yzl
93958d0fb0
|
1 year ago | |
---|---|---|
.. | ||
README.md | 1 year ago | |
template_net_cisco_asav_snmp.yaml | 1 year ago |
README.md
Cisco ASAv by SNMP
Overview
Secure Firewall ASA Virtual is the virtualized option of popular Secure Firewall ASA solution and offers security in traditional physical data centers and private and public clouds. Learn more about Cisco ASAv: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/adapt-security-virtual-appliance-ds.html
Requirements
Zabbix version: 7.0 and higher.
Tested versions
This template has been tested on:
- Cisco Adaptive Security Appliance Software Version 9.9(2), Device Manager Version 7.3(3)
Configuration
Zabbix should be configured according to the instructions in the Templates out of the box section.
Setup
Refer to the vendor documentation.
Macros used
Name | Description | Default |
---|---|---|
{$SNMP.TIMEOUT} | The time interval for SNMP agent availability trigger expression. |
5m |
{$CISCO.LLD.FILTER.IF.NAME.MATCHES} | Filter by discoverable interface names. |
.* |
{$CISCO.LLD.FILTER.IF.NAME.NOT_MATCHES} | Filter to exclude discovered interfaces by name. |
CHANGE_IF_NEEDED |
{$CISCO.LLD.FILTER.IF.DESC.MATCHES} | Filter by discoverable interface description. |
.* |
{$CISCO.LLD.FILTER.IF.DESC.NOT_MATCHES} | Filter to exclude discovered interfaces by description. |
CHANGE_IF_NEEDED |
{$CISCO.LLD.FILTER.IF.ADMIN.MATCHES} | Filter of discoverable interfaces by admin status. 1 - Up 2 - Down 3 - Testing |
1 |
{$CISCO.LLD.FILTER.IF.ADMIN.NOT_MATCHES} | Filter to exclude discovered interfaces by admin status. |
CHANGE_IF_NEEDED |
{$CISCO.LLD.FILTER.IF.CONTROL.MATCHES} | Filter triggers by discoverable interface names. Used in overrides. Triggers will only be created for interfaces whose names contain the value of the macro. |
.* |
{$CPU.UTIL.CRIT} | 90 |
|
{$MEMORY.UTIL.MAX} | 90 |
Items
Name | Description | Type | Key and additional info |
---|---|---|---|
Cisco ASAv: SNMP agent availability | Zabbix internal | zabbix[host,snmp,available] Preprocessing
|
|
Cisco ASAv: System description | MIB: RFC1213-MIB A textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software. It is mandatory that this only contain printable ASCII characters. |
SNMP agent | cisco.asav.model Preprocessing
|
Cisco ASAv: Contact | MIB: RFC1213-MIB The textual identification of the contact person for this managed node, together with information on how to contact this person. |
SNMP agent | cisco.asav.contact Preprocessing
|
Cisco ASAv: Host name | MIB: RFC1213-MIB An administratively-assigned name for this managed node. By convention, this is the node's fully-qualified domain name. |
SNMP agent | cisco.asav.name Preprocessing
|
Cisco ASAv: Location | MIB: RFC1213-MIB The physical location of this node (e.g., `telephone closet, 3rd floor'). |
SNMP agent | cisco.asav.location Preprocessing
|
Cisco ASAv: Uptime | MIB: RFC1213-MIB The time (in hundredths of a second) since the network management portion of the system was last re-initialized. |
SNMP agent | cisco.asav.uptime Preprocessing
|
Triggers
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco ASAv: No SNMP data collection | SNMP is not available for polling. Please check device connectivity and SNMP settings. |
max(/Cisco ASAv by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0 |
Warning | |
Cisco ASAv: Host has been restarted | Uptime is less than 10 minutes. |
last(/Cisco ASAv by SNMP/cisco.asav.uptime)<10m |
Info | Manual close: Yes |
LLD rule Physical entry discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Physical entry discovery | Information about a particular physical entity. |
SNMP agent | cisco.asav.physical.entry.discovery |
Item prototypes for Physical entry discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Physical description | MIB: ENTITY-MIB A textual description of physical entity. This object should contain a string that identifies the manufacturer's name for the physical entity, and should be set to a distinct value for each version or model of the physical entity. |
SNMP agent | cisco.asav.phys.description[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Physical class | MIB: ENTITY-MIB An indication of the general hardware type of the physical entity. An agent should set this object to the standard enumeration value that most accurately indicates the general class of the physical entity, or the primary class if there is more than one entity. If no appropriate standard registration identifier exists for this physical entity, then the value 'other(1)' is returned. If the value is unknown by this agent, then the value 'unknown(2)' is returned. |
