From 7d2ee3bc56fb7f53f23584744420e357de7b8a9b Mon Sep 17 00:00:00 2001 From: laf Date: Thu, 3 Jul 2014 15:27:52 +0100 Subject: [PATCH 1/3] Added support for Cisco ASA Connection graphs --- html/includes/graphs/device/asa_conns.inc.php | 32 ++++++++++ includes/defaults.inc.php | 1 + includes/definitions.inc.php | 4 ++ includes/polling/cisco-asa-firewall.inc.php | 58 +++++++++++++++++++ sql-schema/031.sql | 1 + sql-schema/032.sql | 1 + 6 files changed, 97 insertions(+) create mode 100644 html/includes/graphs/device/asa_conns.inc.php create mode 100644 includes/polling/cisco-asa-firewall.inc.php create mode 100644 sql-schema/032.sql diff --git a/html/includes/graphs/device/asa_conns.inc.php b/html/includes/graphs/device/asa_conns.inc.php new file mode 100644 index 000000000000..5ac548631b71 --- /dev/null +++ b/html/includes/graphs/device/asa_conns.inc.php @@ -0,0 +1,32 @@ + + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. Please see LICENSE.txt at the top level of + * the source code distribution for details. +*/ + +$scale_min = "0"; + +include("includes/graphs/common.inc.php"); + +$rrd_filename = $config['rrd_dir'] . "/" . $device['hostname'] . "/asa_conns.rrd"; + +$rrd_options .= " DEF:connections=$rrd_filename:connections:AVERAGE"; +$rrd_options .= " DEF:connections_max=$rrd_filename:connections:MAX"; +$rrd_options .= " DEF:connections_min=$rrd_filename:connections:MIN"; +$rrd_options .= " AREA:connections_min"; + +$rrd_options .= " LINE1.5:connections#cc0000:'" . rrdtool_escape('Current connections')."'"; +$rrd_options .= " GPRINT:connections_min:MIN:%4.0lf"; +$rrd_options .= " GPRINT:connections:LAST:%4.0lf"; +$rrd_options .= " GPRINT:connections_max:MAX:%4.0lf\\\\l"; + + +?> diff --git a/includes/defaults.inc.php b/includes/defaults.inc.php index 60bb9a7c92b4..a99eefcec0cf 100644 --- a/includes/defaults.inc.php +++ b/includes/defaults.inc.php @@ -529,6 +529,7 @@ $config['poller_modules']['aruba-controller'] = 1; $config['poller_modules']['entity-physical'] = 1; $config['poller_modules']['applications'] = 1; +$config['poller_modules']['cisco-asa-firewall'] = 1; // List of discovery modules. Need to be in this array to be // considered for execution. diff --git a/includes/definitions.inc.php b/includes/definitions.inc.php index ba1702c71f7a..76fadbcca4c8 100644 --- a/includes/definitions.inc.php +++ b/includes/definitions.inc.php @@ -1079,6 +1079,10 @@ $config['graph_types']['device']['netscaler_tcp_pkts']['order'] = '0'; $config['graph_types']['device']['netscaler_tcp_pkts']['descr'] = 'TCP Packets'; +$config['graph_types']['device']['asa_conns']['section'] = 'firewall'; +$config['graph_types']['device']['asa_conns']['order'] = '0'; +$config['graph_types']['device']['asa_conns']['descr'] = 'Current connections'; + $config['graph_descr']['device_smokeping_in_all'] = "This is an aggregate graph of the incoming smokeping tests to this host. The line corresponds to the average RTT. The shaded area around each line denotes the standard deviation."; $config['graph_descr']['device_processor'] = "This is an aggregate graph of all processors in the system."; diff --git a/includes/polling/cisco-asa-firewall.inc.php b/includes/polling/cisco-asa-firewall.inc.php new file mode 100644 index 000000000000..ab6d930b9a00 --- /dev/null +++ b/includes/polling/cisco-asa-firewall.inc.php @@ -0,0 +1,58 @@ + + * + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or (at your + * option) any later version. Please see LICENSE.txt at the top level of + * the source code distribution for details. +*/ + +if($device['os_group'] == "cisco" && $device['os'] == "asa" && $device['type'] == "firewall") +{ + + $oid_list = "cfwConnectionStatValue.protoIp.currentInUse"; + $temp_data = snmpwalk_cache_double_oid($device, $oid_list, array(), "CISCO-FIREWALL-MIB"); + foreach ($temp_data as $oid => $result) + { + $oid = substr(strchr($oid, '.'),1); + $data[$oid]['data'] = $result['cfwConnectionStatValue']; + $asa_db = dbFetchCell("SELECT `ciscoASA_id` FROM `ciscoASA` WHERE `device_id` = ? AND `oid` = ?", array($device['device_id'],$oid)); + if(!is_numeric($asa_db)) + { + $asa_db = dbInsert(array('device_id' => $device['device_id'], 'oid' => $oid, 'data' => $result['cfwConnectionStatValue']), 'ciscoASA'); + } + else + { + $asa_db = dbUpdate(array('data' => $result['cfwConnectionStatValue']), 'ciscoASA', 'device_id=?',array($device['device_id'])); + } + $data[$oid]['db_id'] = $asa_db; + } + + $rrd_filename = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("asa_conns.rrd"); + + $rrd_create .