Cisco Firepower SNMP

Pack assets

Templates

The Monitoring Connector Cisco Firepower SNMP brings a host template:

• Net-Cisco-Firepower-SNMP-custom

The connector brings the following service templates (sorted by the host template they are attached to):

Net-Cisco-Firepower-SNMP-custom

Service Alias	Service Template	Service Description
Cpu	Net-Cisco-Firepower-Cpu-SNMP-custom	Check the rate of the utilization of the CPU
Faults	Net-Cisco-Firepower-Faults-SNMP-custom	Check faults
Hardware	Net-CIsco-Firepower-Hardware-SNMP-custom	Check hardware environment
Memory	Net-Cisco-Firepower-Memory-SNMP-custom	Check the rate of the utilization of the memory

The services listed above are created automatically when the Net-Cisco-Firepower-SNMP-custom host template is used.

Not attached to a host template

Service Alias	Service Template	Service Description	Discovery
Interfaces	Net-Cisco-Firepower-Interfaces-SNMP-custom	Check interfaces	X

The services listed above are not created automatically when a host template is applied. To use them, create a service manually, then apply the service template you want.

If Discovery is checked, it means a service discovery rule exists for this service template.

Discovery rules

Host discovery

Rule name	Description
SNMP Agents	Discover your resources through an SNMP subnet scan. You need to install the Generic SNMP connector to get the discovery rule and create a template mapper for the Net-Cisco-Firepower-SNMP-custom host template

More information about discovering hosts automatically is available on the dedicated page.

Service discovery

Rule name	Description
Net-Cisco-Firepower-SNMP-Packet-Errors-Name	Discover network interfaces and monitor errored and discarded packets
Net-Cisco-Firepower-SNMP-Traffic-Name	Discover network interfaces and monitor bandwidth utilization

More information about discovering services automatically is available on the dedicated page and in the following chapter.

Collected metrics & status

Here is the list of services for this connector, detailing all metrics linked to each service.

Cpu

Metric name	Unit
cpu#cpu.utilization.1m.percentage	%
cpu#cpu.utilization.5m.percentage	%
cpu#cpu.utilization.15m.percentage	%

Faults

Metric name	Unit
faults.total.count	count
faults.critical.count	count
faults.major.count	count
faults.warning.count	count
faults.minor.count	count
faults.info.count	count
status	N/A

Hardware

Metric name	Description	Unit
chassis status	Status of the chassis
dn#hardware.chassis.input.power.watt	Input power of the chassis	W
dn#hardware.chassis.output.power.watt	Output power of the chassis	W
cpuunit status	Status of the cpu unit
dn#hardware.cpuunit.temperature.celsius	Status of the cpu unit	C
fan status	Status of the fan
dn#hardware.fan.speed.rpm	Speed of the fan	rpm
fanmodule status	Status of the fan module
dn#hardware.fanmodule.temperature.celsius	Temperature of the fan module	C
memoryunit status	Status of the memory unit
dn#hardware.memoryunit.temperature.celsius	Temperature of the memory unit	C
psu status	Status of the power supply
dn#hardware.powersupply.temperature.celsius	Temperature of the power supply	C

Interfaces

Metric name	Unit
interface_name#status	N/A
interface_name#interface.traffic.in.bitspersecond	b/s
interface_name#interface.traffic.out.bitspersecond	b/s
interface_name#interface.packets.in.discard.percentage	%
interface_name#interface.packets.in.error.percentage	%
interface_name#interface.packets.out.discard.percentage	%
interface_name#interface.packets.out.error.percentage	%

Memory

Metric name	Unit
memory#memory.usage.bytes	B
memory#memory.free.bytes	B
memory#memory.usage.percentage	%

Prerequisites

SNMP Configuration

The SNMP service must be configured and activated on the host. Please refer to the official documentation from the manufacturer/publisher.

Network flow

The target resource must be reachable from the Centreon poller on the UDP/161 SNMP port.

Configuring Cisco Firepower equipment

To monitor your Cisco Firepower, SNMP must be configured (see official documentation: https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/213971-configure-snmp-on-firepower-ngfw-applian.html?dtid=osscdc000283).

Installing the monitoring connector

Pack

The installation procedures for monitoring connectors are slightly different depending on whether your license is offline or online.

