You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
yzl 93958d0fb0
zabbix6.0
1 year ago
..
README.md zabbix6.0 1 year ago
template_net_cisco_asav_snmp.yaml zabbix6.0 1 year ago

README.md

Cisco ASAv by SNMP

Overview

Secure Firewall ASA Virtual is the virtualized option of popular Secure Firewall ASA solution and offers security in traditional physical data centers and private and public clouds. Learn more about Cisco ASAv: https://www.cisco.com/c/en/us/products/collateral/security/adaptive-security-virtual-appliance-asav/adapt-security-virtual-appliance-ds.html

Requirements

Zabbix version: 7.0 and higher.

Tested versions

This template has been tested on:

  • Cisco Adaptive Security Appliance Software Version 9.9(2), Device Manager Version 7.3(3)

Configuration

Zabbix should be configured according to the instructions in the Templates out of the box section.

Setup

Refer to the vendor documentation.

Macros used

Name Description Default
{$SNMP.TIMEOUT}

The time interval for SNMP agent availability trigger expression.

5m
{$CISCO.LLD.FILTER.IF.NAME.MATCHES}

Filter by discoverable interface names.

.*
{$CISCO.LLD.FILTER.IF.NAME.NOT_MATCHES}

Filter to exclude discovered interfaces by name.

CHANGE_IF_NEEDED
{$CISCO.LLD.FILTER.IF.DESC.MATCHES}

Filter by discoverable interface description.

.*
{$CISCO.LLD.FILTER.IF.DESC.NOT_MATCHES}

Filter to exclude discovered interfaces by description.

CHANGE_IF_NEEDED
{$CISCO.LLD.FILTER.IF.ADMIN.MATCHES}

Filter of discoverable interfaces by admin status.

1 - Up

2 - Down

3 - Testing

1
{$CISCO.LLD.FILTER.IF.ADMIN.NOT_MATCHES}

Filter to exclude discovered interfaces by admin status.

CHANGE_IF_NEEDED
{$CISCO.LLD.FILTER.IF.CONTROL.MATCHES}

Filter triggers by discoverable interface names.

Used in overrides. Triggers will only be created for interfaces whose names contain the value of the macro.

.*
{$CPU.UTIL.CRIT} 90
{$MEMORY.UTIL.MAX} 90

Items

Name Description Type Key and additional info
Cisco ASAv: SNMP agent availability Zabbix internal zabbix[host,snmp,available]

Preprocessing

  • Discard unchanged with heartbeat: 1h

Cisco ASAv: System description

MIB: RFC1213-MIB

A textual description of the entity. This value

should include the full name and version

identification of the system's hardware type,

software operating-system, and networking

software. It is mandatory that this only contain

printable ASCII characters.

SNMP agent cisco.asav.model

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: Contact

MIB: RFC1213-MIB

The textual identification of the contact person

for this managed node, together with information

on how to contact this person.

SNMP agent cisco.asav.contact

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: Host name

MIB: RFC1213-MIB

An administratively-assigned name for this

managed node. By convention, this is the node's

fully-qualified domain name.

SNMP agent cisco.asav.name

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: Location

MIB: RFC1213-MIB

The physical location of this node (e.g.,

`telephone closet, 3rd floor').

SNMP agent cisco.asav.location

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: Uptime

MIB: RFC1213-MIB

The time (in hundredths of a second) since the

network management portion of the system was last

re-initialized.

SNMP agent cisco.asav.uptime

Preprocessing

  • Custom multiplier: 0.01

Triggers

Name Description Expression Severity Dependencies and additional info
Cisco ASAv: No SNMP data collection

SNMP is not available for polling. Please check device connectivity and SNMP settings.

max(/Cisco ASAv by SNMP/zabbix[host,snmp,available],{$SNMP.TIMEOUT})=0 Warning
Cisco ASAv: Host has been restarted

Uptime is less than 10 minutes.

last(/Cisco ASAv by SNMP/cisco.asav.uptime)<10m Info Manual close: Yes

LLD rule Physical entry discovery

Name Description Type Key and additional info
Physical entry discovery

Information about a particular physical entity.

SNMP agent cisco.asav.physical.entry.discovery

Item prototypes for Physical entry discovery

Name Description Type Key and additional info
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Physical description

MIB: ENTITY-MIB

A textual description of physical entity. This object

should contain a string that identifies the manufacturer's

name for the physical entity, and should be set to a

distinct value for each version or model of the physical

entity.

SNMP agent cisco.asav.phys.description[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Physical class

MIB: ENTITY-MIB

An indication of the general hardware type of the physical

entity.

An agent should set this object to the standard enumeration

value that most accurately indicates the general class of

the physical entity, or the primary class if there is more

than one entity.

