Hi Shane,
I had a whole lot of trouble getting MRTG to talk to the non-standard
SNMP port (260/udp). Instead, I created a few very simple perl scripts,
which use the Net::SNMP module to grab one or two stats at a time.
All you need to do is write a script that returns two integers (which
can both be the same) to stdout, then specify the script within
backticks in the Target[xyz]: section in your MRTG config. Here's my
most simple example:
MRTG cfg (substitute in a hostname at <hostname>)...
========= snip ==========
Title[fwacc]: <hostname> Accepted FW-1 packets
Target[fwacc]: `/usr/local/mrtg/fw-1-conns/gw-packets-accepted.pl
<hostname>`
PageTop[fwacc]: <H1><hostname> Accepted FW-1 Packets</H1>
<P>This graph displays the number of accepted Firewall-1 packets
through <hostname>.
YLegend[fwacc]: packets/sec
ShortLegend[fwacc]: ;
Legend1[fwacc]: Firewall-1 Accepts
Legend2[fwacc]: Firewall-1 Accepts
LegendI[fwacc]: used:
LegendO[fwacc]:
Options[fwacc]: noo
WithPeak[fwacc]: wmy
MaxBytes[fwacc]: 400000
AbsMax[fwacc]: 1000000
===================
and the perl code (I admit I'm not much of a perl coder BTW):
========= snip ==========
#!/usr/local/perl-5.8.3/bin/perl
use strict;
use Net::SNMP;
my $hostname=$ARGV[0] || die "Hostname not specified\m";
# Might want to to some hostname sanity checking here. I normally do,
but cut the code
# out cause it had site-specific stuff in it...
my ($session, $error) = Net::SNMP->session(
-hostname => $hostname,
-community => 'public',
-port => 260
);
if (!defined($session)) {
printf("ERROR: %s.\n", $error);
exit 1;
}
my $packets_accepted = '1.3.6.1.4.1.2620.1.1.4.0';
my $result = $session->get_request(
-varbindlist => [$packets_accepted]
);
printf ("%s\n",$result->{$packets_accepted});
printf ("%s\n",$result->{$packets_accepted});
warn ("$result->{$packets_accepted}\n");
$session->close;
===================
Hope that's useful,
Dave.
Shane Presley wrote:
This is related to my previous email about monitoring a FW-1 system
for throughput. Thanks for the comments. I've made some progress
getting SmartView Monitor to do what I need!
If I want to setup MRTG as well, does anyone have any hints or
references? I have MRTG setup and running, monitoring a cisco router.
That was pretty easy. But I'm having trouble getting a working
mrtg.cfg for monitoring the CheckPoint specific MIBs. I'm especially
interested in connections, accepted/dropped connections, etc.
I'm not very familiar with OID's or MIB files, so that may be my
problem. But I've enabled SNMP from my host to the firewall, turned
on the CheckPoint SNMP agent on port 260. I also poked around in
$FWDIR/lib/snmp, and the only file there is wellfleet.mib and I'm
having trouble interpreting it, and setting up mrtg.cfg to use it?
This is NG AI R55 on Solaris 8.
Thanks!
Shane
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