= " DS:connections:GAUGE:600:0:U"; + $rrd_create .= $config['rrd_rra']; + + if(is_file($rrd_filename) || $data['currentInUse']) + { + if (!file_exists($rrd_filename)) + { + rrdtool_create($rrd_filename, $rrd_create); + } + + $rrd_update = "N"; + $rrd_update .= ":".$data['currentInUse']['data']; + + rrdtool_update($rrd_filename, $rrd_update); + $graphs['asa_conns'] = TRUE; + echo(" ASA Connections"); + } + unset($data,$rrd_filename,$rrd_create,$rrd_update); +} + +?> diff --git a/sql-schema/031.sql b/sql-schema/031.sql index 96a662fd027b..856c3efa5e23 100644 --- a/sql-schema/031.sql +++ b/sql-schema/031.sql @@ -1 +1,2 @@ ALTER TABLE `sensors` ADD `sensor_alert` TINYINT( 1 ) NOT NULL DEFAULT '1' AFTER `sensor_limit_low_warn` ; +INSERT INTO `graph_types` SET `graph_type`='device', `graph_subtype`='asa_conns',`graph_section`='firewall',`graph_descr`='Current connections',`graph_order`='0'; diff --git a/sql-schema/032.sql b/sql-schema/032.sql new file mode 100644 index 000000000000..f9f9189f1b68 --- /dev/null +++ b/sql-schema/032.sql @@ -0,0 +1 @@ +CREATE TABLE IF NOT EXISTS `ciscoASA` ( `ciscoASA_id` int(11) NOT NULL AUTO_INCREMENT, `device_id` int(11) NOT NULL, `oid` varchar(255) NOT NULL, `data` bigint(20) NOT NULL, `high_alert` bigint(20) NOT NULL, `low_alert` bigint(20) NOT NULL, `disabled` tinyint(4) NOT NULL DEFAULT '0', PRIMARY KEY (`ciscoASA_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; From a271a281151099e0732fe53c43a370493765fe0f Mon Sep 17 00:00:00 2001 From: laf Date: Thu, 3 Jul 2014 17:58:08 +0100 Subject: [PATCH 2/3] Moved the insert statement to the correct SQL file! --- sql-schema/031.sql | 1 - sql-schema/032.sql | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/sql-schema/031.sql b/sql-schema/031.sql index 856c3efa5e23..96a662fd027b 100644 --- a/sql-schema/031.sql +++ b/sql-schema/031.sql @@ -1,2 +1 @@ ALTER TABLE `sensors` ADD `sensor_alert` TINYINT( 1 ) NOT NULL DEFAULT '1' AFTER `sensor_limit_low_warn` ; -INSERT INTO `graph_types` SET `graph_type`='device', `graph_subtype`='asa_conns',`graph_section`='firewall',`graph_descr`='Current connections',`graph_order`='0'; diff --git a/sql-schema/032.sql b/sql-schema/032.sql index f9f9189f1b68..81d5210a0df5 100644 --- a/sql-schema/032.sql +++ b/sql-schema/032.sql @@ -1 +1,2 @@ CREATE TABLE IF NOT EXISTS `ciscoASA` ( `ciscoASA_id` int(11) NOT NULL AUTO_INCREMENT, `device_id` int(11) NOT NULL, `oid` varchar(255) NOT NULL, `data` bigint(20) NOT NULL, `high_alert` bigint(20) NOT NULL, `low_alert` bigint(20) NOT NULL, `disabled` tinyint(4) NOT NULL DEFAULT '0', PRIMARY KEY (`ciscoASA_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; +INSERT INTO `graph_types` SET `graph_type`='device', `graph_subtype`='asa_conns',`graph_section`='firewall',`graph_descr`='Current connections',`graph_order`='0'; From 2f89df28354691531153cbe31e3aaeada0175d54 Mon Sep 17 00:00:00 2001 From: laf Date: Thu, 3 Jul 2014 17:59:50 +0100 Subject: [PATCH 3/3] Updated delete_device function to include new table --- includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/functions.php b/includes/functions.php index 20fa4b7a8b05..38ecec15b9fa 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -239,7 +239,7 @@ function delete_device($id) dbDelete('devices', "`device_id` = ?", array($id)); $device_tables = array('entPhysical', 'devices_attribs', 'devices_perms', 'bgpPeers', 'vlans', 'vrfs', 'storage', 'alerts', 'eventlog', - 'syslog', 'ports', 'services', 'toner', 'frequency', 'current', 'sensors'); + 'syslog', 'ports', 'services', 'toner', 'frequency', 'current', 'sensors','ciscoASA'); foreach ($device_tables as $table) {