Skip to main content

Cisco Firepower SNMP

Monitoring Connector Assets​

Monitored Objects​

The plugin-pack Cisco Firepower including monitoring of CPU, Faults, Hardware, Interfaces and Memory.

Collected Metrics​

Metric nameDescriptionUnit
securitymodule#cpu.utilization.1m.percentageCPU utilization%
securitymodule#cpu.utilization.5m.percentageCPU utilization%
securitymodule#cpu.utilization.15m.percentageCPU utilization%

Prerequisites​

To control your Cisco Firepower, the SNMP must be configured.

E.g: https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/213971-configure-snmp-on-firepower-ngfw-applian.html?dtid=osscdc000283

Setup​

  1. Install the Centreon Plugin on every Poller:
yum install centreon-plugin-Network-Cisco-Firepower-Snmp.noarch
  1. On the Centreon Web interface in Configuration > Monitoring Connectors Manager, install the Cisco Firepower SNMP Monitoring Connector

Host configuration​

  • Add a new Host and apply the Net-Cisco-Firepower-SNMP-custom Host Template
  • Fill the SNMP Version and Community fields according to the device's configuration

When using SNMP v3, use the SNMPEXTRAOPTIONS Macro to add specific authentication parameters More information in the Troubleshooting SNMP section.

MandatoryNameDescription
SNMPEXTRAOPTIONSConfigure your own SNMPv3 credentials combo

FAQ​

How to test the Plugin and what are the main options for ?​

Once the Plugin installed, log into your Centreon Poller CLI using the centreon-engine user account and test the Plugin by running the following command:

/usr/lib/centreon/plugins/centreon_cisco_firepower_fxos_snmp.pl \
    --plugin=network::cisco::firepower::fxos::snmp::plugin \
    --mode=cpu \
    --hostname=10.30.2.114 \
    --snmp-version='2c' \
    --snmp-community='cisco_ro' \
    --warning-average-5m='60' \
    --critical-average-5m='75' \
    --verbose

Expected command output is shown below: 

OK: Security module 'sec-svc/slot-1' CPU average usage: 42.00 % (1m), 42.00 % (5m), 42.00 % (15m) | 'sec-svc/slot-1#cpu.utilization.1m.percentage'=42.00%;;;0;100 'sec-svc/slot-1#cpu.utilization.5m.percentage'=42.00%;;;0;100 'sec-svc/slot-1#cpu.utilization.15m.percentage'=42.00%;;;0;100
Security module 'sec-svc/slot-1' CPU average usage: 42.00 % (1m), 42.00 % (5m), 42.00 % (15m)

The command above monitors a Cisco Firepower cpu usage (--plugin=network::cisco::firepower::fxos::snmp::plugin --mode=cpu) identified

by the IP address 10.30.2.114 (--hostname=10.30.2.114). As the Plugin is using the SNMP protocol to request the device, the related community and version are specified (--snmp-version='2c' --snmp-community='cisco_ro').

This command would trigger a WARNING alarm if the CPU 5min average used to raise over 60% of the CPU capacity (--warning-average-5m='60') and a CRITICAL alarm over 75% (--critical-average-5m='75').

For each Plugin mode, all the options as well as all the available thresholds can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins/centreon_cisco_firepower_fxos_snmp.pl \
    --plugin=network::cisco::firepower::fxos::snmp::plugin \
    --mode=cpu \
    --help

UNKNOWN: SNMP GET Request : Timeout​

If you get this message, you're probably facing one of these issues:

  • The SNMP agent of the device isn't started or is misconfigured
  • An external device is blocking the request (firewall, ...)

UNKNOWN: SNMP GET Request : Cant get a single value.​

This error message often refers to the following issues:

  • The Cisco Firepower device doesn't support the MIB used by the plugin
  • The targeted SNMP OID cannot be fetched because of insufficient privileges on the device. SNMP Agent must be capable of accessing to the enterprise branch Cisco Firepower: .1.3.6.1.4.1.9.9.826