1. If the platform uses an online license, you can skip the package installation instruction below as it is not required to have the connector displayed within the Configuration > Connectors > Monitoring Connectors menu. If the platform uses an offline license, install the package on the central server with the command corresponding to the operating system's package manager:

Alma / RHEL / Oracle Linux 8

dnf install centreon-pack-network-cisco-firepower-snmp

Alma / RHEL / Oracle Linux 9

dnf install centreon-pack-network-cisco-firepower-snmp

Debian 11 & 12

apt install centreon-pack-network-cisco-firepower-snmp

CentOS 7

yum install centreon-pack-network-cisco-firepower-snmp

2. Whatever the license type (online or offline), install the Cisco Firepower SNMP connector through the Configuration > Connectors > Monitoring Connectors menu.

Plugin

Since Centreon 22.04, you can benefit from the 'Automatic plugin installation' feature. When this feature is enabled, you can skip the installation part below.

You still have to manually install the plugin on the poller(s) when:

• Automatic plugin installation is turned off
• You want to run a discovery job from a poller that doesn't monitor any resource of this kind yet

More information in the Installing the plugin section.

Use the commands below according to your operating system's package manager:

Alma / RHEL / Oracle Linux 8

dnf install centreon-plugin-Network-Cisco-Firepower-Snmp

Alma / RHEL / Oracle Linux 9

dnf install centreon-plugin-Network-Cisco-Firepower-Snmp

Debian 11 & 12

apt install centreon-plugin-network-cisco-firepower-snmp

CentOS 7

yum install centreon-plugin-Network-Cisco-Firepower-Snmp

Using the monitoring connector

Using a host template provided by the connector

1. Log into Centreon and add a new host through Configuration > Hosts.
2. Fill in the Name, Alias & IP Address/DNS fields according to your resource's settings.
3. Apply the Net-Cisco-Firepower-SNMP-custom template to the host.

When using SNMP v3, use the SNMPEXTRAOPTIONS macro to add specific authentication parameters. More information in the Troubleshooting SNMP section.

Macro	Description	Default value	Mandatory
SNMPEXTRAOPTIONS	Any extra option you may want to add to every command (a --verbose flag for example). All options are listed here.

4. Deploy the configuration. The host appears in the list of hosts, and on the Resources Status page. The command that is sent by the connector is displayed in the details panel of the host: it shows the values of the macros.

Using a service template provided by the connector

1. If you have used a host template and checked Create Services linked to the Template too, the services linked to the template have been created automatically, using the corresponding service templates. Otherwise, create manually the services you want and apply a service template to them.
2. Fill in the macros you want (e.g. to change the thresholds for the alerts). Some macros are mandatory (see the table below).

Cpu

Macro	Description	Default value	Mandatory
FILTERSECURITYMODULE	Filter security module name
WARNINGAVERAGE15M	Warning threshold for 'average-15m' (%)
CRITICALAVERAGE15M	Critical threshold for 'average-15m' (%)
WARNINGAVERAGE1M	Warning threshold for 'average-1m' (%)
CRITICALAVERAGE1M	Critical threshold for 'average-1m' (%)
WARNINGAVERAGE5M	Warning threshold for 'average-5m' (%)
CRITICALAVERAGE5M	Critical threshold for 'average-5m' (%)
EXTRAOPTIONS	Any extra option you may want to add to the command (a --verbose flag for example). Toutes les options sont listées ici.	--verbose
EXTRAOPTIONS	Any extra option you may want to add to the command (a --verbose flag for example). All options are listed here.	--verbose

Faults

Macro	Description	Default value	Mandatory
WARNINGFAULTSCRITICAL	Warning threshold for 'faults-critical'
CRITICALFAULTSCRITICAL	Critical threshold for 'faults-critical'
WARNINGFAULTSWARNING	Warning threshold for 'faults-warning'
CRITICALFAULTSWARNING	Critical threshold for 'faults-warning'
WARNINGFAULTSINFO	Warning threshold for 'faults-info'
CRITICALFAULTSINFO	Critical threshold for 'faults-info'
WARNINGFAULTSMAJOR	Warning threshold for 'faults-major'
CRITICALFAULTSMAJOR	Critical threshold for 'faults-major'
WARNINGFAULTSMINOR	Warning threshold for 'faults-info'
CRITICALFAULTSMINOR	Critical threshold for 'faults-info'
WARNINGFAULTSTOTAL	Warning threshold for 'faults-total'
CRITICALFAULTSTOTAL	Critical threshold for 'faults-total'
WARNINGSTATUS	Define the conditions to match for the status to be WARNING. You can use the following variables: %{description}, %{object}, %{severity}, %{type}, %{acknowledged}, %{since}	%{severity} =~ /minor|warning/
CRITICALSTATUS	Define the conditions to match for the status to be CRITICAL. You can use the following variables: %{description}, %{object}, %{severity}, %{type}, %{since}	%{severity} =~ /major|critical/
EXTRAOPTIONS	Any extra option you may want to add to the command (a --verbose flag for example). All options are listed here.	--verbose

