I would like to use Nimsoft to monitor my IPS in my network. We are currently using an ASA-SSM-10 module installed in a ASA 5510. I would like to gather and present it through a customized dashboard
I validated with SNMPWALK that the information is available. I tried using cisco_monitor and for the System data and information but it came back with nothing. Are there any pre-configured packs for monitoring IPS data or what is the best method to gather such data? Thank you in advance for your help.
If you have been able to find OIDs that you want to monitor by using the snmpwalk command, you should be able to configure them in the snmpget probe. (Note that I am talking about the Nimsoft probe named snmpget, not the snmpget command, which is typically available alongside snmpwalk.) You can enter OIDs directly in the probe GUI when defining variables to monitor, but I would recommend browsing to them (in the probe GUI) and then using drag-and-drop to add them to profiles or templates. Before you do this, you should upload the appropriate SNMP MIB(s) to the probe (which also done in the GUI). Then you will get more user-friendly information when browsing and in the variable definitions by default.
I am currently monitoring sourcefire IPS modules on an ASA. Using the oids mapped out in snmpget I was able to build a template. I have also setup trapping from the asa to get the attack information. The issue I run into is that each attack entry is on the same oid, so therefore same alert correlated into the next....so one entry in the alarm console with a counter showing how many times the oid has alarmed. There is a workaround to change up event correlation , but this leads to a whole other set of issues.