Monitoring SOPHOS XG with ZABBIX

Ho Oriom ,

Thank you for reaching out to Sophos Community and hope you are well. 

May we check if you did use the MIB from Zabbix? https://www.zabbix.com/integrations/sophos It seems it is designed for V18, if in case you have opted to use this Zabbix official.

Kindly try using MIB for Sophos Firewall and import to Zabbix: https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosFirewall/Other-documents/SOPHOS-MIB.txt?la=en

Kindly let us know how it goes. Thanks for your time and patience and Thank you for choosing Sophos

Cheers,

first file V18 one, import no problem, but many items can not get data XG.

the 2nd MIB file can not import, see error message:

Unable to parse at line 1 (near "-- *****************************************************************").

Please kindly advise.

Hi.

We monitor the HA status on Version 19,x and we get data. We use the following OID's

DeviceHAstate .1.3.6.1.4.1.2604.5.1.4.4.0

HAstatus .1.3.6.1.4.1.2604.5.1.4.1.0

PeerHAState .1.3.6.1.4.1.2604.5.1.4.5.0

Device should report 3 if the cluster is OK

HAstatus and PeerHaState should report 1 if everything is ok

//Rickard

great, thanks Rickard. I will try it out. thanks again.

Hope it works out for your monitoring

//Rickard

yes, Richard, they worked for me. thank you very much.

One more thing, you have OID's for mem utilization? thanks in advance.

Hi TingYu.

I have the following OID for memory monitoring. 

memoryCapacity .1.3.6.1.4.1.2604.5.1.2.5.1.0.##WILDVALUE##

memoryPercentUsage .1.3.6.1.4.1.2604.5.1.2.5.2.0.##WILDVALUE##

swapCapacity .1.3.6.1.4.1.2604.5.1.2.5.3.0.##WILDVALUE##

swapPercentUsage .1.3.6.1.4.1.2604.5.1.2.5.4.0.##WILDVALUE##

//Rickard

Thank you very much, Rickard.

how to fix the template import error

1. go to "configuration"

1. go to "configuration"

My dear, I tried to do it here and it didn't work, we have a lot of Sophos in version 19.5. We downloaded the default template and adjusted it as you went through and it didn't work.

1. for the host, template = Sophos XG FW 18 SNMPV2 (should be one of zabbix template, I am using zabbix 6.0)

2. in XG, I think you need to turn on snmp, and set community "public" and allow zabbix server to communication with XG.

3. after you create a host, in configuration, click on "item", then clone one existing item, then modify OIDs number and rename it, you will find those info in this topic but earlier day.

I have to tell you, even i used zabbix template, but most of items not working anyway, but I only care and monitor followings:

1. cpu

2. mem

3 ping

4 deviceHAstatus (which you need to create an item your own, see above)

5. interface traffic

hope will help you

thank you very much for your helpTingYu , we managed to get all the MIB information.

We would like an alternative regarding the collection of events IPS, AV-Detec, Botnet that are not provided by SNMP, do we have any alternative for this?

how could collect the security information in zabbix that snmp doesn't provide? would we have any alternative API integration or security alert email collection?

Hi, Ronaldo de Moura;

I only use Zabbix to monitor my XG is up or down, I am not collecting anything else.

For event detecting alert, I assume XG will be able to send out alert email. I have not yet look into that yet.

Sorry, not much I can help here. Good luck.