Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 21 replies
  • Answers 3 answers
  • Subscribers 50 subscribers
  • Views 93741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Has anyone got snmp monitoring working?

PaulRoberts

I'm using PRTG to do SNMP monitoring of various bits of kit but when I set it off to discover my XG firewall, it only creates two sensors, ping and DNS. What MIBs does XG support? Surely it must support MIB-2 so I can get some interface stats?

I have enabled SNMP and added a public community string. Anyone else got this working? I haven't done an SNMP walk yet, thought I would ask here first.



This thread was automatically locked due to age.
  • 0

    Hi Paul,

    An official MIB file for the Sophos XG is under process. This is reported in NC-3631 and under process. As of now, the Cyberoam MIB file is currently supported with the XG firewall.

    Please find the attached MIB file here: kb.cyberoam.com/default.asp

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Hi Paul, I have performed the snmpwalk from my laptop to the XG210 and nothing responds.

    SNMP Agent enabled > check!
    Community setup with correct name and ip and version > check!

    snmpwalk walk fails, tried prtg as well and also fails. yeah I can ping the XG nicely and all other features work OK, but the SNMP simply does nothing...

    So if anyone has a good idea to get the SNMP working, please advise?

    Thank you.

  • 0 in reply to MarcoOudshoorn

    You also cant hit SNMP from internet to WAN interface for upstream monitoring.

  • 0

    Hello,

    My company uses ManageEngines OpManager for monitoring.  OpManager has MIBs included for Cyberoam and device templates that work with most of the things I want to see, but the CPU utilization is hanging around 47,609 % (yeah a little high) and always reads 0 live users.

    I can provide you with the OIDs for these if you need.  PRTG should be able to identify your Sophos XG devices as Cyberoam because the System IDs are the same for some reason.

    Device identification

    SysOID:.1.3.6.1.4.1.21067.2

    CPU Utilization
    System OID : .1.3.6.1.4.1.21067.2.1.2.3.1.0

    Memory Utilization
    System OID : .1.3.6.1.4.1.21067.2.1.2.5.2.0

    Live Users
    System OID : .1.3.6.1.4.1.21067.2.1.2.7.0

    SMTP Hits
    System OID : .1.3.6.1.4.1.21067.2.1.2.10.3.0

    POP3 Hits
    System OID : .1.3.6.1.4.1.21067.2.1.2.10.1.0

    IMAP Hits
    System OID : .1.3.6.1.4.1.21067.2.1.2.10.2.0

    HTTP Hits
    System OID : .1.3.6.1.4.1.21067.2.1.2.8.0

    I cannot find the OID for the interfaces, but I think they are found by the (pulling from memory here) RFC1213 mib package that SHOULD be included with every SNMP monitoring software.

    JD

  • 0

    We have the same problem.  We have SNMP enabled and community generated.  It wouldn't respond for about an hour.  Then suddenly we were able to pull data from it from approximately 5 hours.  Then it stopped responding again and hasn't come back online since.


    I'm on hold with support regarding this.  If I find an answer I will post it.

    Regards,

    Brad

  • 0 in reply to DavidMcLaughlin1

    Unknown said:

    You also cant hit SNMP from internet to WAN interface for upstream monitoring.

    Hi David, with the release of MR3 today you can now connect SNMP via the WAN. Please note you will need to enable SNMP for the WAN Zone via the Device Access table (System > Administration > Device Access)

    More information on MR3 can be found at https://community.sophos.com/products/xg-firewall/b/xg-blog/archive/2016/06/08/sfos-15-01-0-mr-3-released

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • 0

    Any official update for monitoring basic SNMP MIBs (CPU, Memory, Network Interface throughput) with PRTG or any monitoring system? We may abandon Sophos if they haven't released any.

  • +1 in reply to ken9000

    Hi Jason,

    Official MIB is not prioritized as changing the name from Cyberoam to Sophos in the existing MIB file is completely sufficient. I am attaching an unofficial MIB file with the necessary changes.

    6201.UNOFFICIAL_SOPHOS_SFOS_MIB.txt

    Cheers

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Thanks for this. I got some basic monitoring working.