If no appropriate standard registration identifier exists

for this physical entity, then the value 'other(1)' is

returned. If the value is unknown by this agent, then the

value 'unknown(2)' is returned.

SNMP agent cisco.asav.phys.class[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Physical name

MIB: ENTITY-MIB

The textual name of the physical entity. The value of this

object should be the name of the component as assigned by

the local device and should be suitable for use in commands

entered at the device's console'. This might be a text</p><p>name (e.g., console') or a simple component number (e.g.,

port or module number, such as `1'), depending on the

physical component naming syntax of the device.

If there is no local name, or if this object is otherwise

not applicable, then this object contains a zero-length

string.

Note that the value of entPhysicalName for two physical

entities will be the same in the event that the console

interface does not distinguish between them, e.g., slot-1

and the card in slot-1.

SNMP agent cisco.asav.phys.name[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Hardware revision

MIB: ENTITY-MIB

The vendor-specific hardware revision string for the

physical entity. The preferred value is the hardware

revision identifier actually printed on the component itself

(if present).

Note that if revision information is stored internally in a

non-printable (e.g., binary) format, then the agent must

convert such information to a printable format, in an

implementation-specific manner.

If no specific hardware revision string is associated with

the physical component, or if this information is unknown to

the agent, then this object will contain a zero-length

string.

SNMP agent cisco.asav.phys.hw[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Software revision

MIB: ENTITY-MIB

The vendor-specific software revision string for the

physical entity.

Note that if revision information is stored internally in a

non-printable (e.g., binary) format, then the agent must

convert such information to a printable format, in an

implementation-specific manner.

If no specific software programs are associated with the

physical component, or if this information is unknown to the

agent, then this object will contain a zero-length string.

SNMP agent cisco.asav.phys.sw[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Serial number

MIB: ENTITY-MIB

The vendor-specific serial number string for the physical

entity. The preferred value is the serial number string

actually printed on the component itself (if present).

On the first instantiation of an physical entity, the value

of entPhysicalSerialNum associated with that entity is set

to the correct vendor-assigned serial number, if this

information is available to the agent. If a serial number

is unknown or non-existent, the entPhysicalSerialNum will be

set to a zero-length string instead.

SNMP agent cisco.asav.phys.sn[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Manufacturer name

MIB: ENTITY-MIB

The name of the manufacturer of this physical component.

The preferred value is the manufacturer name string actually

printed on the component itself (if present).

Note that comparisons between instances of the

entPhysicalModelName, entPhysicalFirmwareRev,

entPhysicalSoftwareRev, and the entPhysicalSerialNum

objects, are only meaningful amongst entPhysicalEntries with

the same value of entPhysicalMfgName.

If the manufacturer name string associated with the physical

component is unknown to the agent, then this object will

contain a zero-length string.

SNMP agent cisco.asav.phys.mfgname[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} Model name

MIB: ENTITY-MIB

The vendor-specific model name identifier string associated

with this physical component. The preferred value is the

customer-visible part number, which may be printed on the

component itself.

If the model name string associated with the physical

component is unknown to the agent, then this object will

contain a zero-length string.

SNMP agent cisco.asav.phys.model[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Trigger prototypes for Physical entry discovery

Name Description Expression Severity Dependencies and additional info
Cisco ASAv: {#CISCO.ASAV.PHYS.NAME} has been replaced

{#CISCO.ASAV.PHYS.NAME} serial number has changed. Acknowledge to close the problem manually.

last(/Cisco ASAv by SNMP/cisco.asav.phys.sn[{#SNMPINDEX}],#1)<>last(/Cisco ASAv by SNMP/cisco.asav.phys.sn[{#SNMPINDEX}],#2) and length(last(/Cisco ASAv by SNMP/cisco.asav.phys.sn[{#SNMPINDEX}]))>0 Info Manual close: Yes

LLD rule Interface discovery

Name Description Type Key and additional info
Interface discovery

Network interfaces discovery

SNMP agent cisco.asav.net.if.discovery

Item prototypes for Interface discovery

Name Description Type Key and additional info
Cisco ASAv: {#CISCO.IF.NAME} Interface name

MIB: CISCO-PORT-MIB

Descriptive name that identifies this port.

SNMP agent cisco.asav.net.if.name[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.IF.NAME} Interface description

MIB: IF-MIB

A textual string containing information about the interface

SNMP agent cisco.asav.net.if.descr[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.IF.NAME} Operational status

MIB: IF-MIB

The current operational state of the interface.

The testing(3) state indicates that no operational

packets can be passed.

SNMP agent cisco.asav.net.if.operstatus[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.IF.NAME} Administrative status

MIB: IF-MIB

The desired state of the interface. The

testing(3) state indicates that no operational

packets can be passed.

