Has anyone got snmp monitoring working?

Thanks Fernando for doing alot of legwork on this. I tried to import this into PRTG and run it through a couple of online mib checkers and discover a syntax error with "rebadged" Sophos changes. It appears the OBJECT-IDENTITY needs to in camelBack style like so

sfos OBJECT-IDENTITY
STATUS current
DESCRIPTION ""
::= { sophos 2 } 

To Sophos, Monitoring of firewalls is very important beyond your own tools. Continual compatibility with industry practices is paramount to large customers buying your kit. We all have existing FCAPS systems and your kit needs to work with it otherwise we will go else where. While we're talking about FCAPS, the more you move to flat config file(s) the easier life gets for customers with existing FCAPS systems and processes.

I wonder also if Sophos should be using there own OID rather than Cyberoams or at least update the IANA details.

Attaching an update to Fernando's version.8244.SFOS-MIB.txt

Hi Peter, continuing my effort with the MIB, I have found another problem at haService.

The command:

snmpget -v2c -c public XXX.XXX.XXX.XXX haService

In firewalls WITHOUT HA it was returning running(1) status, and in HA pair was returning (4), an unknown state because in HaModeType we have:

HaModeType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for HA Modes"
SYNTAX INTEGER {
standalone ( 1 ),
active-passive ( 2 ),
active-active ( 3 )
}

Just three options, so decided to look at CYBEROAM MIB and guess what?

It has 7 options:

ServiceStatsType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for service status"
SYNTAX INTEGER {
untouched ( 1 ),
stopped ( 2 ),
initializing ( 3 ),
running ( 4 ),
exiting ( 5 ),
dead ( 6 ),
unregistered ( 7 )
}

And they make much more sense because (1) is untouched and (4) is running, so I update my SFOS.MIB....

This way in the firewalls without HA now appears  untouched(1) and in at the HA pair now appears running(4)

We are using Solarwinds Orion, we got the basic snmp working but having difficulties in getting accurate details in NTA 

More than a year has passed since the official response "is under way" and more than 2 years since the public release of XG.

Any news on this front please?

Hi Massimo,

According to the present situation, some tweaks in the existing Cyberoam MIB file fulfills the requirement. I will still start an internal communication to provide an official MIB for XG but we won't see it before v17 joins the market.

Thanks

Hi xlr8,

My understanding is that NTA takes netflow, if so then is it not possible to configure the XG netflow settings to send the data to NTA?

Regards,

Peter Tiggerdine

Hi, Any update on the official MIB? Or can you post to latest stable unofficial version?

I am using XG210 17.0.0

I´m still using the one we discussed here and it is collecting the data just fine....

Hi Fernando,

I tried the one in previous post and didn't work.

Could you please share your MIB? Many thanks!

Hi Steve, here it is:

-- *****************************************************************
-- SOPHOS-XG-MIB
--
-- Copyright (c) 2015 by Sophos Ltd.
-- All rights reserved.
-- *****************************************************************

SFOS-MIB DEFINITIONS ::= BEGIN

IMPORTS
IpAddress,
MODULE-IDENTITY,
OBJECT-TYPE,
NOTIFICATION-TYPE,
snmpModules,
OBJECT-IDENTITY,
enterprises,
Gauge32,
Counter32,
Integer32
FROM SNMPv2-SMI
DisplayString,
TEXTUAL-CONVENTION,
TruthValue,
DateAndTime
FROM SNMPv2-TC;

sophos MODULE-IDENTITY
LAST-UPDATED "200607140000Z"
ORGANIZATION "Sophos Ltd"
CONTACT-INFO
"
Sophos Ltd
The Pentagon
Abingdon Science Park
Abingdon OX14 3YP
United Kingdom

Phone: +44 (0)1235 559933
Website: http://www.sophos.com
E-mail: sales@sophos.com
"
DESCRIPTION
"
This MIB module defines MIB objects which provide
mechanisms to remotely configure the parameters used
by SFOS Agent for the generation of SNMP messages.
"
::= { enterprises 21067 }

sfos OBJECT-IDENTITY
STATUS current
DESCRIPTION ""
::= { sophos 2 }

-- Enumerations used in SFOS system

OpModeType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for SFOS Operation Mode"
SYNTAX INTEGER {
bridge ( 1 ),
route ( 2 )
}
HaModeType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for HA Modes"
SYNTAX INTEGER {
standalone ( 1 ),
active-passive ( 2 ),
active-active ( 3 )
}
ServiceStatsType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for service status"
SYNTAX INTEGER {
untouched ( 1 ),
stopped ( 2 ),
initializing ( 3 ),
running ( 4 ),
exiting ( 5 ),
dead ( 6 ),
unregistered ( 7 )
}
RegistrationStatusType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for subscription status"
SYNTAX INTEGER {
registered ( 1 ),
unregistered ( 2 )
}

SubscriptionStatusType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for subscription status"
SYNTAX INTEGER {
trial ( 1 ),
unsubscribed ( 2 ),
subscribed ( 3 ),
expired ( 4 )
}

SupportStatusType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION "enumerated type for subscription status"
SYNTAX INTEGER {
support8x5 ( 0 ),
support24x7 ( 1 )
}

-- End of enums

-- SFOS
sfosSystem OBJECT IDENTIFIER ::= { sfos 1 }

-- SFOS.system
sysInstall OBJECT IDENTIFIER ::= { sfosSystem 1 }
sysStatus OBJECT IDENTIFIER ::= { sfosSystem 2 }
sysLicense OBJECT IDENTIFIER ::= { sfosSystem 3 }
sysAlerts OBJECT IDENTIFIER ::= { sfosSystem 4 }

