How to keep track of OIDs with changing suffixes
Hi there!
We have several different Cisco firewall devices in which we implement VPN site to site connections. For some time we have been trying to properly monitor the status of the tunnels, both traffic and tunnel session uptime, but we face several strange behaviors with this sort of items. We have been trying to get this running using Discoveries.
Let me show you an example (with some masked information to keep privacy of the data).
This OIDs will show the tunnel names:
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.6.113.97.120.97.107.97.178319361 = STRING: VPN_Customer1
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.10.100.109.104.46.104.105.121.117.106.97.175693825 = STRING: VPN_Customer2
This OIDs will show the tunnel uptime since last reset:
.1.3.6.1.4.1.9.9.392.1.3.21.1.6.6.113.97.120.97.107.97.178319361 = Counter32: 441
.1.3.6.1.4.1.9.9.392.1.3.21.1.6.10.100.109.104.46.104.105.121.117.106.97.175693825 = Counter32: 23208
This OIDs will show the tunnel incoming packets counters since last reset:
.1.3.6.1.4.1.9.9.392.1.3.21.1.31.6.113.97.120.97.107.97.178319361 = Counter64: 9 Packets
.1.3.6.1.4.1.9.9.392.1.3.21.1.31.10.100.109.104.46.104.105.121.117.106.97.175693825 = Counter64: 75362 Packets
The problem is that every time the tunnel resets the last part of the OID, 178319361 and 175693825 in the examples, change to a new value which seems to be dynamically assigned. The rest of the OID is not modified. Using the zabbix Discovery we are able to keep track of that new item, but every graph and dashboard or screen get broken until the old item, which became "Unsupported", is deleted. To keep track of the tunnel resets we keep the Unsupported items for several days which lead to all graphs broken for several days.
To keep track of this items what we do is configure Zabbix items and discovery this way:
Is there any way to overcome this issue with the graphs?
Thanks!
We have several different Cisco firewall devices in which we implement VPN site to site connections. For some time we have been trying to properly monitor the status of the tunnels, both traffic and tunnel session uptime, but we face several strange behaviors with this sort of items. We have been trying to get this running using Discoveries.
Let me show you an example (with some masked information to keep privacy of the data).
This OIDs will show the tunnel names:
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.6.113.97.120.97.107.97.178319361 = STRING: VPN_Customer1
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.10.100.109.104.46.104.105.121.117.106.97.175693825 = STRING: VPN_Customer2
This OIDs will show the tunnel uptime since last reset:
.1.3.6.1.4.1.9.9.392.1.3.21.1.6.6.113.97.120.97.107.97.178319361 = Counter32: 441
.1.3.6.1.4.1.9.9.392.1.3.21.1.6.10.100.109.104.46.104.105.121.117.106.97.175693825 = Counter32: 23208
This OIDs will show the tunnel incoming packets counters since last reset:
.1.3.6.1.4.1.9.9.392.1.3.21.1.31.6.113.97.120.97.107.97.178319361 = Counter64: 9 Packets
.1.3.6.1.4.1.9.9.392.1.3.21.1.31.10.100.109.104.46.104.105.121.117.106.97.175693825 = Counter64: 75362 Packets
The problem is that every time the tunnel resets the last part of the OID, 178319361 and 175693825 in the examples, change to a new value which seems to be dynamically assigned. The rest of the OID is not modified. Using the zabbix Discovery we are able to keep track of that new item, but every graph and dashboard or screen get broken until the old item, which became "Unsupported", is deleted. To keep track of the tunnel resets we keep the Unsupported items for several days which lead to all graphs broken for several days.
To keep track of this items what we do is configure Zabbix items and discovery this way:
- To identify the SNMPINDEX we create different discovery rules, each pointing to separate OIDs:
- 1.3.6.1.4.1.9.9.392.1.3.21.1.2.6.113.97.120.97.107.97
- 1.3.6.1.4.1.9.9.392.1.3.21.1.6.10.100.109.104.46.104.105.121.117.106.97
- To get the uptime, on each discovery setup the item differently:
- 1.3.6.1.4.1.9.9.392.1.3.21.1.6.6.113.97.120.97.107.97.{#SNMPINDEX}
- 1.3.6.1.4.1.9.9.392.1.3.21.1.6.10.100.109.104.46.104.105.121.117.106.97.{#SNMPINDEX}
- Same for the packet counters:
- 1.3.6.1.4.1.9.9.392.1.3.21.1.31.6.113.97.120.97.107.97.{#SNMPINDEX}
- 1.3.6.1.4.1.9.9.392.1.3.21.1.31.10.100.109.104.46.104.105.121.117.106.97.{#SNMPINDEX}
Is there any way to overcome this issue with the graphs?
Thanks!