SNMP agent | cisco.asav.phys.class[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Physical name | MIB: ENTITY-MIB The textual name of the physical entity. The value of this object should be the name of the component as assigned by the local device and should be suitable for use in commands entered at the device's port or module number, such as `1'), depending on the physical component naming syntax of the device. If there is no local name, or if this object is otherwise not applicable, then this object contains a zero-length string. Note that the value of entPhysicalName for two physical entities will be the same in the event that the console interface does not distinguish between them, e.g., slot-1 and the card in slot-1. |
SNMP agent | cisco.asav.phys.name[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Hardware revision | MIB: ENTITY-MIB The vendor-specific hardware revision string for the physical entity. The preferred value is the hardware revision identifier actually printed on the component itself (if present). Note that if revision information is stored internally in a non-printable (e.g., binary) format, then the agent must convert such information to a printable format, in an implementation-specific manner. If no specific hardware revision string is associated with the physical component, or if this information is unknown to the agent, then this object will contain a zero-length string. |
SNMP agent | cisco.asav.phys.hw[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Software revision | MIB: ENTITY-MIB The vendor-specific software revision string for the physical entity. Note that if revision information is stored internally in a non-printable (e.g., binary) format, then the agent must convert such information to a printable format, in an implementation-specific manner. If no specific software programs are associated with the physical component, or if this information is unknown to the agent, then this object will contain a zero-length string. |
SNMP agent | cisco.asav.phys.sw[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Serial number | MIB: ENTITY-MIB The vendor-specific serial number string for the physical entity. The preferred value is the serial number string actually printed on the component itself (if present). On the first instantiation of an physical entity, the value of entPhysicalSerialNum associated with that entity is set to the correct vendor-assigned serial number, if this information is available to the agent. If a serial number is unknown or non-existent, the entPhysicalSerialNum will be set to a zero-length string instead. |
SNMP agent | cisco.asav.phys.sn[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Manufacturer name | MIB: ENTITY-MIB The name of the manufacturer of this physical component. The preferred value is the manufacturer name string actually printed on the component itself (if present). Note that comparisons between instances of the entPhysicalModelName, entPhysicalFirmwareRev, entPhysicalSoftwareRev, and the entPhysicalSerialNum objects, are only meaningful amongst entPhysicalEntries with the same value of entPhysicalMfgName. If the manufacturer name string associated with the physical component is unknown to the agent, then this object will contain a zero-length string. |
SNMP agent | cisco.asav.phys.mfgname[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Model name | MIB: ENTITY-MIB The vendor-specific model name identifier string associated with this physical component. The preferred value is the customer-visible part number, which may be printed on the component itself. If the model name string associated with the physical component is unknown to the agent, then this object will contain a zero-length string. |
SNMP agent | cisco.asav.phys.model[{#SNMPINDEX}] Preprocessing
|
Trigger prototypes for Physical entry discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} has been replaced | {#CISCO.ASAV.PHYS.NAME} serial number has changed. Acknowledge to close the problem manually. |
last(/Cisco ASAv by SNMP/cisco.asav.phys.sn[{#SNMPINDEX}],#1)<>last(/Cisco ASAv by SNMP/cisco.asav.phys.sn[{#SNMPINDEX}],#2) and length(last(/Cisco ASAv by SNMP/cisco.asav.phys.sn[{#SNMPINDEX}]))>0 |
Info | Manual close: Yes |
LLD rule Interface discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Interface discovery | Network interfaces discovery |
SNMP agent | cisco.asav.net.if.discovery |