Hardware

Macro	Description	Default value	Mandatory
COMPONENT		.*
EXTRAOPTIONS	Any extra option you may want to add to the command (a --verbose flag for example). All options are listed here.	--verbose

Interfaces

Macro	Description	Default value	Mandatory
OIDFILTER	Define the OID to be used to filter interfaces (default: ifName) (values: ifDesc, ifAlias, ifName, IpAddr).	ifname
OIDDISPLAY	Define the OID that will be used to name the interfaces (default: ifName) (values: ifDesc, ifAlias, ifName, IpAddr).	ifname
INTERFACENAME	Define the interface filter on IDs (OID indexes, e.g.: 1,2,...). If empty, all interfaces will be monitored
WARNINGINDISCARD	Warning threshold for 'faults-total'
CRITICALINDISCARD	Critical threshold for 'faults-total'
WARNINGINERROR	Warning threshold for 'in-error'
CRITICALINERROR	Critical threshold for 'in-error'
WARNINGINTRAFFIC	Warning threshold for 'in-traffic'
CRITICALINTRAFFIC	Critical threshold for 'in-traffic'
WARNINGOUTDISCARD	Warning threshold for 'in-traffic'
CRITICALOUTDISCARD	Critical threshold for 'in-traffic'
WARNINGOUTERROR	Warning threshold for 'out-error'
CRITICALOUTERROR	Critical threshold for 'out-error'
WARNINGOUTTRAFFIC	Warning threshold for 'out-traffic'
CRITICALOUTTRAFFIC	Critical threshold for 'out-traffic'
CRITICALSTATUS	Define the conditions to match for the status to be CRITICAL. You can use the following variables: %{admstatus}, %{opstatus}, %{duplexstatus}, %{display}	%{admstatus} eq "up" and %{opstatus} !~ /up|dormant/
WARNINGSTATUS	Define the conditions to match for the status to be WARNING. You can use the following variables: %{admstatus}, %{opstatus}, %{duplexstatus}, %{display}
EXTRAOPTIONS	Any extra option you may want to add to the command (a --verbose flag for example). All options are listed here.	--verbose --no-skipped-counters

Memory

Macro	Description	Default value	Mandatory
FILTERSECURITYMODULE	Filter switch number.
WARNINGUSAGE	Warning threshold for 'usage' (B)
CRITICALUSAGE	Critical threshold for 'usage' (B)
WARNINGUSAGEFREE	Warning threshold for 'usage-free' (B)
CRITICALUSAGEFREE	Critical threshold for 'usage-free' (B)
WARNINGUSAGEPRCT	Warning threshold for 'usage-free' (B)
CRITICALUSAGEPRCT	Critical threshold for 'usage-free' (B)
EXTRAOPTIONS	Any extra option you may want to add to the command (a --verbose flag for example). All options are listed here.	--verbose

3. Deploy the configuration. The service appears in the list of services, and on the Resources Status page. The command that is sent by the connector is displayed in the details panel of the service: it shows the values of the macros.

How to check in the CLI that the configuration is OK and what are the main options for?

