Do keep in mind that in true “high-availability” scenarios, the MAC address can be manually configured as part of the ASA failover, thus making it where the device MAC address does NOT change in case of a failover situation, the standby device even assumes the configured MAC address.

Just having a cursory glance at the CISCO-FIREWALL-MIB, the only thing I find is as follows:

Hardware ::= TEXTUAL-CONVENTION

    STATUS current

    DESCRIPTION       "This textual convention is used to describe various hardware

        resouces that can be monitored by the firewall.

        memory         - identifies memory.

        disk           - identifies disk.

        power          - identifies power.

        netInterface   - identifies a network interface.

        tape           - identifies a tape drive.

        controller     - identifies hardware controller.

        cpu            - identifies CPU.

        primaryUnit    - identifies the primary unit of the two

                         identical firewalls configured redundancy.

        secondaryUnit  - identifies the secondary unit of the two

                         identical firewalls configured redundancy.

        other          - identifies other hardware.

That might be one OID that can be polled to determine which device is active…. that primaryUnit vs secondaryUnit.

…Ron

From: observium [mailto:observium-bounces@observium.org] On Behalf Of Lukasz Sztukowski
Sent: Wednesday, November 05, 2014 9:13 AM
To: Observium Network Observation System
Subject: Re: [Observium] Cisco ASA failover

If only mac address would become metric attribute it would be possible to track failovers and alert whenever mac changes.
I'm not sure if thats possible but hope to see it.
Lukasz