Issue SNMP - SFOS SFOS 18.0.0 GA-Build321

An error was found in the MIB:

 

There are also many objects missing from the snmp get, even after adjusting the MIB. Returns an object not found error:

Any idea?

  • In reply to MarkusSchlüter1:

    Hi  

    I am checking this my team and will update this thread

  • In reply to Keyur:

    Hi Keyur, thanks for the feedback. Cheers, Markus
  • In reply to MarkusSchlüter1:

    Updated to SFOS 18.0.1 MR-1: did also not solve the problem...

  • Hello All, 

    I have checked from our end and it would seem the MIB file is available on the help section. 

    Please download, there will be for V18 and V17. Please use for V18

    THE latest MIB file can be found at below mention URL.

    https://docs.sophos.com/nsg/sophos-firewall/MIB/SOPHOS-XG-MIB.zip

    If you need more information regarding the same, please let me know.

  • In reply to Aditya Patel:

    Thanks for trying, but I already use this MIB since end of 2019.

    I tried the following with SFOS 18.0.1 MR-1 and 8GB of RAM:

    snmpwalk -c public -v 2c %IP of my firewall% sfosMemoryStatus

    RESULT

    SFOS-FIREWALL-MIB::sfosMemoryCapacity.0 = Gauge32: 1
    SFOS-FIREWALL-MIB::sfosMemoryPercentUsage.0 = Gauge32: 100
    SFOS-FIREWALL-MIB::sfosSwapCapacity.0 = Gauge32: 0
    SFOS-FIREWALL-MIB::sfosSwapPercentUsage.0 = Gauge32: 0

    At the very same moment in the web admin interface:

    So the returned result is trying to tell me that the memory usage is 100% all day and night...

    This is a problem since a few versions as I have already been telling in one of my comments.

    sfosCPUPercentUsage has been remove, not replaced, and therefore I have no option to get the current CPU usage via SNMP.

    By the way, SNMP traps are not an alternative, because I want to know the current processor usage and not if some limit has been exceeded...

     

    So what is going to happen to solve this problem?

  • In reply to Aditya Patel:

    Hello

    regarding SNMP possibilities, i have downloaded the MIB provided by the link, and i can't find how to monitor the ports and links status ?

    is their a detailed documentation on this ?

  • In reply to MarkusSchlüter1:

    Hi.

     

    I hope I can help here, this is the OIDS we are using for monitor the memory of the XG V17.5

     

    memoryCapacity gauge .1.3.6.1.4.1.21067.2.1.2.4.1.##WILDVALUE##
    memoryPercentUsage gauge .1.3.6.1.4.1.21067.2.1.2.4.2.##WILDVALUE##
    swapCapacity gauge .1.3.6.1.4.1.21067.2.1.2.4.3.##WILDVALUE##
    swapPercentUsage gauge .1.3.6.1.4.1.21067.2.1.2.4.4.##WILDVALUE##

     

    Do not know from where we got em but they work.

     

    //Rickard

  • In reply to MarkusSchlüter1:

    The result that is shown is the total used and cached. I am also trying to decrease the cached percentage to resolve this false positive in my monitoring.

    Even though they fixed the MIB, the CPU is not yet present, let's wait.

  • In reply to RickardNordahl:

    Version 17.5 OIDs are not for version 18

  • In reply to Rodrigo Reolon:

    Have you tried them ? You never know right?

    Anyway, just trying to help out.

  • In reply to RickardNordahl:

    Hi,

     

    thanks for trying to help.

    They do not work in v18.

     

    Cya,

     

    Markus

  • In reply to Aditya Patel:

    i've tried using the v18 mibs to a version 18.0 sophos firmware device xg-310..

     

    i've imported the mib files and converted to oidlib, i've noticed that the memory percent usage is double in value, and the cpu usage is nowhere to be found..

     

    for us cpu percent usage is very important hopefully it can be included in a new update, we are eager to update to the latest version 18 but this missing features push us back to version 17 since we cannot run blind on monitoring lots of sophos hardware devices

  • In reply to des villar:

    Hello, 

    I am able to reproduce the issue and would need to open an investigation with the development team. Please provide me the following detail as well. 

    We just need three things.

    Screen Shot of the SNMP reading.

    PCAP of the communication i.e. Port 161.

    Screenshot of the reading on the firewall. 

    You may private message me if you do not wish to share the details for public access.

  • In reply to Aditya Patel:

    Hi Aditya,

     

    did anyone send you the samples you have been asking for?

     

    Cheers,

     

    Markus