Hi,
I've got two VPN connections on my Cisco ASA which I would like to monitor the traffic overnight. There is a cron job that runs every morning at 2am.
The goal is to have a trigger based on that calculated item. If there hasn't been any traffic on that VPN at 2am, then triggers an alert.
I created two items:
1. It runs an external script check, that checks if the VPN has been used. This is a perl script and it's working fine, as you can check below:
Item IPSec VPN Received:
Item IPSec VPN Sent:
Item vpn_calculated:
The latest data for that item is 0:
So that calculated item is not working. Why is that? Is that because the VPN cron job isn't running at 2am o'clock? but it is running at 2:01am as we can check the first screenshot?
How could I get this working?
Cheers!
EDIT 1 2018-07-23:
I've increased the log_level to debug mode so I can get more data (I changed the scheduling time to now for testing)
The log entries I have are:
However, the values are still 0, even though there is traffic over that VPN connection. I believe the calculated item formula is wrong due I am using an external check on this case, rather than an item.
EDIT 2:
I generated some heavy traffic over that vpn (usually the usage of it is around 10 bps. Only at a certain time of the day that it gets hard usage). Then I changed the calculated_item scheduled interval to every 5 minutes to test.
I was then able to get a value for it:
However, when I put the scheduled time back to being weekdays at 2an (wd1-5h02) I am getting value = 0 and the alert is triggered.
But at 2 am I also don't get any values... it shows me 0. Even though there has been some.
Still don't know how to fix this.
I've got two VPN connections on my Cisco ASA which I would like to monitor the traffic overnight. There is a cron job that runs every morning at 2am.
The goal is to have a trigger based on that calculated item. If there hasn't been any traffic on that VPN at 2am, then triggers an alert.
I created two items:
1. It runs an external script check, that checks if the VPN has been used. This is a perl script and it's working fine, as you can check below:
Item IPSec VPN Received:
Code:
Type: External check Key: query_lan2_lan_cisco_final.pl["public","192.168.9.254","ASA","get","RX","201.201.201.201"]") Units: bps Update interval: 1m
Code:
Type: External check Key: query_lan2_lan_cisco_final.pl["public","192.168.9.254","ASA","get","TX","201.201.201.201"]") Units: bps Update interval: 1m
Code:
Type: Calculated
key: vpn_calculated
Formula: last("query_lan2_lan_cisco_final.pl[\"public\",\"192.168.9.254\",\"ASA\",\"get\",\"TX\",\"201.201.201.201\"]")+last("query_lan2_lan_cisco_final.pl[\"public\",\"192.168.9.254\",\"ASA\",\"get\",\"RX\",\"201.201.201.201\"]")
Units: bps
Update interval: 0
Custom intervals Scheduling = wd1-5h02-03
So that calculated item is not working. Why is that? Is that because the VPN cron job isn't running at 2am o'clock? but it is running at 2:01am as we can check the first screenshot?
How could I get this working?
Cheers!
EDIT 1 2018-07-23:
I've increased the log_level to debug mode so I can get more data (I changed the scheduling time to now for testing)
The log entries I have are:
Code:
32424:20180723:114000.384 calcitem_parse_expression() functionid:1 function:'Cisco_ASA_1:query_lan2_lan_cisco_final.pl["public","192.168.9.254","ASA","get","TX","201.201.201.201"].last()' 32424:20180723:114000.384 calcitem_parse_expression() functionid:2 function:'Cisco_ASA_1:query_lan2_lan_cisco_final.pl["public","192.168.9.254","ASA","get","RX","201.201.201.201"].last()' 32424:20180723:114000.384 In evaluate_function() function:'Cisco_ASA_1:query_lan2_lan_cisco_final.pl["public","192.168.9.254","ASA","get","TX","201.201.201.201"].last()' 32424:20180723:114000.384 In evaluate_function() function:'Cisco_ASA_1:query_lan2_lan_cisco_final.pl["public","192.168.9.254","ASA","get","RX","201.201.201.201"].last()' 32418:20180723:114000.522 In evaluate_function() function:'Cisco_ASA_1:item_calculated.last(0)'
EDIT 2:
I generated some heavy traffic over that vpn (usually the usage of it is around 10 bps. Only at a certain time of the day that it gets hard usage). Then I changed the calculated_item scheduled interval to every 5 minutes to test.
I was then able to get a value for it:
However, when I put the scheduled time back to being weekdays at 2an (wd1-5h02) I am getting value = 0 and the alert is triggered.
But at 2 am I also don't get any values... it shows me 0. Even though there has been some.
Still don't know how to fix this.
Comment