Hi Team,
We have received new requirement to monitor firewall and network devices. Please help us to setup this.
What are the prerequisite the setup this and what question we should ask to firewall/network team?
What ports/services should be enable from both end (Nagios server side and Firewall side) ?
Below are the devices..
QRadar appliances: Console, Event Processors, Event Collectors, Wincollect agents
IPS/IDS appliances: Sourcefire NG Sensors
AMD appliances: FireEye EX and FireEye NX devices
Cisco IronPorts
Need support to monitor firewall devices
Re: Need support to monitor firewall devices
As we do not have any of those devices here you will need to search the Nagios Exchange (or even Google) for any plugins that may meet your needs and then test them out. If you have any issues, please create separate forum posts for each plugin that you're having issues with. Again, we don't have these devices here so we can't test them out for you, you'll need to do the legwork.
The Nagios Exchange is here (the search box is in the top right corner):
https://exchange.nagios.org/
You can follow this guide for testing/setting them up:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
One thing to note is that you can generally enable SNMP Traps on those devices and point them at the XI server for processing, you can follow this guide here:
https://assets.nagios.com/downloads/nag ... ios_XI.pdf
Let us know if you have any questions or if we can clear anything up for you.
Thank you!
The Nagios Exchange is here (the search box is in the top right corner):
https://exchange.nagios.org/
You can follow this guide for testing/setting them up:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
One thing to note is that you can generally enable SNMP Traps on those devices and point them at the XI server for processing, you can follow this guide here:
https://assets.nagios.com/downloads/nag ... ios_XI.pdf
Let us know if you have any questions or if we can clear anything up for you.
Thank you!
Re: Need support to monitor firewall devices
Hi,
SNMP v3 has been configured on one of the device and while running snmpwalk i am getting an output as well..
not can help what is next i have to do to setup monitoring for these devices-- sorry do not have much knowledge about configure the device.
snmpwalk -v 3 -u **** -l authPriv -a SHA -A **** -x AES -X **** 11.11.11.11
output like -- list is too big have pasted few details from the list to just an fyi the type of data i am getting
TCP-MIB::tcpConnRemPort.127.0.0.1.0000.0.0.0.0.0 = INTEGER: 0
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_linkUp' = STRING: _linkUpDown
IF-MIB::ifHighSpeed.3 = Gauge32: 0
IF-MIB::ifPromiscuousMode.1 = INTEGER: false(2)
IPV6-MIB::ipv6Forwarding.0 = INTEGER: notForwarding(2)
IPV6-MIB::ipv6DefaultHopLimit.0 = INTEGER: 64
SNMP v3 has been configured on one of the device and while running snmpwalk i am getting an output as well..
not can help what is next i have to do to setup monitoring for these devices-- sorry do not have much knowledge about configure the device.
snmpwalk -v 3 -u **** -l authPriv -a SHA -A **** -x AES -X **** 11.11.11.11
output like -- list is too big have pasted few details from the list to just an fyi the type of data i am getting
TCP-MIB::tcpConnRemPort.127.0.0.1.0000.0.0.0.0.0 = INTEGER: 0
DISMAN-EVENT-MIB::mteEventNotificationObjects."_snmpd".'_linkUp' = STRING: _linkUpDown
IF-MIB::ifHighSpeed.3 = Gauge32: 0
IF-MIB::ifPromiscuousMode.1 = INTEGER: false(2)
IPV6-MIB::ipv6Forwarding.0 = INTEGER: notForwarding(2)
IPV6-MIB::ipv6DefaultHopLimit.0 = INTEGER: 64
Re: Need support to monitor firewall devices
If you're using SNMP, try using the SNMP Walk Wizard:
https://assets.nagios.com/downloads/nag ... Wizard.pdf
For anything beyond the SNMP Walk or SNMP wizards you would need to look for a plugin that does what you'd like, the reason for that is because a lot of them require processing of OID tables in order to reference the proper OIDs, it's not always a 1 to 1 relationship based on snmpwalk output.
Read this document to understand what I mean:
https://www.cisco.com/c/en/us/support/d ... 40700.html
One thing to remember is that we likely don't have most of the devices you do so we have no experience in setting them up specifically and have no way to test the plugins out for you that you require for your equipment, you'll need to do the legwork on these to find out what you want to monitor and see if there's already a plugin out there to do it. A lot of the plugins on the Exchange are 3rd party and written by customers to monitor their equipment that they've shared with other customers so they are the only ones with knowledge in them.
We can certainly help you try to figure them out and try to help you out with any errors you get but you'll need to create a new forum topic for each unrelated issue so that we can work it like every other problem.
Let me know if you have any questions or if I can clarify anything for you.
Thank you!
https://assets.nagios.com/downloads/nag ... Wizard.pdf
For anything beyond the SNMP Walk or SNMP wizards you would need to look for a plugin that does what you'd like, the reason for that is because a lot of them require processing of OID tables in order to reference the proper OIDs, it's not always a 1 to 1 relationship based on snmpwalk output.
Read this document to understand what I mean:
https://www.cisco.com/c/en/us/support/d ... 40700.html
One thing to remember is that we likely don't have most of the devices you do so we have no experience in setting them up specifically and have no way to test the plugins out for you that you require for your equipment, you'll need to do the legwork on these to find out what you want to monitor and see if there's already a plugin out there to do it. A lot of the plugins on the Exchange are 3rd party and written by customers to monitor their equipment that they've shared with other customers so they are the only ones with knowledge in them.