Item prototypes for Interface discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Cisco ASAv: {#CISCO.IF.NAME} Interface name | MIB: CISCO-PORT-MIB Descriptive name that identifies this port. |
SNMP agent | cisco.asav.net.if.name[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Interface description | MIB: IF-MIB A textual string containing information about the interface |
SNMP agent | cisco.asav.net.if.descr[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Operational status | MIB: IF-MIB The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. |
SNMP agent | cisco.asav.net.if.operstatus[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Administrative status | MIB: IF-MIB The desired state of the interface. The testing(3) state indicates that no operational packets can be passed. |
SNMP agent | cisco.asav.net.if.adminstatus[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Incoming traffic | MIB: IF-MIB The total number of octets received on the interface, including framing characters. |
SNMP agent | cisco.asav.net.if.in.traffic[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Incoming unicast packets | MIB: IF-MIB The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were not addressed to a multicast or broadcast address at this sub-layer |
SNMP agent | cisco.asav.net.if.in.ucastpkts[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Incoming multicast packets | MIB: IF-MIB The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a multicast address at this sub-layer. For a MAC layer protocol, this includes both Group and Functional addresses. |
SNMP agent | cisco.asav.net.if.in.multicastpkts[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Incoming broadcast packets | MIB: IF-MIB The number of packets, delivered by this sub-layer to a higher (sub-)layer, which were addressed to a broadcast address at this sub-layer. |
SNMP agent | cisco.asav.net.if.in.broadcastpkts[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Outgoing traffic | MIB: IF-MIB The total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets. |
SNMP agent | cisco.asav.net.if.out.traffic[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Outgoing unicast packets | MIB: IF-MIB The total number of packets that higher-level protocols requested be transmitted, and which were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent. |
SNMP agent | cisco.asav.net.if.out.ucastpkts[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Outgoing multicast packets | MIB: IF-MIB The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. For a MAC layer protocol, this includes both Group and Functional addresses. |
SNMP agent | cisco.asav.net.if.out.multicastpkts[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Outgoing broadcast packets | MIB: IF-MIB The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent. |
SNMP agent | cisco.asav.net.if.out.broadcastpkts[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Link speed | MIB: IF-MIB An estimate of the interface's current bandwidth in bits per second |
SNMP agent | cisco.asav.net.if.highspeed[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Incoming utilization | Interface utilization percentage |
Calculated | cisco.asav.net.if.in.util[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.IF.NAME} Outgoing utilization | Interface utilization percentage |
Calculated | cisco.asav.net.if.out.util[{#SNMPINDEX}] Preprocessing
|
Trigger prototypes for Interface discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco ASAv: {#CISCO.IF.NAME} Link down | This trigger expression works as follows: |
last(/Cisco ASAv by SNMP/cisco.asav.net.if.operstatus[{#SNMPINDEX}])=2 and last(/Cisco ASAv by SNMP/cisco.asav.net.if.operstatus[{#SNMPINDEX}],#1)<>last(/Cisco ASAv by SNMP/cisco.asav.net.if.operstatus[{#SNMPINDEX}],#2) |
Average | Manual close: Yes |
LLD rule Memory discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Memory discovery | Discovery of ciscoMemoryPoolTable, a table of memory pool monitoring entries. |
SNMP agent | cisco.asav.memory.discovery |
Item prototypes for Memory discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Cisco ASAv: {#SNMPVALUE} Used memory | MIB: CISCO-MEMORY-POOL-MIB Indicates the number of bytes from the memory pool that are currently in use by applications on the managed device. |
SNMP agent | cisco.asav.memory.used[{#SNMPINDEX}] |
Cisco ASAv: {#SNMPVALUE} Free memory | MIB: CISCO-MEMORY-POOL-MIB Indicates the number of bytes from the memory pool that are currently unused on the managed device. Note that the sum of ciscoMemoryPoolUsed and ciscoMemoryPoolFree is the total amount of memory in the pool |
