com/intermapper-talk%40list.dartware.com/
To unsubscribe: send email to: [EMAIL PROTECTED]
