Re: [FW-1] MRTG Config

[Burton, Chris [Permanent Link]]

I have used the following format for the target line without issue.
Also, you need to make sure that your firewall is not dropping the
traffic for the port (Checkpoint is default UDP/260 I believe).  The
target statement defaults to port UDP/161.

Target[tg_one]:
<OID1>&<OID2>:<Community>@Target:<udp_port>:<timeout>:<retries>:<backoff
>:<version>

Chris Burton
Network Engineer
Walt Disney Internet Group: Network Services

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above. If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited. If you have received this
e-mail in error, please contact Walt Disney Internet Group at
206-664-4000.





-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Dave
Aitchison
Sent: Wednesday, June 30, 2004 2:27 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] MRTG Config


Hi Shane,

I had a whole lot of trouble getting MRTG to talk to the non-standard
SNMP port (260/udp).  Instead, I created a few very simple perl scripts,
which use the Net::SNMP module to grab one or two stats at a time.

All you need to do is write a script that returns two integers (which
can both be the same) to stdout, then specify the script within
backticks in the Target[xyz]: section in your MRTG config.  Here's my
most simple example:

MRTG cfg (substitute in a hostname at <hostname>)...
========= snip ==========
Title[fwacc]: <hostname> Accepted FW-1 packets
Target[fwacc]: `/usr/local/mrtg/fw-1-conns/gw-packets-accepted.pl
<hostname>`
PageTop[fwacc]: <H1><hostname> Accepted FW-1 Packets</H1>
        <P>This graph displays the number of accepted Firewall-1 packets
through <hostname>.
YLegend[fwacc]: packets/sec
ShortLegend[fwacc]: ;
Legend1[fwacc]: Firewall-1 Accepts
Legend2[fwacc]: Firewall-1 Accepts
LegendI[fwacc]: &nbsp;used:
LegendO[fwacc]:
Options[fwacc]: noo
WithPeak[fwacc]: wmy
MaxBytes[fwacc]: 400000
AbsMax[fwacc]: 1000000
===================
and the perl code (I admit I'm not much of a perl coder BTW): =========
snip ========== #!/usr/local/perl-5.8.3/bin/perl

use strict;
use Net::SNMP;

my $hostname=$ARGV[0] || die "Hostname not specified\m";
# Might want to to some hostname sanity checking here.  I normally do,
but cut the code # out cause it had site-specific stuff in it...

my ($session, $error) = Net::SNMP->session(
   -hostname  => $hostname,
   -community => 'public',
   -port      => 260
);

if (!defined($session)) {
   printf("ERROR: %s.\n", $error);
   exit 1;
}

my $packets_accepted = '1.3.6.1.4.1.2620.1.1.4.0';

my $result = $session->get_request(
   -varbindlist => [$packets_accepted]
);
printf ("%s\n",$result->{$packets_accepted});
printf ("%s\n",$result->{$packets_accepted});

warn ("$result->{$packets_accepted}\n");

$session->close;
===================

Hope that's useful,

Dave.

Shane Presley wrote:

>This is related to my previous email about monitoring a FW-1 system for

>throughput.  Thanks for the comments.  I've made some progress getting
>SmartView Monitor to do what I need!
>
>If I want to setup MRTG as well, does anyone have any hints or
>references?  I have MRTG setup and running, monitoring a cisco router.

>That was pretty easy.  But I'm having trouble getting a working
>mrtg.cfg for monitoring the CheckPoint specific MIBs.  I'm especially
>interested in connections, accepted/dropped connections, etc.
>
>I'm not very familiar with OID's or MIB files, so that may be my
>problem.  But I've enabled SNMP from my host to the firewall, turned on

>the CheckPoint SNMP agent on port 260.  I also poked around in
>$FWDIR/lib/snmp, and the only file there is wellfleet.mib and I'm
>having trouble interpreting it, and setting up mrtg.cfg to use it?
>
>This is NG AI R55 on Solaris 8.
>
>Thanks!
>Shane
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================