Re: Cisco 151e PIX & MRTG
From: Spack (news_at_worldofspack.co.uk)
Date: 03/10/05
- Next message: Spack: "Re: Cisco 151e PIX & MRTG"
- Previous message: Wolfgang Kueter: "Re: Cisco 151e PIX & MRTG"
- In reply to: William L. Sun: "Re: Cisco 151e PIX & MRTG"
- Next in thread: Wolfgang Kueter: "Re: Cisco 151e PIX & MRTG"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Mar 2005 11:06:27 -0000
William wrote on Wed, 9 Mar 2005 23:40:06 -0800:
> Enable SNMP is not a recommended practice in general. You can have your
> firewall to send SNMP trap to your monitor station.
PIX SNMP traps are only capable of sending what can be sent via syslog,
which are sent in response to changes (links going up/down, rules being hit,
connections being made, etc). The OP is asking how to get MRTG to request
data to generate usage charts - these tend to be current state requests for
traffic and connection counts at intervals from the machine running MRTG,
and therefore need to request the data via SNMP as this cannot be done using
traps AFAIK.
By restricting SNMP requests to a single host on the inside interface the
risk is significantly reduced, especially in a known LAN environment. And as
I understand it polling hosts can only read data, not write back.
Dan
- Next message: Spack: "Re: Cisco 151e PIX & MRTG"
- Previous message: Wolfgang Kueter: "Re: Cisco 151e PIX & MRTG"
- In reply to: William L. Sun: "Re: Cisco 151e PIX & MRTG"
- Next in thread: Wolfgang Kueter: "Re: Cisco 151e PIX & MRTG"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