Once the plugin is installed, log into your Centreon poller's CLI using the centreon-engine user account (su - centreon-engine). Test that the connector is able to monitor a resource using a command like this one (replace the sample values by yours):

/usr/lib/centreon/plugins/centreon_cisco_firepower_fxos_snmp.pl \
	--plugin=network::cisco::firepower::fxos::snmp::plugin \
	--mode=memory \
	--hostname='10.0.0.1' \
	--snmp-version='2c' \
	--snmp-community='my-snmp-community'  \
	--filter-security-module='' \
	--warning-usage='' \
	--critical-usage='' \
	--warning-usage-free='' \
	--critical-usage-free='' \
	--warning-usage-prct='' \
	--critical-usage-prct='' \
	--verbose

The expected command output is shown below:

OK: Security module 'Disk 1' memory total: 476.84 GB used: 95.37 GB (20.00%) free: 381.47 GB (80.00%) | 'Disk 1#memory.usage.bytes'=102400000000B;;;0;512000000000 'Disk 1#memory.free.bytes'=409600000000B;;;0;512000000000 'Disk 1#memory.usage.percentage'=20.00%;;;0;100

Troubleshooting

Please find the troubleshooting documentation for Centreon Plugins typical issues.

Available modes

In most cases, a mode corresponds to a service template. The mode appears in the execution command for the connector. In the Centreon interface, you don't need to specify a mode explicitly: its use is implied when you apply a service template. However, you will need to specify the correct mode for the template if you want to test the execution command for the connector in your terminal.

All available modes can be displayed by adding the --list-mode parameter to the command:

/usr/lib/centreon/plugins/centreon_cisco_firepower_fxos_snmp.pl \
	--plugin=network::cisco::firepower::fxos::snmp::plugin \
	--list-mode

The plugin brings the following modes:

Mode	Linked service template
cpu [code]	Net-Cisco-Firepower-Cpu-SNMP-custom
faults [code]	Net-Cisco-Firepower-Faults-SNMP-custom
hardware [code]	Net-CIsco-Firepower-Hardware-SNMP-custom
interfaces [code]	Net-Cisco-Firepower-Interfaces-SNMP-custom
list-interfaces [code]	Used for service discovery
memory [code]	Net-Cisco-Firepower-Memory-SNMP-custom

Available options

Generic options

All generic options are listed here:

