When you're refering to "two samples" are you refering to the two IODs for each target? Like: Target[$target_name]: $iod1&$iod2
Generally this would be in and out, but it doesn't have to be. You should use IODs that are the same type (Gauge, Counter64, Counter32, etc) and have the same units (Bytes, percent, etc) because you can't process one IOD differently than the other. If necessary use the same IOD twice. You can also use the noi or noo option (see docs).
I monitor multiple VPNs by walking them. I wrote a script to run cfgmaker against all my devices on a regular basis to pick up any changes made. Remember that a template file is just perl code that cfgmaker executes. The host template is executed once and the interface templated is executed for each interface that cfgmaker discovers. I have Netscreen & Juniper devices, so I wrote my own templates. There are some good Cisco templates on the web ... here's one I found, though it doesn't breat the tunnels down individually:
http://mrtg.gvolk.com/template/host-ciscoipsecflow.template
Here's the approach I used:
my @vpns;
my $snmpwalk = '/usr/bin/snmpwalk -v2c -c ';
foreach $line (`$snmpwalk $community $node .1.3.6.1.4.1.9.9.171.1.2.3.1.1`) {
$line =~ /\d+$/;
my $inst = $&; #get the instance value only
my $tmp = `$snmpget $community $node $iod`;
$tmp =~ /\S+$/;
my $vpn_name = $&;
#repeat above for ip, gateway, and any other info you want to display on your graph
push @vpns, [$inst, $vpn_name, etc..... ];
}
foreach my $vpn (@vpns) {
my $t1 = $vpn_throughput_oid . '.' . $vpn->[0];
my $t2 = $some other_oid . '.' . $vpn->[0];
my $tname = $router . '_VPN_' . $vpn->[1]
$target_lines .= ECHO<<;
Target[$tname]: $t1&$t2
Title[$tname]: $vpn->[1] Throughput
etc ........
ECHO
}
There my be an easier way to do this, but this is the approach I used.
From: "Ahmed Rafique" <[EMAIL PROTECTED]>
To: "Craig Metzer" <[EMAIL PROTECTED]>,<[email protected]>
Subject: RE: [mrtg] How to monitor ipsec vpn in mrtg
Date: Thu, 29 Mar 2007 16:46:18 -0700
Hello Craig,
Thanks for the response.I do have couple of questions,
- I know in MRTG I need to get two samples in orders to plot the graph. What two samples do I take in this case.
- I have multiple VPNs in that ASA . How can I monitor them ?
Thanks and Regards,
Ahmed Rafique
From: Craig Metzer [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 29, 2007 11:41 AM
To: Ahmed Rafique; [email protected]
Subject: RE: [mrtg] How to monitor ipsec vpn in mrtg
Ahmed,
Try using OIDs on this tree: .1.3.6.1.4.1.9.9.171.1.2.1
You can look at the different VPN objects in Ciscos SNMP Object Browser:
http://tools.cisco.com/Support/SNMP/public.jsp
What I do is write a script to walk the Tunnel Index: 1.3.6.1.4.1.9.9.171.1.2.3.1.1 and then loop through all the instances to build the respective graphs for whichever measurement you want to make. You can do all that in the host template.
Craig
From: "Ahmed Rafique" <[EMAIL PROTECTED]>
To: <[email protected]>
Subject: [mrtg] How to monitor ipsec vpn in mrtg
Date: Thu, 29 Mar 2007 11:24:43 -0700Does anyone know how to monitor ipsec vpn in mrtg? The vpn is terminating on a Cisco asa 5510. I can monitor other interfaces of the asa but not the vpn. Any help will be appreciated.
Thanks and Regards,
Ahmed Rafique
>_______________________________________________
>mrtg mailing list
>[email protected]
>https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
Mortgage refinance is hot 1) Rates near 30-yr lows 2) Good credit get intro-rate 4.625%*
The average US Credit Score is 675. The cost to see yours: $0 by Experian.
_______________________________________________ mrtg mailing list [email protected] https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