-- sfosSystem.sysInstall

applianceKey OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 1 }

applianceModel OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 2 }

sfosVersion OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 3 }

webcatVersion OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 4 }

avVersion OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 5 }

asVersion OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 6 }

idpVersion OBJECT-TYPE
SYNTAX DisplayString (SIZE(0..128))
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysInstall 7 }

-- sfosSystem.sysStatus

-- SFOSOpMode OBJECT-TYPE
-- SYNTAX Hex-STRING
-- MAX-ACCESS read-only
-- STATUS current
-- DESCRIPTION " "
-- ::= { sysStatus 1 }

systemDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { sysStatus 1 }

cpuStatus OBJECT IDENTIFIER ::= { sysStatus 2 }

cpuPercentUsage OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "% cpu usage"
::= { cpuStatus 1 }

diskStatus OBJECT IDENTIFIER ::= { sysStatus 3 }

diskCapacity OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Disk capacity in MB"
::= { diskStatus 1 }

diskPercentUsage OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "% Disk usage"
::= { diskStatus 2 }

memoryStatus OBJECT IDENTIFIER ::= { sysStatus 4 }

memoryCapacity OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Memory capacity in MB"
::= { memoryStatus 1 }

memoryPercentUsage OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "% usage of main memory"
::= { memoryStatus 2 }

swapCapacity OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "Swap Capacity in MB"
::= { memoryStatus 3 }

swapPercentUsage OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION "% usage of swap"
::= { memoryStatus 4 }

haMode OBJECT-TYPE
SYNTAX HaModeType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { sysStatus 5 }

liveUsers OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION ""
::= { sysStatus 6 }

httpHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { sysStatus 7 }

ftpHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { sysStatus 8 }

mailHits OBJECT IDENTIFIER ::= { sysStatus 9 }
serviceStats OBJECT IDENTIFIER ::= { sysStatus 10 }

-- sysStatus.mailHits
pop3Hits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { mailHits 1 }

imapHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { mailHits 2 }

smtpHits OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { mailHits 3 }

-- sysStatus.serviceStats

pop3Service OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 1 }

imap4Service OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 2 }

smtpService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 3 }

ftpService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 4 }

httpService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 5 }

avService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 6 }

asService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 7 }

dnsService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 8 }

haService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 9 }

idpService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 10 }

analyzerService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 11 }

snmpService OBJECT-TYPE
SYNTAX ServiceStatsType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { serviceStats 12 }

-- sfosSystem.sysLicense

liAppliance OBJECT IDENTIFIER ::= { sysLicense 1 }
liSupport OBJECT IDENTIFIER ::= { sysLicense 2 }
liAntivirus OBJECT IDENTIFIER ::= { sysLicense 3 }
liAntispam OBJECT IDENTIFIER ::= { sysLicense 4 }
liIdp OBJECT IDENTIFIER ::= { sysLicense 5 }
liWebcat OBJECT IDENTIFIER ::= { sysLicense 6 }

-- sysLicense.liAppliance

appRegStatus OBJECT-TYPE
SYNTAX RegistrationStatusType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liAppliance 1 }

appExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liAppliance 2 }

-- sysLicense.liSupport

supportSubStatus OBJECT-TYPE
SYNTAX SupportStatusType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liSupport 1 }

supportExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liSupport 2 }

-- sysLicense.liAntivirus

avSubStatus OBJECT-TYPE
SYNTAX SubscriptionStatusType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liAntivirus 1 }

avExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liAntivirus 2 }

-- sysLicense.antispam

asSubStatus OBJECT-TYPE
SYNTAX SubscriptionStatusType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liAntispam 1 }

asExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liAntispam 2 }

-- sysLicense.idp

idpSubStatus OBJECT-TYPE
SYNTAX SubscriptionStatusType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liIdp 1 }

idpExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liIdp 2 }

-- sysLicense.liWebcat

webcatSubStatus OBJECT-TYPE
SYNTAX SubscriptionStatusType
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liWebcat 1 }

webcatExpiryDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION " "
::= { liWebcat 2 }

-- sfosSystem.sysAlerts

highCpuUsage NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { sysAlerts 1 }

highDiskUsage NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { sysAlerts 2 }

highMemUsage NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { sysAlerts 3 }

avAlerts OBJECT IDENTIFIER ::= { sysAlerts 4 }
dgdAlerts OBJECT IDENTIFIER ::= { sysAlerts 5 }
idpAlerts OBJECT IDENTIFIER ::= { sysAlerts 6 }
dosAlerts OBJECT IDENTIFIER ::= { sysAlerts 7 }

-- sysAlerts.avAlerts

httpVirus NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { avAlerts 1 }

smtpVirus NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { avAlerts 2 }

pop3Virus NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { avAlerts 3 }

imap4Virus NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { avAlerts 4 }

ftpVirus NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { avAlerts 5 }

-- sysAlert.dgdAlerts

gwLiveDead NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { dgdAlerts 1 }

-- sysAlert.idpAlerts

idpAlert NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { idpAlerts 1 }

-- sysAlert.dosAlerts

synFlood NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { dosAlerts 1 }

tcpFlood NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { dosAlerts 2 }

udpFlood NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { dosAlerts 3 }

icmpFlood NOTIFICATION-TYPE
STATUS current
DESCRIPTION ""
::= { dosAlerts 4 }

END