SNMP agent cisco.asav.net.if.adminstatus[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.IF.NAME} Incoming traffic

MIB: IF-MIB

The total number of octets received on the interface,

including framing characters.

SNMP agent cisco.asav.net.if.in.traffic[{#SNMPINDEX}]

Preprocessing

  • Custom multiplier: 8

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Incoming unicast packets

MIB: IF-MIB

The number of packets, delivered by this sub-layer to a

higher (sub-)layer, which were not addressed to a multicast

or broadcast address at this sub-layer

SNMP agent cisco.asav.net.if.in.ucastpkts[{#SNMPINDEX}]

Preprocessing

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Incoming multicast packets

MIB: IF-MIB

The number of packets, delivered by this sub-layer to a

higher (sub-)layer, which were addressed to a multicast

address at this sub-layer. For a MAC layer protocol, this

includes both Group and Functional addresses.

SNMP agent cisco.asav.net.if.in.multicastpkts[{#SNMPINDEX}]

Preprocessing

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Incoming broadcast packets

MIB: IF-MIB

The number of packets, delivered by this sub-layer to a

higher (sub-)layer, which were addressed to a broadcast

address at this sub-layer.

SNMP agent cisco.asav.net.if.in.broadcastpkts[{#SNMPINDEX}]

Preprocessing

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Outgoing traffic

MIB: IF-MIB

The total number of octets transmitted out of the

interface, including framing characters. This object is a

64-bit version of ifOutOctets.

SNMP agent cisco.asav.net.if.out.traffic[{#SNMPINDEX}]

Preprocessing

  • Custom multiplier: 8

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Outgoing unicast packets

MIB: IF-MIB

The total number of packets that higher-level protocols

requested be transmitted, and which were not addressed to a

multicast or broadcast address at this sub-layer, including

those that were discarded or not sent.

SNMP agent cisco.asav.net.if.out.ucastpkts[{#SNMPINDEX}]

Preprocessing

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Outgoing multicast packets

MIB: IF-MIB

The total number of packets that higher-level protocols

requested be transmitted, and which were addressed to a

multicast address at this sub-layer, including those that

were discarded or not sent. For a MAC layer protocol, this

includes both Group and Functional addresses.

SNMP agent cisco.asav.net.if.out.multicastpkts[{#SNMPINDEX}]

Preprocessing

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Outgoing broadcast packets

MIB: IF-MIB

The total number of packets that higher-level protocols

requested be transmitted, and which were addressed to a

broadcast address at this sub-layer, including those that

were discarded or not sent.

SNMP agent cisco.asav.net.if.out.broadcastpkts[{#SNMPINDEX}]

Preprocessing

  • Change per second
Cisco ASAv: {#CISCO.IF.NAME} Link speed

MIB: IF-MIB

An estimate of the interface's current bandwidth in bits per second

SNMP agent cisco.asav.net.if.highspeed[{#SNMPINDEX}]

Preprocessing

  • Custom multiplier: 1000000

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.IF.NAME} Incoming utilization

Interface utilization percentage

Calculated cisco.asav.net.if.in.util[{#SNMPINDEX}]

Preprocessing

  • In range: 0 -> 100

    Custom on fail: Discard value

  • JavaScript: return +parseFloat(value).toFixed(0);

Cisco ASAv: {#CISCO.IF.NAME} Outgoing utilization

Interface utilization percentage

Calculated cisco.asav.net.if.out.util[{#SNMPINDEX}]

Preprocessing

  • In range: 0 -> 100

    Custom on fail: Discard value

  • JavaScript: return +parseFloat(value).toFixed(0);

Trigger prototypes for Interface discovery

Name Description Expression Severity Dependencies and additional info
Cisco ASAv: {#CISCO.IF.NAME} Link down

This trigger expression works as follows:
1. It can be triggered if the operations status is down.
2. {TEMPLATE_NAME:METRIC.diff()}=1) - trigger fires only if operational status was up(1) sometime before. (So, do not fire 'ethernal off' interfaces.)

WARNING: if closed manually - won't fire again on next poll, because of .diff.

last(/Cisco ASAv by SNMP/cisco.asav.net.if.operstatus[{#SNMPINDEX}])=2 and last(/Cisco ASAv by SNMP/cisco.asav.net.if.operstatus[{#SNMPINDEX}],#1)<>last(/Cisco ASAv by SNMP/cisco.asav.net.if.operstatus[{#SNMPINDEX}],#2) Average Manual close: Yes

LLD rule Memory discovery

Name Description Type Key and additional info
Memory discovery

Discovery of ciscoMemoryPoolTable, a table of memory pool monitoring entries.

