Anyone have a good example of tests they are using to monitor when a PIX interface is using like 90% of capacity or there has been a large increase in traffic? For capacity, there would have to be some kind of manual setting to tell it like 1.5mb versus the default 100mb interface.
Thanks.
Monitoring PIX interfaces using SNMP
The issues surrounding the monitoring of the PIX are similar to those associate with Cisco routers. See thread:
http://www.ks-soft.net/cgi-bin/phpBB/vi ... php?t=1119
There are no SNMP counters on the PIX (AFAIK) for 'current bandwidth utilization' on an interface. It is possible to watch IN/OUT octets over time and derive the bandwidth. Consider using MRTG for this purpose.
There are also no SNMP counters for 'CPU utilization' ( again AFAIK)
You may want to look at Kiwi Cat Tools which, among other things, can log into your PIX, perform a command (e.g. 'show cpu summary') and save the output to a local file.
http://www.ks-soft.net/cgi-bin/phpBB/vi ... php?t=1119
There are no SNMP counters on the PIX (AFAIK) for 'current bandwidth utilization' on an interface. It is possible to watch IN/OUT octets over time and derive the bandwidth. Consider using MRTG for this purpose.
There are also no SNMP counters for 'CPU utilization' ( again AFAIK)
You may want to look at Kiwi Cat Tools which, among other things, can log into your PIX, perform a command (e.g. 'show cpu summary') and save the output to a local file.
I currently use MRTG but it doesn't alert me when someone is downloading a large file for 5+ minutes. Usually someone will complain about the speed and then I look at MRTG to see the utilization is running high. Is there a way to get MRTG to alert?
What I have setup in Hostmonitor that seems to work is get the incoming bytes and test every 5 minutes if the counter has increased by 50MB. When testing with large downloaded files, I'm getting a little over 10MB per minute and I don't want to pick up short spikes. I might bring the test down to around 40mb in case the transfer speed is a little slower.
I also use cat tools but once again it can't alert when people are downloading large files.
What I have setup in Hostmonitor that seems to work is get the incoming bytes and test every 5 minutes if the counter has increased by 50MB. When testing with large downloaded files, I'm getting a little over 10MB per minute and I don't want to pick up short spikes. I might bring the test down to around 40mb in case the transfer speed is a little slower.
I also use cat tools but once again it can't alert when people are downloading large files.
Looks like I may be wrong WITH RESPECT TO CISCO ROUTERS on both the Interface and CPU utilization issue. I've just discovered:
OID_Variable Type Value
1.3.6.1.4.1.9.2.1.56.0 busyPer INTEGER
- CPU busy percentage in the last 5 second period. Not the last 5 realtime seconds but the last 5 second period in the scheduler.
1.3.6.1.4.1.9.2.1.57.0 avgBusy1 INTEGER
- 1 minute exponentially-decayed moving average of the CPU busy percentage.
1.3.6.1.4.1.9.2.1.58.0 avgBusy5 INTEGER
- 5 minute exponentially-decayed moving average of the CPU busy percentage.
For bits/sec see:
OID Variable Type Value
1.3.6.1.4.1.9.2.2.1.1.8.1 locIfOutBitsSec INTEGER
1.3.6.1.4.1.9.2.2.1.1.8.2 locIfOutBitsSec INTEGER
.... (increments with each interface)
OID Variable Type Value
1.3.6.1.4.1.9.2.2.1.1.6.1 locIfInBitsSec INTEGER
1.3.6.1.4.1.9.2.2.1.1.6.2 locIfInBitsSec INTEGER
.... (increments with each interface)
Described as:
Five minute exponentially-decayed moving
average of input bits per second.
OID_Variable Type Value
1.3.6.1.4.1.9.2.1.56.0 busyPer INTEGER
- CPU busy percentage in the last 5 second period. Not the last 5 realtime seconds but the last 5 second period in the scheduler.
1.3.6.1.4.1.9.2.1.57.0 avgBusy1 INTEGER
- 1 minute exponentially-decayed moving average of the CPU busy percentage.
1.3.6.1.4.1.9.2.1.58.0 avgBusy5 INTEGER
- 5 minute exponentially-decayed moving average of the CPU busy percentage.
For bits/sec see:
OID Variable Type Value
1.3.6.1.4.1.9.2.2.1.1.8.1 locIfOutBitsSec INTEGER
1.3.6.1.4.1.9.2.2.1.1.8.2 locIfOutBitsSec INTEGER
.... (increments with each interface)
OID Variable Type Value
1.3.6.1.4.1.9.2.2.1.1.6.1 locIfInBitsSec INTEGER
1.3.6.1.4.1.9.2.2.1.1.6.2 locIfInBitsSec INTEGER
.... (increments with each interface)
Described as:
Five minute exponentially-decayed moving
average of input bits per second.