I can't really address the security issue other than to say that FW-1 pretty
much wants you to be able to use SNMP anyway and since that's all mrtg is
doing it's not any worse than it would already have been other than the
script you write is going to need your SNMP community string for the
firewall in it.
The below is done pretty much from memory and scripts I've done for MS
Exchange server, and Netscape's web server. This one is untested. YMMV.
The SNMP MIBS for Firewall-1 should be on the CD somewhere (They were in
older version haven't looked in a while, I'm still using my old ones). Look
though 'em find the counters you are looking to monitor, and then add 'em to
a script like the one included below. In your MRTG config file add a new
item with something like this:
Target[yourfirewall.pktinfo]: `/path/to/your/script`
Directory[yourfirewall.pktinfo]: subdirname
Options[yourfirewall.pktinfo]: growright
WithPeak[yourfirewall.pktinfo]: dwmy
YLegend[yourfirewall.pktinfo]: No. of Packets
ShortLegend[yourfirewall.pktinfo]: Packets
LegendO[yourfirewall.pktinfo]: Accepted:
LegendI[yourfirewall.pktinfo]: Dropped:
Title[yourfirewall.pktinfo]: Firewall-1 Packet Counts
PageTop[yourfirewall.pktinfo]: <H1>Firewall-1 Packet Counts
<BR>Accepts & Drops</H1>
Try and and see what happens.
# ---------------------------------------------------
# Perl Script to get the accepted and dropped packets
# from FW-1 and format the info for MRTG
#---------------------------------------------------
#!/usr/bin/perl
use strict;
use vars qw($hostname $community $port $session $error $response $PktAccept
$PktDrop $SysUptime);
use Net::SNMP;
$hostname = "yourfirewall.yourdomain.com";
$community = "your-snmpv1-community-string";
$port = 161;
($session, $error) = Net::SNMP->session(
-hostname => $hostname,
-community => $community,
-port => $port
);
if (!defined($session)) {
printf("ERROR: %s.\n", $error);
exit 1;
}
my $snmpInfo = "1.3.6.1.4.1.2620.1.1.4.0";
if (!defined($response = $session->get_request($snmpInfo))) {
printf("ERROR: %s.\n", $session->error);
$session->close;
exit 1;
}
$PktAccept= $response->{$snmpInfo};
my $snmpInfo = "1.3.6.1.4.1.2620.1.1.6.0";
if (!defined($response = $session->get_request($snmpInfo))) {
printf("ERROR: %s.\n", $session->error);
$session->close;
exit 1;
}
$PktDrop= $response->{$snmpInfo};
my $snmpInfo = "1.3.6.1.2.1.1.3.0";
if (!defined($response = $session->get_request($snmpInfo))) {
printf("ERROR: %s.\n", $session->error);
$session->close;
exit 1;
}
$SysUptime = $response->{$snmpInfo};
printf ("%s\n%s\n%s\n$hostname\n", $PktAccept, $PktDrop, $SysUptime);
$session->close;
exit 0;
> -----Original Message-----
> From: Technical Department [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 05, 2001 2:29 PM
> To: navid atoofi; [EMAIL PROTECTED]
> Subject: [FW1] MRTG and FW-1
>
>
>
> Good day all,
>
> How can setup MRTG graph tools for FW-1 Server?
>
> Is it secure ?
>
> http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/users.html
>
> Regards
>
> Reza
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
