Cisco Firepower data source

6 years ago

It's been a while since I looked at it, so I may have forgotten some pieces.

We've started to add these FTD devices to monitoring and discovered that there is a different configuration required for monitoring them. There are plenty of firewall metrics available via SNMP to monitor, but they aren't available if you follow Cisco's best practice recommendations.

FXOS 2100 mibs

FXOS 4100/9300 mibs

There is a platform "hypervisor" and the firewall runs on top of that. In order to get the firewall stats, you need to have a management VLAN separate from the data VLAN, and then add an IP address in the management VLAN to the mgmt interface in order to give access to monitor the firewall OIDs. The mgmt interface is a sub-interface attached to the MGMT port.

We had a TAC case open and Cisco couldn't figure this out. They closed the case after telling us this was a bug.

Without setting this management network and IP address up, you will only be able to monitor the hypervisor.

We only have one customer running the device, and they have to implement the management VLAN, so we haven't been able to test.

The API monitoring would be great to have implemented, as I assume it wouldn't require the management VLAN.

Forum Discussion

Related Content

Which property source sets system.collector?

Event Sources SNMP and Windows collectors?

LogicMonitor Datamart (Free / Open Source)

FirePower Config Source

Config Source Cached?

Recent Discussions

Dashboard Sharing – An Inline Framing Method

2021-12-15 US Office Hours

Live Training - Tuning Datapoints and Alerts - 15th JUNE 2022 - APAC

Live Training - Introduction to Dashboards - 18th MAY 2022 - APAC

2022-05-11- APAC Product Overview -Collectors, Resources/Groups, Dashboards