Monitoring Cisco asa firewall problem when updated monitoring server

Hello there,

I’m working on a project for a small office. The office was monitoring a infrastructure with Nagios Core on a CentOS 5 server. The project was to update the underlying OS to CentOS 7. Well… Pulled that of, everything works fine except for the Cisco hardware the company has. I am not a Linux expert at all, but I had some courses. I was wondering if you guys had any idea. I think the problem lays in the SNMP difference with CentOS 5 and 7. although I have no idea what difference there is. If so, could you guys explain how to make the script for it.

I manage ASA’s but not a linux person, but reading your post I can’t see what specific issue you’re having? Can you clarify? You’re wanting SNMP data from your ASA to be pulled by centos?

I think the problem lies in the Cisco management software, either it needs to be upgraded or when you upgraded to CentOS 7 you corrupted Cisco management Software. It is probably just some simple little checkbox that needs to be clicked or some dependency that either wasn’t installed correctly or is not installed by default. If I were you I would contact Cisco tell them what you did and see if they can help you further. I would think the problem wouldn’t be in SNMP if we are talking about the same network protocol. I found a YouTube video that led me to what I thought what the problem is. Keep in mind I am no expert in network protocols and I am just starting to get a feel for how Linux works.

1 Like

Is anything else monitored with SNMP?

There might be other things, but lets first get your Cisco equipment working first. That is the reason I said the best thing to do is get support from Cisco. Your company should have a contact person that works for Cisco or is familiar with Cisco products tell them you updated Centos and see what you need to update.

All of the servers are monitored with snmp. But the Windows cliënts have a nagios cliënt. I will check today at the management software as @Shadowbane says.

I forgot to mention @Shadowbane. It is a fresh install the CentOS 7. I have installed IT aside grom the 5 variant.

Well, there might be your problem right there. Linux is a totally different operating system than Windows. You can’t upgrade it like you would Windows. You have to follow certain procedures when you want to upgrade it, At least that has been my experience, with the Limited experience I have had with any Linux distribution.

Ok, by fresh install do you mean you did a fresh install like you would do for Windows, If that is the case (I don’t think you can upgrade any Linux distribution that way, you have to follow the procedures for whichever Linux distribution you are trying to upgrade.) you probably upgrade to Centos 7 the incorrect way, which triggered the problem with the small office’s Cisco Hardware stop working correctly?

Also, I have another Question, What do you mean by the statement I have installed IT aside grom the 5 variant? It sounds like to me, you installed some sort of Windows dependency on the same disk as Centos 7?

I didn’t upgrade. Sorry I may have said it wrong. The goal of the project is te have a server running nagios with centos 7. The enfiorment is in a vsphere cloud. There are lots of vm’s. I Just made a fresh install in a new vm with a different IP. So the are both online and I didn’t change the centos 5. For testing I did switch the ip adressen. If the CentOS 7 is fully oparational I will change it to the CentOS 5 ip and then tos the old onze away.

Well I wish you luck, I don’t have anymore ideas.

What are the errors you are seeing?

‘failed to connect to host’

on the server that is monitoring

or

the server being monitored?

1 Like

On the server that is monitoring.
I am able to ping the Cisco ASA from the monitoring server.

What does snmpwalk produce? You will have to add parameters for snmp version and community and maybe something else. Check the man page.

Is there anything showing up in the SELinux log?

This is a good point. Was SELinux enabled by default in CentOS 5 as I know it is in CentOS 7.

If you can do a ping test then obviously connectivity is there.

Try a snmpwalk or snmpget. Post the command you are trying along with any output.

Also the SNMP configuration on the Cisco device would be useful to see if you are able to post that.

minus the community string :slight_smile:

I have disabled SELinux.
I dont know what you mean be snmpwalk, but I copied the snmp config from the old server.

snmpwalk is a UNIX command that allows you to see what information is available for polling via snmp.

You could run this command from your Centos server to test is snmp is working.

Below is an example

snmpwalk –v2c –c public 172.16.99.1 .1.3.6.1.4.1.9.2.1.56

-v2c - The snmp version, this will have to be supported on the polling device and the device being polled.

-c - Is the community string. In the example this is “pubic”. This must be configured on the Cisco device.

172.16.99.1- would be the IP address of your Cisco device.

.1.3.6.1.4.1.9.2.1.56 - is an OID (object identifier) You will find these in the MIB (management information base) file for your cisco device.

Have a play around, there is quite a lot of documentation available around this area if you get stuck.

Good luck.

Snmpbulkwalk is compatible with version 2c