Hey guys, I'm using net-snmp-5.1.2 on Linux Fedora Core 3. I'm trying to get some useful info from a Cisco PIX firewall (OS v6.2.2), using snmpwalk, but i encountered some issues.
I can get the basic info (such as per-interface traffic counters and such), but not the vital stats such as CPU usage, memory usage, etc. I need the vital stats in order to troubleshoot an issue with this firewall - plus, it's just nice to have all those parameters monitored. A PIX firewall could be monitored using CiscoWorks, however, i prefer to use net-snmp to get that info because this way i can integrate firewall monitoring with other monitoring that we're doing, using tools such as RRD, munin, etc. The existing monitoring infrastructure is pretty big already, has proved itself in production and i'd rather not put the firewalls on another tool separated from everyone else. I followed the "Using SNMP with the Cisco Secure PIX Firewall" document on cisco.com to the letter. The document describes how to configure the firewall, then tells you to download some MIBs and use them. The MIBs i used are here (the CISCO-* files): http://florin.myip.org/snmp/ I put all MIB files in a local directory, then run: snmpwalk -v 1 -Cc -M "/usr/share/snmp/mibs:." -c XXXXXXXXXXX AAA.BBB.CCC.DDD But i only get the generic info, per-interface traffic counters and such (see the 1.txt file at the URL above, it's slightly obfuscated). Then i did this: snmpwalk -v 1 -Cc -M "/usr/share/snmp/mibs:." -m ALL -c XXXXXXXXXXX AAA.BBB.CCC.DDD In addition to the same info as with the previous command, i get a bunch of errors - see the 2.txt file at URL above (some minor obfuscation). I contacted Cisco, and this is their reply: ################################################### I've spoken with some engineers from the NMS team since from your last 2 emails I have verified that the problem is not on the PIX (and actually this case should go to the NMS team, however they just gave me pointers to answer your inquiry). They told me that the reason you have the following error (below) is because the 3rd party SNMP utility you are using has not compiled properly the MIB you have downloaded for the PIX. You are advised to check with the 3rd party vendor on as to how their utility compiles these MIBs. $ snmpwalk -v 1 -Cc -M "/usr/share/snmp/mibs:." -m ALL -c 2hard2guess123 198.149.23.5 Cannot find module (SNMPv2-TC-v1): At line 11 in ./CISCO-PROCESS-MIB- V1SMI.my Cannot find module (CISCO-SMI): At line 13 in ./CISCO-PROCESS-MIB- V1SMI.my Cannot find module (CISCO-TC): At line 15 in ./CISCO-PROCESS-MIB- V1SMI.my Did not find 'TimeStamp' in module #-1 (./CISCO-PROCESS-MIB-V1SMI.my) Did not find 'DisplayString' in module #-1 (./CISCO-PROCESS-MIB- V1SMI.my) Did not find 'RowStatus' in module #-1 (./CISCO-PROCESS-MIB-V1SMI.my) Did not find 'ciscoMgmt' in module #-1 (./CISCO-PROCESS-MIB-V1SMI.my) ################################################### Now, i thought i should act in good faith and "check with the 3rd party vendor" - which is the net-snmp community. Any suggestion is appreciated. I can run tests to further clarify the issue, just tell me what to do. Thanks, -- Florin Andrei http://florin.myip.org/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