Option	Description
--mode	Define the mode in which you want the plugin to be executed (see--list-mode).
--dyn-mode	Specify a mode with the module's path (advanced).
--list-mode	List all available modes.
--mode-version	Check minimal version of mode. If not, unknown error.
--version	Return the version of the plugin.
--pass-manager	Define the password manager you want to use. Supported managers are: environment, file, keepass, hashicorpvault and teampass.
--verbose	Display extended status information (long output).
--debug	Display debug messages.
--filter-perfdata	Filter perfdata that match the regexp. Example: adding --filter-perfdata='avg' will remove all metrics that do not contain 'avg' from performance data.
--filter-perfdata-adv	Filter perfdata based on a "if" condition using the following variables: label, value, unit, warning, critical, min, max. Variables must be written either %{variable} or %(variable). Example: adding --filter-perfdata-adv='not (%(value) == 0 and %(max) eq "")' will remove all metrics whose value equals 0 and that don't have a maximum value.
--explode-perfdata-max	Create a new metric for each metric that comes with a maximum limit. The new metric will be named identically with a '_max' suffix). Example: it will split 'used_prct'=26.93%;0:80;0:90;0;100 into 'used_prct'=26.93%;0:80;0:90;0;100 'used_prct_max'=100%;;;;
--change-perfdata --extend-perfdata	Change or extend perfdata. Syntax: --extend-perfdata=searchlabel,newlabel,target[,[newuom],[min],[m ax]] Common examples: Convert storage free perfdata into used: --change-perfdata='free,used,invert()' Convert storage free perfdata into used: --change-perfdata='used,free,invert()' Scale traffic values automatically: --change-perfdata='traffic,,scale(auto)' Scale traffic values in Mbps: --change-perfdata='traffic_in,,scale(Mbps),mbps' Change traffic values in percent: --change-perfdata='traffic_in,,percent()'
--extend-perfdata-group	Add new aggregated metrics (min, max, average or sum) for groups of metrics defined by a regex match on the metrics' names. Syntax: --extend-perfdata-group=regex,namesofnewmetrics,calculation[,[ne wuom],[min],[max]] regex: regular expression namesofnewmetrics: how the new metrics' names are composed (can use $1, $2... for groups defined by () in regex). calculation: how the values of the new metrics should be calculated newuom (optional): unit of measure for the new metrics min (optional): lowest value the metrics can reach max (optional): highest value the metrics can reach Common examples: Sum wrong packets from all interfaces (with interface need --units-errors=absolute): --extend-perfdata-group=',packets_wrong,sum(packets_(discard |error)_(in|out))' Sum traffic by interface: --extend-perfdata-group='traffic_in_(.*),traffic_$1,sum(traf fic_(in|out)_$1)'
--change-short-output --change-long-output	Modify the short/long output that is returned by the plugin. Syntax: --change-short-output=patternreplacementmodifier Most commonly used modifiers are i (case insensitive) and g (replace all occurrences). Example: adding --change-short-output='OKUpgi' will replace all occurrences of 'OK', 'ok', 'Ok' or 'oK' with 'Up'
--change-exit	Replace an exit code with one of your choice. Example: adding --change-exit=unknown=critical will result in a CRITICAL state instead of an UNKNOWN state.
--range-perfdata	Rewrite the ranges displayed in the perfdata. Accepted values: 0: nothing is changed. 1: if the lower value of the range is equal to 0, it is removed. 2: remove the thresholds from the perfdata.
--filter-uom	Mask the units when they don't match the given regular expression.
--opt-exit	Replace the exit code in case of an execution error (i.e. wrong option provided, SSH connection refused, timeout, etc). Default: unknown.
--output-ignore-perfdata	Remove all the metrics from the service. The service will still have a status and an output.
--output-ignore-label	Remove the status label ("OK:", "WARNING:", "UNKNOWN:", CRITICAL:") from the beginning of the output. Example: 'OK: Ram Total:...' will become 'Ram Total:...'
--output-xml	Return the output in XML format (to send to an XML API).
--output-json	Return the output in JSON format (to send to a JSON API).
--output-openmetrics	Return the output in OpenMetrics format (to send to a tool expecting this format).
--output-file	Write output in file (can be combined with json, xml and openmetrics options). E.g.: --output-file=/tmp/output.txt will write the output in /tmp/output.txt.
--disco-format	Applies only to modes beginning with 'list-'. Returns the list of available macros to configure a service discovery rule (formatted in XML).
--disco-show	Applies only to modes beginning with 'list-'. Returns the list of discovered objects (formatted in XML) for service discovery.
--float-precision	Define the float precision for thresholds (default: 8).
--source-encoding	Define the character encoding of the response sent by the monitored resource Default: 'UTF-8'.
--hostname	Name or address of the host to monitor (mandatory).
--snmp-community	SNMP community (default value: public). It is recommended to use a read-only community.
--snmp-version	Version of the SNMP protocol. 1 for SNMP v1 (default), 2 for SNMP v2c, 3 for SNMP v3.
--snmp-port	UDP port to send the SNMP request to (default: 161).
--snmp-timeout	Time to wait before sending the request again if no reply has been received, in seconds (default: 1). See also --snmp-retries.
--snmp-retries	Maximum number of retries (default: 5).
--maxrepetitions	Max repetitions value (default: 50) (only for SNMP v2 and v3).
--subsetleef	How many OID values per SNMP request (default: 50) (for get_leef method. Be cautious when you set it. Prefer to let the default value).
--snmp-autoreduce	Progressively reduce the number of requested OIDs in bulk mode. Use it in case of SNMP errors (by default, the number is divided by 2).
--snmp-force-getnext	Use SNMP getnext function in SNMP v2c and v3. This will request one OID at a time.
--snmp-cache-file	Use SNMP cache file.
--snmp-username	SNMP v3 only: User name (securityName).
--authpassphrase	SNMP v3 only: Pass phrase hashed using the authentication protocol defined in the --authprotocol option.
--authprotocol	SNMP v3 only: Authentication protocol: MD5|SHA. Since net-snmp 5.9.1: SHA224|SHA256|SHA384|SHA512.
--privpassphrase	SNMP v3 only: Privacy pass phrase (privPassword) to encrypt messages using the protocol defined in the --privprotocol option.
--privprotocol	SNMP v3 only: Privacy protocol (privProtocol) used to encrypt messages. Supported protocols are: DES|AES and since net-snmp 5.9.1: AES192|AES192C|AES256|AES256C.
--contextname	SNMP v3 only: Context name (contextName), if relevant for the monitored host.
--contextengineid	SNMP v3 only: Context engine ID (contextEngineID), if relevant for the monitored host, given as a hexadecimal string.
--securityengineid	SNMP v3 only: Security engine ID, given as a hexadecimal string.
--snmp-errors-exit	Expected status in case of SNMP error or timeout. Possible values are warning, critical and unknown (default).
--snmp-tls-transport	Transport protocol for TLS communication (can be: 'dtlsudp', 'tlstcp').
--snmp-tls-our-identity	X.509 certificate to identify ourselves. Can be the path to the certificate file or its contents.
--snmp-tls-their-identity	X.509 certificate to identify the remote host. Can be the path to the certificate file or its contents. This option is unnecessary if the certificate is already trusted by your system.
--snmp-tls-their-hostname	Common Name (CN) expected in the certificate sent by the host if it differs from the value of the --hostname parameter.
--snmp-tls-trust-cert	A trusted CA certificate used to verify a remote host's certificate. If you use this option, you must also define --snmp-tls-their-hostname.

