I'm using PRTG to do SNMP monitoring of various bits of kit but when I set it off to discover my XG firewall, it only creates two sensors, ping and DNS. What MIBs does XG support? Surely it must support MIB-2 so I can get some interface stats?
I have enabled SNMP and added a public community string. Anyone else got this working? I haven't done an SNMP walk yet, thought I would ask here first.
Hi Jason,
Official MIB is not prioritized as changing the name from Cyberoam to Sophos in the existing MIB file is completely sufficient. I am attaching an unofficial MIB file with the necessary changes.
6201.UNOFFICIAL_SOPHOS_SFOS_MIB.txt
Cheers
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Running snmpwalk gave me some errors:
Unlinked OID in SFOS-MIB: sysAlerts ::= { sfosSystem 4 }
Undefined identifier: sfosSystem near line 116 of /usr/share/snmp/mibs/SFOS-MIB.txt
Unlinked OID in SFOS-MIB: sysLicense ::= { sfosSystem 3 }
Undefined identifier: sfosSystem near line 115 of /usr/share/snmp/mibs/SFOS-MIB.txt
Unlinked OID in SFOS-MIB: sysStatus ::= { sfosSystem 2 }
Undefined identifier: sfosSystem near line 114 of /usr/share/snmp/mibs/SFOS-MIB.txt
Unlinked OID in SFOS-MIB: sysInstall ::= { sfosSystem 1 }
Undefined identifier: sfosSystem near line 113 of /usr/share/snmp/mibs/SFOS-MIB.txt
Cannot adopt OID in SFOS-MIB: appExpiryDate ::= { liAppliance 2 }
Cannot adopt OID in SFOS-MIB: appRegStatus ::= { liAppliance 1 }
Cannot adopt OID in SFOS-MIB: serviceStats ::= { sysStatus 11 }
Cannot adopt OID in SFOS-MIB: mailHits ::= { sysStatus 10 }
Comparing it with an old cyberoam mib i am already using I saw a difference in both at line 111:
In cyberoam:
-- cyberoam
crSystem OBJECT IDENTIFIER ::= { cyberoam 1 }
In SOPHOS:
-- SFOS
sfosSystem OBJECT IDENTIFIER ::= { SFOS 1 }
there was a space in the beginning of the line sfosSystem ....
Removing it solved the problem, but others apeared like:
applianceKey.0 = STRING:
applianceModel.0 = STRING: XG105_XN02
SFOSVersion.0 = STRING: SFOS 16.05.3 MR-3
webcatVersion.0 = STRING: 0.0.1.154
avVersion.0 = STRING:
asVersion.0 = STRING: 0
idpVersion.0 = STRING: 3.13.56
SFOSOpMode.0 = Wrong Type (should be INTEGER): Hex-STRING: 07 E1 05 12 0F 3A 1C
systemDate.1.0 = Wrong Type (should be OCTET STRING): INTEGER: 5
cpuPercentUsage.0 = Wrong Type (should be INTEGER): Gauge32: 47692
cpuStatus.2.0 = Gauge32: 10
diskCapacity.0 = Wrong Type (should be Counter32): Gauge32: 1923
diskPercentUsage.0 = Wrong Type (should be Counter32): Gauge32: 81
diskStatus.3.0 = Gauge32: 1922
diskStatus.4.0 = Gauge32: 14
memoryStatus.0 = INTEGER: 0
haMode.0 = Wrong Type (should be INTEGER): Gauge32: 0
liveUsers.0 = Wrong Type (should be Counter32): Counter64: 46606
httpHits.0 = Wrong Type (should be Counter32): Counter64: 0
ftpHits.1.0 = Wrong Type (should be Counter32): Counter64: 0
ftpHits.2.0 = Wrong Type (should be Counter32): Counter64: 0
ftpHits.3.0 = Wrong Type (should be Counter32): Counter64: 0
pop3Hits.0 = Wrong Type (should be Counter32): INTEGER: 4
imapHits.0 = Wrong Type (should be Counter32): INTEGER: 4
smtpHits.0 = Wrong Type (should be Counter32): INTEGER: 4
mailHits.4.0 = INTEGER: 4
mailHits.5.0 = INTEGER: 4
Playing around with the MIB I was able to fix them, returning all clean with no errors I guess :-)
I think it can be cleaned up more....
Attaching the MIB modified:
EDIT: The file was buggy , re-uploaded it with more fixes...
Hope it can help someone....
Thanks Fernando for doing alot of legwork on this. I tried to import this into PRTG and run it through a couple of online mib checkers and discover a syntax error with "rebadged" Sophos changes. It appears the OBJECT-IDENTITY needs to in camelBack style like so
sfos OBJECT-IDENTITY STATUS current DESCRIPTION "" ::= { sophos 2 }
To Sophos, Monitoring of firewalls is very important beyond your own tools. Continual compatibility with industry practices is paramount to large customers buying your kit. We all have existing FCAPS systems and your kit needs to work with it otherwise we will go else where. While we're talking about FCAPS, the more you move to flat config file(s) the easier life gets for customers with existing FCAPS systems and processes.
I wonder also if Sophos should be using there own OID rather than Cyberoams or at least update the IANA details.
Attaching an update to Fernando's version.8244.SFOS-MIB.txt
Hi Peter, continuing my effort with the MIB, I have found another problem at haService.
The command:
snmpget -v2c -c public XXX.XXX.XXX.XXX haService
In firewalls WITHOUT HA it was returning running(1) status, and in HA pair was returning (4), an unknown state because in HaModeType we have:
HaModeType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for HA Modes"
SYNTAX INTEGER {
standalone ( 1 ),
active-passive ( 2 ),
active-active ( 3 )
}
Just three options, so decided to look at CYBEROAM MIB and guess what?
It has 7 options:
ServiceStatsType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for service status"
SYNTAX INTEGER {
untouched ( 1 ),
stopped ( 2 ),
initializing ( 3 ),
running ( 4 ),
exiting ( 5 ),
dead ( 6 ),
unregistered ( 7 )
}
And they make much more sense because (1) is untouched and (4) is running, so I update my SFOS.MIB....
This way in the firewalls without HA now appears untouched(1) and in at the HA pair now appears running(4)
