MRTG/Routers2: Template Cisco ASA

I constructed a MRTG/Routers2 configuration template for the Cisco ASA firewall which consists the OIDs (graphs) for the interfaces, CPU, memory, VPNs, connections, ping times, and traceroute hop counts. With only four search-and-replace changes as well as a few further specifications, the whole SNMP monitoring for that firewall is configured.

With this template, the following graphs are shown:

  • Interfaces
  • CPU & Memory
  • Connections
  • VPN Sessions (RA & S2S total count)
  • VPN Remote Access Sessions (IPsec, AnyConnect, WebVPN)
  • Ping Outside IP (mrtg-ping-probe script covered here)
  • Ping Inside IP through VPN-Tunnel (if available)
  • Hop Count to Outside IP (with my script from here)
  • Short Summary (only: CPU, connections, VPN, outside interface, ping outside)

Download the Template

This is the *.cfg template file. Follow the first comment lines in the file to replace the correct values inside the template.

 

Sample Graphs

Here is a gallery with all the graphs from that template (all in the “weekly” view):

And here a few graphs with the values over two years to see the trends:

5 thoughts on “MRTG/Routers2: Template Cisco ASA

  1. HI Johannes!

    Thnaks for your fabulous script to monitor ASA. I’m using it but I have a little problem.

    I have set the:

    options[_]: growright,bits

    before your code/script, but MTRG is displaying the graphs from right to left (growlefth) , instead from left to right (growrigth)

    Could you help me? What I am doing wrong?

    Thnx!

  2. Hi All,

    I am using MRTG and Kaseya Traverse for monitoring my routers.
    But i have and issue with them, when i compare the traffic IN & OUT values of both they seems to be different.
    Kaseya Traverse shows the kbps, so i have configured same in MRTG so that i can get the value in kbps, but no luck.

    Can any one help on this……

    Thanks in advance….

    1. Hello,

      per default MRTG queries the inOctets and outOctets via SNMP. MRTG then displays the values in bits/s (bps) in the graphs.
      Unfortunately I have not yet worked with Kaseya Traverse. I don’t know how it’s working. Are they using SNMP, too? If so, please verify (e.g. with tcpdump/Wireshark) which OIDs are queried and compare them with MRTG. If you have Cisco devices you can show the interface stats on the devices with “show interfaces counters”.

      In general, you are absolutely correct: Both systems should display almost the same values!
      Cheers,
      Johannes

Leave a Reply

Your email address will not be published. Required fields are marked *