Modes options

All available options for each service template are listed below:

Cpu

Option	Description
--filter-security-module	Filter security module name.
--warning-* --critical-*	Thresholds. Can be: 'average-1m' (%), 'average-5m' (%), 'average-15m' (%).

Faults

Option	Description
--memcached	Memcached server to use (only one server).
--redis-server	Redis server to use (only one server). Syntax: address[:port]
--redis-attribute	Set Redis Options (--redis-attribute="cnx_timeout=5").
--redis-db	Set Redis database index.
--failback-file	Failback on a local file if Redis connection fails.
--memexpiration	Time to keep data in seconds (default: 86400).
--statefile-dir	Define the cache directory (default: '/var/lib/centreon/centplugins').
--statefile-suffix	Define a suffix to customize the statefile name (default: '').
--statefile-concat-cwd	If used with the '--statefile-dir' option, the latter's value will be used as a sub-directory of the current working directory. Useful on Windows when the plugin is compiled, as the file system and permissions are different from Linux.
--statefile-format	Define the format used to store the cache. Available formats: 'dumper', 'storable', 'json' (default).
--statefile-key	Define the key to encrypt/decrypt the cache.
--statefile-cipher	Define the cipher algorithm to encrypt the cache (default: 'AES').
--warning-status	Define the conditions to match for the status to be WARNING (default: '%{severity} =~ /minor|warning/). You can use the following variables: %{description}, %{object}, %{severity}, %{type}, %{acknowledged}, %{since}
--critical-status	Define the conditions to match for the status to be CRITICAL (default: '%{severity} =~ /major|critical/'). You can use the following variables: %{description}, %{object}, %{severity}, %{type}, %{since}
--timezone	Timezone options (the date from the equipment overload that option). Default is 'GMT'.
--memory	Only check new alarms.
--warning-* --critical-*	Thresholds. Can be: 'faults-total', 'faults-critical', 'faults-major', 'faults-warning', 'faults-minor', 'faults-info'.

Hardware

Option	Description
--component	Which component to check (default: '.*'). Can be: 'chassis', 'fan', 'fanmodule', 'psu', 'cpuunit', 'memoryunit'.
--filter	Exclude the items given as a comma-separated list (example: --filter=fan). You can also exclude items from specific instances: --filter=fan,chassis-1
--no-component	Define the expected status if no components are found (default: critical).
--threshold-overload	Use this option to override the status returned by the plugin when the status label matches a regular expression (syntax: section,[instance,]status,regexp). Example: --threshold-overload='fan,WARNING,removed'
--warning	Set warning threshold (syntax: type,regexp,threshold) Example: --warning='temperature,.*,30'
--critical	Set critical threshold (syntax: type,regexp,threshold) Example: --critical='temperature,.*,40'

