As a local government employee with limited budget for IT infrastructure monitoring, I (and the rest of the staff) rely on low-cost, free, and open-source tools to provide network monitoring and infrastructure reporting solutions wherever possible.
We were recently able to leverage a third-party MIB library with Cacti to gather some interesting statistics on our firewalls, and it was surprisingly easy to do for the value gained.
A primer: I'm writing this guide for Cacti, but you can most likely use the same techniques for your network monitoring tool, even if it's a paid solution. Also, shoutout to Palo Alto Networks for making their MIB library freely available, but do a little searching for your vendor of choice and see what they have on offer. Finally, if you want to get up and running with Cacti, the how-tos for that are readily available. So with that, let's begin!
In our scenario, we want to track the number of concurrent VPN connections to our VPN gateways, and provide that data to management for usage, scaling, and cost-saving purposes. Out of the box, this is difficult to do; the gateway's built-in web administration tool doesn't show this statistic. However, a little internet sleuthing reveals the vendor does have a SNMP MIB package for monitoring this datapoint.
Backing up a minute - SNMP is the Simple Network Management Protocol. An SNMP collector can gather statistics from a device (a target) by running a "poll" and authenticating (hopefully) on (at least) a community string, basically a password.
A MIB, or Management Information Base, is a hierarchical database of SNMP poll-able objects called OIDs, or object identifiers. The OID is the data you're trying to collect. Commonly, the OID provides data on something like bandwidth in use on an interface. When you run your poller on a target at a regular interval (5 minutes is common), you can plot the results on a graph.
There is some standardization for MIBs, and most SNMP collectors will have the usual suspects pre-installed to facilitate collection of things like interface statistics, temperature, processor/memory utilization, etc. SNMP would be significantly less useful without vendor agreement to use standard MIBs; most collectors work well out of the box. In our case, we're looking for enhanced functionality provided by our vendor to monitor their proprietary solution.
So back to Cacti. Cacti works by integrating a web interface for several underlying processes that make a modest Linux VM a powerful SNMP collector, but the "poller" is
snmpd. In CentOS, you can install custom MIBs in
/usr/share/snmp/mibs - for our vendor (Palo Alto) we used
wget to download and extract the compressed MIBs file to the
mibs folder. Note they also included the associated checksums, but other vendors may not, and they are not required.
Now that we have our MIBs, we need to tell
snmpd to look for them when making polls. To do this, we go up to
/usr/share/snmp and create a file called
snmp.conf and add the MIB files, one line at a time. In our case, the GlobalProtect VPN sessions integer is in
PAN-COMMON-MIB, so all we add to
snmp.conf is one line - the daemon does not need to be restarted.
Note: there is also a way to add all of the MIB files at the same time, but
snmpd's documentation doesn't explicitly recommend this.
Now that our MIB file is loaded, we go to the vendor's documentation to find out which OID corresponds to the data we're trying to collect. For tracking these VPN sessions, the OID is 22.214.171.124.4.1.254126.96.36.199.5.1.3, and the MIB defines a suffix (consult your vendor's documentation, it will make sense) of 0, so to collect our data, we use 188.8.131.52.4.1.254184.108.40.206.220.127.116.11.
In order to test this before production, we can use the
snmpget command in this format, assuming you are using SNMP version 2 (and if you are not running at least version 2, you have problems):
snmpget -v2c -c $your_community_string $target.ip $OID
The command immediately polls the target and comes back, hopefully, with your datapoint.
PAN-COMMON-MIB::panGPGWUtilizationActiveTunnels.0 = INTEGER: 1197
From here, we can create our custom poller in Cacti. We've gone into creating a new graph using the "Generic OID" Template, and put the OID we just tested into the "Custom Data" field, while giving in appropriate labels.
We later cloned the "Generic OID" template to a new template that always used this OID, so we can make the creation of new graphs less manual. Check with your SNMP collector of choice's documentation for the relevant how-to here.
We now have a graph showing total numbers of VPN sessions for our cloud gateways, instantly accessible and tracked over time:
SNMP is a protocol that is useful for collecting data on target devices. It uses object identifiers (OIDs) categorized hierarchically into management information bases (MIBs) to obtain accurate data.
Many excellent paid SNMP collectors exist, but accurate collection and reporting can be done on any budget with open-source tools like Cacti.
If you want something polled/graphed, check with your vendor. They usually have custom MIB files free for your use. If it's a numerical value, it can probably be collected using SNMP.
In Linux, MIBs are usually stored in
You can use the
snmpgetcommand to test the functionality of custom MIBs/OIDs before using in production. (Also, check out the
Keep calm and monitor on!