SNMP agent cisco.asav.memory.discovery

Item prototypes for Memory discovery

Name Description Type Key and additional info
Cisco ASAv: {#SNMPVALUE} Used memory

MIB: CISCO-MEMORY-POOL-MIB

Indicates the number of bytes from the memory pool that are currently in use by applications on the managed device.

Reference: http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15216-contiguous-memory.html

SNMP agent cisco.asav.memory.used[{#SNMPINDEX}]
Cisco ASAv: {#SNMPVALUE} Free memory

MIB: CISCO-MEMORY-POOL-MIB

Indicates the number of bytes from the memory pool that are currently unused on the managed device. Note that the sum of ciscoMemoryPoolUsed and ciscoMemoryPoolFree is the total amount of memory in the pool

Reference: http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/15216-contiguous-memory.html

SNMP agent cisco.asav.memory.free[{#SNMPINDEX}]
Cisco ASAv: {#SNMPVALUE} Memory utilization

Memory utilization in %.

Calculated cisco.asav.memory.util[{#SNMPINDEX}]

Trigger prototypes for Memory discovery

Name Description Expression Severity Dependencies and additional info
Cisco ASAv: High memory utilization

The system is running out of free memory.

min(/Cisco ASAv by SNMP/cisco.asav.memory.util[{#SNMPINDEX}],5m)>{$MEMORY.UTIL.MAX} Average

LLD rule CPU discovery

Name Description Type Key and additional info
CPU discovery

Discovery of cpmCPUTotalTable, a table of CPU monitoring entries.

SNMP agent cisco.asav.cpu.discovery

Item prototypes for CPU discovery

Name Description Type Key and additional info
Cisco ASAv: CPU [{#SNMPINDEX}] Utilization

MIB: CISCO-PROCESS-MIB

The overall CPU busy percentage in the last 5 minute

period. This object deprecates the object cpmCPUTotal5min

and increases the value range to (0..100).

SNMP agent cisco.asav.cpu.util[{#SNMPINDEX}]

Trigger prototypes for CPU discovery

Name Description Expression Severity Dependencies and additional info
Cisco ASAv: High CPU utilization

The CPU utilization is too high. The system might be slow to respond.

min(/Cisco ASAv by SNMP/cisco.asav.cpu.util[{#SNMPINDEX}],5m)>{$CPU.UTIL.CRIT} Warning

LLD rule Session discovery

Name Description Type Key and additional info
Session discovery

Remote access session discovery

SNMP agent cisco.asav.session.discovery

Item prototypes for Session discovery

Name Description Type Key and additional info
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Authenticate method

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The method used to authenticate the user prior to

establishing the session.

SNMP agent cisco.asav.session.authen.method[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Authorize method

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The method used to authorize the user prior to

establishing the session.

SNMP agent cisco.asav.session.author.method[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Session duration

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The number of seconds elapsed since this session

was established.

SNMP agent cisco.asav.session.duration[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 1h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Local address

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The IP address assigned to the client of this session

in the private network assigned by the managed entity.

SNMP agent cisco.asav.session.addr.local[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] ISP address

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The IP address of the peer (client) assigned by the ISP.

This is the address of the client device in the public

network.

SNMP agent cisco.asav.session.addr.isp[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Session protocol

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The protocol underlying this remote access session.

SNMP agent cisco.asav.session.protocol[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Encryption algorithm

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The algorithm used by this remote access session to

encrypt its payload.

SNMP agent cisco.asav.session.encryption[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Algorithm validate packets

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The algorithm used by this remote access session to

to validate packets.

SNMP agent cisco.asav.session.authen.algorithm[{#SNMPINDEX}]

Preprocessing

  • Discard unchanged with heartbeat: 6h

Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Incoming traffic

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The rate of octets received by this Remote

Access Session.

This value is accumulated BEFORE determining whether

or not the packet should be decompressed.

SNMP agent cisco.asav.session.in.traffic[{#SNMPINDEX}]

Preprocessing

  • Custom multiplier: 8

  • Change per second
Cisco ASAv: {#CISCO.CRAS.USER} [{#CISCO.CRAS.INDEX}] Outgoing traffic

MIB: CISCO-REMOTE-ACCESS-MONITOR-MIB

The rate of octets transmitted by this Remote

Access Session.

This value is accumulated AFTER determining whether

or not the packet should be compressed.

SNMP agent cisco.asav.session.out.traffic[{#SNMPINDEX}]

Preprocessing

  • Custom multiplier: 8

  • Change per second

Feedback

Please report any issues with the template at https://support.zabbix.com

You can also provide feedback, discuss the template, or ask for help at ZABBIX forums