Interfaces

Option	Description
--memcached	Memcached server to use (only one server).
--redis-server	Redis server to use (only one server). Syntax: address[:port]
--redis-attribute	Set Redis Options (--redis-attribute="cnx_timeout=5").
--redis-db	Set Redis database index.
--failback-file	Failback on a local file if Redis connection fails.
--memexpiration	Time to keep data in seconds (default: 86400).
--statefile-dir	Define the cache directory (default: '/var/lib/centreon/centplugins').
--statefile-suffix	Define a suffix to customize the statefile name (default: '').
--statefile-concat-cwd	If used with the '--statefile-dir' option, the latter's value will be used as a sub-directory of the current working directory. Useful on Windows when the plugin is compiled, as the file system and permissions are different from Linux.
--statefile-format	Define the format used to store the cache. Available formats: 'dumper', 'storable', 'json' (default).
--statefile-key	Define the key to encrypt/decrypt the cache.
--statefile-cipher	Define the cipher algorithm to encrypt the cache (default: 'AES').
--add-global	Check global port statistics (by default if no --add-* option is set).
--add-status	Check interface status.
--add-duplex-status	Check duplex status (with --warning-status and --critical-status).
--add-traffic	Check interface traffic.
--add-errors	Check interface errors.
--add-cast	Check interface cast.
--add-speed	Check interface speed.
--add-volume	Check interface data volume between two checks (not supposed to be graphed, useful for BI reporting).
--check-metrics	If the expression is true, metrics are checked (default: '%{opstatus} eq "up"').
--warning-status	Define the conditions to match for the status to be WARNING. You can use the following variables: %{admstatus}, %{opstatus}, %{duplexstatus}, %{display}
--critical-status	Define the conditions to match for the status to be CRITICAL (default: '%{admstatus} eq "up" and %{opstatus} ne "up"'). You can use the following variables: %{admstatus}, %{opstatus}, %{duplexstatus}, %{display}
--warning-* --critical-*	Thresholds. Can be: 'total-port', 'total-admin-up', 'total-admin-down', 'total-oper-up', 'total-oper-down', 'in-traffic', 'out-traffic', 'in-error', 'in-discard', 'out-error', 'out-discard', 'in-ucast', 'in-bcast', 'in-mcast', 'out-ucast', 'out-bcast', 'out-mcast', 'speed' (b/s).
--units-traffic	Units of thresholds for the traffic (default: 'percent_delta') ('percent_delta', 'bps', 'counter').
--units-errors	Units of thresholds for errors/discards (default: 'percent_delta') ('percent_delta', 'percent', 'delta', 'deltaps', 'counter').
--units-cast	Units of thresholds for communication types (default: 'percent_delta') ('percent_delta', 'percent', 'delta', 'deltaps', 'counter').
--nagvis-perfdata	Display traffic perfdata to be compatible with NagVis widget.
--interface	Define the interface filter on IDs (OID indexes, e.g.: 1,2,...). If empty, all interfaces will be monitored. To filter on interface names, see --name.
--name	With this option, the interfaces will be filtered by name (givenin option --interface) instead of OID index. The name matching mode supports regular expressions.
--regex-id	With this option, interface IDs will be filtered using the --interface parameter as a regular expression instead of a list of IDs.
--speed	Set interface speed for incoming/outgoing traffic (in Mb).
--speed-in	Set interface speed for incoming traffic (in Mb).
--speed-out	Set interface speed for outgoing traffic (in Mb).
--map-speed-dsl	Get interface speed configuration for interfaces of type 'ADSL' and 'VDSL2'. Syntax: --map-speed-dsl=interface-src-name,interface-dsl-name E.g: --map-speed-dsl=Et0.835,Et0-vdsl2
--force-counters64	Force to use 64 bits counters only. Can be used to improve performance.
--force-counters32	Force to use 32-bits counters (even with SNMP versions 2c and 3). To use when 64 bits counters are buggy.
--reload-cache-time	Time in minutes before reloading cache file (default: 180).
--oid-filter	Define the OID to be used to filter interfaces (default: ifName) (values: ifDesc, ifAlias, ifName, IpAddr).
--oid-display	Define the OID that will be used to name the interfaces (default: ifName) (values: ifDesc, ifAlias, ifName, IpAddr).
--oid-extra-display	Add an OID to display.
--display-transform-src --display-transform-dst	Modify the interface name displayed by using a regular expression. Example: adding --display-transform-src='eth' --display-transform-dst='ens' will replace all occurrences of 'eth' with 'ens'
--show-cache	Display cache interface data.

Memory

Option	Description
--filter-switch-num	Filter switch number.
--warning-* --critical-*	Thresholds. Can be: 'usage' (B), 'usage-free' (B), 'usage-prct' (%).

All available options for a given mode can be displayed by adding the --help parameter to the command:

/usr/lib/centreon/plugins/centreon_cisco_firepower_fxos_snmp.pl \
	--plugin=network::cisco::firepower::fxos::snmp::plugin \
	--mode=memory \
	--help