We can certainly help you try to figure them out and try to help you out with any errors you get but you'll need to create a new forum topic for each unrelated issue so that we can work it like every other problem.
Let me know if you have any questions or if I can clarify anything for you.
Thank you!
Re: Need support to monitor firewall devices
thanks for your reply, and i understated your point will refer the SNMP URL shared by you soon to understand the way SNMP is working.
just to update you on this -- using linux SNMP wizard i am able to monitor the basic device checks e.g. CPU, Memory, SWAP, Ping...
now team wanted to add more parameters to monitor other aspects, below are the parameters we asked to monitor, i am looking exchange for suitable plugin which fulfill our requirements but still writing to you if you can help me to easy my work to get the correct plugin which fulfill our requirements..
Parameters need to be added --
Appliance Heartbeat
Card Reset
Classic License Monitor
Disk Status
HA Status
Hardware Alarms
Host Limit
Interface Status
Memory Usage
Power Supply
Process Status
Time Synchronization Status
Local Malware Analysis
VPN Status
Security Intelligence
just to update you on this -- using linux SNMP wizard i am able to monitor the basic device checks e.g. CPU, Memory, SWAP, Ping...
now team wanted to add more parameters to monitor other aspects, below are the parameters we asked to monitor, i am looking exchange for suitable plugin which fulfill our requirements but still writing to you if you can help me to easy my work to get the correct plugin which fulfill our requirements..
Parameters need to be added --
Appliance Heartbeat
Card Reset
Classic License Monitor
Disk Status
HA Status
Hardware Alarms
Host Limit
Interface Status
Memory Usage
Power Supply
Process Status
Time Synchronization Status
Local Malware Analysis
VPN Status
Security Intelligence
Re: Need support to monitor firewall devices
Most of those things very much depend on the product type you are monitoring.Parameters need to be added --
Appliance Heartbeat
Card Reset
Classic License Monitor
Disk Status
HA Status
Hardware Alarms
Host Limit
Interface Status
Memory Usage
Power Supply
Process Status
Time Synchronization Status
Local Malware Analysis
VPN Status
Security Intelligence
First and foremost you need to determine if that information is available through SNMP on those systems.
Is that information only available through ILO/DRAC/RSA? OS/Distro/Version also matter, only you/your admins will know that information.
My recommendation is to work through each one individually on a case-by-case basis, it really depends on the hardware, the standard SNMP checks should work and there are a ton of custom SNMP plugins available for a lot of different types of hardware but you'll need to search the Nagios Exchange for what you'd like to see if they meet your needs. Find a plugin, test it out, if you have issues, create a new forum ticket with a link to the plugin and the exact command ran and the full output from the command so that we can help you work through any issues.
You should be able to run the Network Switch / Router wizard against most systems to check Interface Status/Bandwidth.
The manufacturer of the type of hardware you are using require different things to monitor them.
Re: Need support to monitor firewall devices
working on this further.. got below error on one of the device.
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A ****-x AES -X ***** 00.00.00.00
No log handling enabled - turning on stderr logging
13.129.99.18 -D: Unknown Object Identifier (Sub-id not found: (top) -> 18 -D)
can you please share your thought where i need to focus on ?
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A ****-x AES -X ***** 00.00.00.00
No log handling enabled - turning on stderr logging
13.129.99.18 -D: Unknown Object Identifier (Sub-id not found: (top) -> 18 -D)
can you please share your thought where i need to focus on ?
Re: Need support to monitor firewall devices
This looks like there may be some invalid MIBs in there:
I assume you have installed MIB files?
Please run this command and send me the resulting /tmp/SNMPFILES.zip file:
Additionally, try running it like this instead:
- Note the single quotes surrounding the auth/priv pass
Code: Select all
(Sub-id not found: (top) -> 18 -D)Please run this command and send me the resulting /tmp/SNMPFILES.zip file:
Code: Select all
zip -r /tmp/SNMPFILES.zip /etc/snmp /usr/share/snmp/mibs- Note the single quotes surrounding the auth/priv pass
Code: Select all
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A 'authP@ss' -x AES -X 'privP@ss' X.X.X.XRe: Need support to monitor firewall devices
have send details in personal chat.. please have a look on that..
below is the output i am getting today..
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A ***** -x AES -X ***** 11.11.11.11
No log handling enabled - turning on stderr logging
tied with single quotes as well.
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A '*****' -x AES -X '*****' 11.11.11.11
No log handling enabled - turning on stderr logging
below is the output i am getting today..
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A ***** -x AES -X ***** 11.11.11.11
No log handling enabled - turning on stderr logging
tied with single quotes as well.
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A '*****' -x AES -X '*****' 11.11.11.11
No log handling enabled - turning on stderr logging
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Need support to monitor firewall devices
Is this followed by snmpwalk: Timeout?rtsupport wrote:have send details in personal chat.. please have a look on that..
below is the output i am getting today..
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A ***** -x AES -X ***** 11.11.11.11
No log handling enabled - turning on stderr logging
tied with single quotes as well.
snmpwalk -v 3 -u nagiosqr -l authPriv -a SHA -A '*****' -x AES -X '*****' 11.11.11.11
No log handling enabled - turning on stderr logging
It seems that either it is not authenticating or this server isn't SNMP v3 enabled