SNMP agent | cisco.asav.memory.free[{#SNMPINDEX}] |
Cisco ASAv: {#SNMPVALUE} Memory utilization | Memory utilization in %. |
Calculated | cisco.asav.memory.util[{#SNMPINDEX}] |
Trigger prototypes for Memory discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco ASAv: High memory utilization | The system is running out of free memory. |
min(/Cisco ASAv by SNMP/cisco.asav.memory.util[{#SNMPINDEX}],5m)>{$MEMORY.UTIL.MAX} |
Average |
LLD rule CPU discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
CPU discovery | Discovery of cpmCPUTotalTable, a table of CPU monitoring entries. |
SNMP agent | cisco.asav.cpu.discovery |
Item prototypes for CPU discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Cisco ASAv: CPU [{#SNMPINDEX}] Utilization | MIB: CISCO-PROCESS-MIB The overall CPU busy percentage in the last 5 minute period. This object deprecates the object cpmCPUTotal5min and increases the value range to (0..100). |
SNMP agent | cisco.asav.cpu.util[{#SNMPINDEX}] |
Trigger prototypes for CPU discovery
Name | Description | Expression | Severity | Dependencies and additional info |
---|---|---|---|---|
Cisco ASAv: High CPU utilization | The CPU utilization is too high. The system might be slow to respond. |
min(/Cisco ASAv by SNMP/cisco.asav.cpu.util[{#SNMPINDEX}],5m)>{$CPU.UTIL.CRIT} |
Warning |
LLD rule Session discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Session discovery | Remote access session discovery |
SNMP agent | cisco.asav.session.discovery |
Item prototypes for Session discovery
Name | Description | Type | Key and additional info |
---|---|---|---|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Authenticate method | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The method used to authenticate the user prior to establishing the session. |
SNMP agent | cisco.asav.session.authen.method[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Authorize method | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The method used to authorize the user prior to establishing the session. |
SNMP agent | cisco.asav.session.author.method[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Session duration | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The number of seconds elapsed since this session was established. |
SNMP agent | cisco.asav.session.duration[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Local address | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The IP address assigned to the client of this session in the private network assigned by the managed entity. |
SNMP agent | cisco.asav.session.addr.local[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] ISP address | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The IP address of the peer (client) assigned by the ISP. This is the address of the client device in the public network. |
SNMP agent | cisco.asav.session.addr.isp[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Session protocol | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The protocol underlying this remote access session. |
SNMP agent | cisco.asav.session.protocol[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Encryption algorithm | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The algorithm used by this remote access session to encrypt its payload. |
SNMP agent | cisco.asav.session.encryption[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Algorithm validate packets | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The algorithm used by this remote access session to to validate packets. |
SNMP agent | cisco.asav.session.authen.algorithm[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Incoming traffic | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The rate of octets received by this Remote Access Session. This value is accumulated BEFORE determining whether or not the packet should be decompressed. |
SNMP agent | cisco.asav.session.in.traffic[{#SNMPINDEX}] Preprocessing
|
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Outgoing traffic | MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB The rate of octets transmitted by this Remote Access Session. This value is accumulated AFTER determining whether or not the packet should be compressed. |
SNMP agent | cisco.asav.session.out.traffic[{#SNMPINDEX}] Preprocessing
|
Feedback
Please report any issues with the template at https://support.zabbix.com
You can also provide feedback, discuss the template, or ask for help at ZABBIX forums