Hi,
Has anyone else noticed that the soft version of Cisco ASA, hosted in Azure, just reports back as a generic device, without any of the lovely ASA specific features that Observium normally displays?
'Cisco Firepower Threat Defense, Version 6.2.3.13 (Build 53), ASA Version 9.9(2)51'
Regards
Darren
Hi,
which version of Observium?
Attach debug for: ./discovery.php -d -m os -h <device>
This should be detect correctly in recent version (for Pro subs).
Storer, Darren via observium wrote on 14/06/2019 11:31:
Hi,
Has anyone else noticed that the soft version of Cisco ASA, hosted in Azure, just reports back as a generic device, without any of the lovely ASA specific features that Observium normally displays?
'Cisco Firepower Threat Defense, Version 6.2.3.13 (Build 53), ASA Version 9.9(2)51'
Regards
Darren
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi Darren,
I tried to fix many of these with Mike. Are u running the latest commit ?
Else you can add this in your config file to overrule these temporarily
$config['os']['asa']['discovery'][] = array(
'sysObjectID' => '.1.3.6.1.4.1.9.1',
'sysDescr' => ['/Cisco Firepower Threat Defense.* ASA/',
'/Cisco Adaptive Security Appliance/']
);
Just make sure the sysobjectid is within .1.3.6.1.4.9.1
FYI the appliance you are trying to monitor is not an ASA but an FTD appliance ☹ these are different. The instance you are trying to monitor is the lina instance (so up until L4) all L7 and snort stuff is in another shell, and has to be monitored separately. They are aiming to make it a unified OS but they’ve still got a lot to do.
Kind regards
From: observium observium-bounces@observium.org On Behalf Of Storer, Darren via observium Sent: Friday, June 14, 2019 10:32 To: Observium Network Observation System observium@observium.org Cc: Storer, Darren darren.storer@gmail.com Subject: [Observium] Cisco ASA in Azure?
Hi,
Has anyone else noticed that the soft version of Cisco ASA, hosted in Azure, just reports back as a generic device, without any of the lovely ASA specific features that Observium normally displays?
'Cisco Firepower Threat Defense, Version 6.2.3.13 (Build 53), ASA Version 9.9(2)51'
Regards
Darren
Hi Stefan,
Updating to the latest code has fixed the issue - the Azure FTD is being reported correctly now.
Many thanks
Darren
On Fri, 14 Jun 2019 at 11:57, Stef Renders stef.renders@cronos.be wrote:
Hi Darren,
I tried to fix many of these with Mike. Are u running the latest commit ?
Else you can add this in your config file to overrule these temporarily
$config['os']['asa']['discovery'][] = array(
'sysObjectID' => '.1.3.6.1.4.1.9.1',
'sysDescr' => ['/Cisco Firepower Threat Defense.* ASA/',
'/Cisco Adaptive SecurityAppliance/']
);
Just make sure the sysobjectid is within .1.3.6.1.4.9.1
FYI the appliance you are trying to monitor is not an ASA but an FTD appliance ☹ these are different. The instance you are trying to monitor is the lina instance (so up until L4) all L7 and snort stuff is in another shell, and has to be monitored separately. They are aiming to make it a unified OS but they’ve still got a lot to do.
[image: Image result for ftd lina]
Kind regards
*From:* observium observium-bounces@observium.org *On Behalf Of *Storer, Darren via observium *Sent:* Friday, June 14, 2019 10:32 *To:* Observium Network Observation System observium@observium.org *Cc:* Storer, Darren darren.storer@gmail.com *Subject:* [Observium] Cisco ASA in Azure?
Hi,
Has anyone else noticed that the soft version of Cisco ASA, hosted in Azure, just reports back as a generic device, without any of the lovely ASA specific features that Observium normally displays?
'Cisco Firepower Threat Defense, Version 6.2.3.13 (Build 53), ASA Version 9.9(2)51'
Regards
Darren
participants (3)
-
Mike Stupalov -
Stef Renders -
Storer, Darren