  • 0 in reply to sachingurung

    Running snmpwalk gave me some errors:

     

    Unlinked OID in SFOS-MIB: sysAlerts ::= { sfosSystem 4 }
    Undefined identifier: sfosSystem near line 116 of /usr/share/snmp/mibs/SFOS-MIB.txt
    Unlinked OID in SFOS-MIB: sysLicense ::= { sfosSystem 3 }
    Undefined identifier: sfosSystem near line 115 of /usr/share/snmp/mibs/SFOS-MIB.txt
    Unlinked OID in SFOS-MIB: sysStatus ::= { sfosSystem 2 }
    Undefined identifier: sfosSystem near line 114 of /usr/share/snmp/mibs/SFOS-MIB.txt
    Unlinked OID in SFOS-MIB: sysInstall ::= { sfosSystem 1 }
    Undefined identifier: sfosSystem near line 113 of /usr/share/snmp/mibs/SFOS-MIB.txt
    Cannot adopt OID in SFOS-MIB: appExpiryDate ::= { liAppliance 2 }
    Cannot adopt OID in SFOS-MIB: appRegStatus ::= { liAppliance 1 }
    Cannot adopt OID in SFOS-MIB: serviceStats ::= { sysStatus 11 }
    Cannot adopt OID in SFOS-MIB: mailHits ::= { sysStatus 10 }

    Comparing it with an old cyberoam mib i am already using I saw a difference in both at line 111:

    In cyberoam:

    -- cyberoam
    crSystem OBJECT IDENTIFIER ::= { cyberoam 1 }

    In SOPHOS:

    -- SFOS

     sfosSystem OBJECT IDENTIFIER ::= { SFOS 1 }

    there was a space in the beginning of the line sfosSystem ....

    Removing it solved the problem, but others apeared like:

     

    applianceKey.0 = STRING:
    applianceModel.0 = STRING: XG105_XN02
    SFOSVersion.0 = STRING: SFOS 16.05.3 MR-3
    webcatVersion.0 = STRING: 0.0.1.154
    avVersion.0 = STRING:
    asVersion.0 = STRING: 0
    idpVersion.0 = STRING: 3.13.56
    SFOSOpMode.0 = Wrong Type (should be INTEGER): Hex-STRING: 07 E1 05 12 0F 3A 1C
    systemDate.1.0 = Wrong Type (should be OCTET STRING): INTEGER: 5
    cpuPercentUsage.0 = Wrong Type (should be INTEGER): Gauge32: 47692
    cpuStatus.2.0 = Gauge32: 10
    diskCapacity.0 = Wrong Type (should be Counter32): Gauge32: 1923
    diskPercentUsage.0 = Wrong Type (should be Counter32): Gauge32: 81
    diskStatus.3.0 = Gauge32: 1922
    diskStatus.4.0 = Gauge32: 14
    memoryStatus.0 = INTEGER: 0
    haMode.0 = Wrong Type (should be INTEGER): Gauge32: 0
    liveUsers.0 = Wrong Type (should be Counter32): Counter64: 46606
    httpHits.0 = Wrong Type (should be Counter32): Counter64: 0
    ftpHits.1.0 = Wrong Type (should be Counter32): Counter64: 0
    ftpHits.2.0 = Wrong Type (should be Counter32): Counter64: 0
    ftpHits.3.0 = Wrong Type (should be Counter32): Counter64: 0
    pop3Hits.0 = Wrong Type (should be Counter32): INTEGER: 4
    imapHits.0 = Wrong Type (should be Counter32): INTEGER: 4
    smtpHits.0 = Wrong Type (should be Counter32): INTEGER: 4
    mailHits.4.0 = INTEGER: 4
    mailHits.5.0 = INTEGER: 4

     

    Playing around with the MIB I was able to fix them, returning all clean with no errors  I guess :-)

     

    I think it can be cleaned up more....

    Attaching the MIB modified:

    EDIT: The file was buggy , re-uploaded it with more fixes...

    6644.SFOS-MIB.txt

    Hope it can help someone....

Unfiltered HTML