Hi,

If you run the poller in debug, you'll see the SNMP queries, whcih will probably verify that for some reason, some fo these devices are not exposing the IPSEC in SNMP.

Not at all uncommon for devices to randomly not expose data via SNMP. Most vendors have horribly bad QA on their SNMP stacks.

./poller.php -h <host> -m cipsec-tunnels -d

adam.

Sent from Mailbird

On 04/03/2016 03:24:37, Warren Daly (OPUS) <warren@opus.com.kh> wrote:

Hi,
thanks for Observium. Excellent install, and day to day experience with
this fine product.

We have 10x Cisco 5510 ASA firewalls on our WAN. They all run IOS 9.1.6.
There are various IKEv1 and v2 VPN tunnels setup between them. There are
no routing protocols such as BGP, OSPF activated on any of them.
Pretty basic configs to be honest. Every one of them has at least 1
default route in the config. Reverse route injection on the tunnel.

My main goal is to monitor traffic in/out of the VPN tunnels.
This was easily achieved on most of the devices... after polling the
routing tab appeared in Observium web interface.
When I click on 'Routing' I can see the ipsec tunnels being graphed.

Wondering why a number of the CIsco ASA do not show a routing tab in the
Observium menu. And the ones that do have a routing tab are missing some
tunnel info and graphs.
I've diff'd the Cisco configs, but can't spot anything that would affect
the poller not detecting the IPSec tunnels.
I tried to search the archives for a similar issue but the link 404's on
this page http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

The device that have no routing tab on the web interface are polled and
show this

##### Module Start: cipsec-tunnels #####
o Module time 0.1326s

as you can see there is no Tunnel detected.

On the other devices with routing menu on the web interface, some ipsec
tunnel graphs are missing.
When I run the poller it shows this.....
##### Module Start: cipsec-tunnels #####
Tunnel 5292 (21958656)
Address x.x.x.x
HC Tunnel 7713 (36671488)
Address y.y.y.y
HC Tunnel 7714 ()
Address
HC o Module time 4.6601s

Notice how HC Tunnel 7714 has no ip. Odd, as this tunnel is up and
passing traffic. This graph is missing from the web interface.
It's only IKEv2 wondering if this causes an issue?

Devices are all polled using SNMP v2c
The monitoring machine runs
Version: CE 0.16.1.7533
Ubuntu 14.04.4 LTS 64 Bit

Any help is greatly appreciated.
Regards,
Warren

--
Warren Daly
Chief Technical Officer

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium