Graphing Sonicwall VPN Tunnel Usage

I have the need to track the network usage between each of our offices. We currently use IPSec based tunnels across the Internet for connectivity between all of our offices (we use a full mesh configuration). I looked around for way to monitor and graph the data for these tunnels off our Sonicwall firewalls, but found no good solution.

So I created the following templates and scripts for monitoring our Sonicwall firewalls via my favorite network monitoring application Cacti. The template includes graphs for CPU Utilization, Memory Usage, Current Connections Cache, and most importantly VPN utilization on a tunnel-by-tunnel.

The script portion (written is PERL) queries the firewall and returns the list of currently active tunnels (by the IP address on the Peer Gateway) as well as the tunnel name and decrypted (received) bytes and encrypted (transmitted) bytes. Because the tunnels are renegotiated (by default every 8 hours) you will experience spikes in your graph unless you follow the installation instructions.

Also because the firewall does not always return the VPN tunnel name you must renegotiate each tunnel prior to creating the graphs the first time in order for it to correctly pull in the name. You may need to do this a couple of times being sure to press the green reload O button in Cacti before they will all show up.

Installation Instructions: Visit my post on the Cacti forums for installing the software.

If you are running SonicOS Enhanced then you be able to graph everything, if you are running SonicOS Standard or the older the 6.X firmware, then you will only get the VPN monitoring as the other stats are unavailable via SNMP.

The following is the usage syntax if you would like to run the script by itself.

query_sonicwall_vpn.pl host community index
query_sonicwall_vpn.pl host community query {peergateway, vpnname, decryptbytes, encryptbytes}
query_sonicwall_vpn.pl host community get {peergateway, vpnname, decryptbytes, encryptbytes} DEVICE

DEVICE is the IP address of the PeerGateway of the tunnel you want

I know the script is less than optimal, but then I’m not really a programmer so I’d appreciate any feedback. Additionally, the basis for the script came from Dan Brummer in this post

Advertisements

Managing Your FLEXlm Licenses with Cacti and phpLicenseWatcher

So you are tasked with managing multiple FLEXlm based software license managers, but you want more than a dump of the current license information into a text file or in some horribly written and truly user-unfriendly Windows GUI. Then I have a couple of web based open source products for you, and while the installs are not the easiest they do offer some great insight into your license usage.

Managing Your License Servers

The first product is phpLicenseWatcher. It presents in a nice web interface all of the information that the command line as well as Windows GUI tool provides, and then some. Quoting from their website:

  • Shows the health of a license server or a group of them
  • Check which licenses are being used and who is currently using them
  • Get a listing of licenses, their expiration dates and number of days to expiration
  • E-mail alert of licenses that will expire within certain time period (i.e. within next 10 days)
  • Monitors license utilization

One of the biggest advantages of the product is that it allows you to monitor and manage multiple servers at once. It even includes the ability to graph your license use, but instead I would recommend the following:

Graphing Your FLEXlm License Usage

As you know I’m a great fan of the Cacti graphing system. Well thanks to the work of a user named pvenezia on their forums, he developed a fantastic template and script for graphing FLEXlm usage. The script allows you to monitor multiple license servers and graph the usage of every application on those servers.

What makes the Cacti based graphs of the FLEXlm servers so nice is that you can combine the data from multiple servers to give you an overall picture of your license use. For example we have multiple FLEXlm servers in different offices handling our AutoCAD use. Following graph shows an example of how I’ve combined the usage data from the multiple servers to show how each office is the licenses (note this is a custom graph create from the data from the referenced script and template).

I highly recommend these two open source solutions for helping you to monitor and manage your FLEXLm license servers and their associated products. It will help you to control your costs (i.e. knowing if you have too many licenses) and better manage who is using your software.

Graphing Motorola Surfboard SB5101 Cable Modem Stats with Cacti

So you’ve got a cable modem, and you’re having problems (or you just like to track everything). You’ve already been to the management page of your cable modem (in most cases it is reachable at http://192.168.100.1/), but now you want more, or at least to be able to track changes over time. What can you do?

Use Cacti to graph the stats on your cable modem. Man that would sure be easy if you only had SNMP access to your DOCSIS cable modem. If you do then check out this post. But, if you’re like me and you have good old Comcast who disables client side SNMP access then you’re going to need a script to scrape your modem’s web based interface.

Here is my script for a Motorola Surfboard SB5101 cable modem (based off this post) which will display the following two graphs within Cacti:

Cable Modem Power Graphs

This graph displays your power levels and signal to noise ratio.

Cable Modem Frequency Graphs

This graph displays the frequencies on which your modem is operating. These should almost never change.

In order to use these you will need to download two items. The first is my Motorola Surfboard SB5101 PERL script which can be downloaded from my Cablemodem Template post on the Cacti Forum and then upload to your Cacti scripts directory.

The second piece to download is my Cacti XML host template also from my Cablemodem Template post on the Cacti Forum. Once downloaded you can import it and then add your devices.

This is my first custom template. As I create additional ones, I add them. If you use this template, please let me know how it works for you.

Cacti’s Painless Network Monitoring


For the past week I’ve submersed myself in the world of Cacti, and have been have a lot of fun making cool graphs. As my staff will attest, I’m really big into monitoring anything and everything on our network. I find it’s very helpful to be able to track usage, capacity, growth, and a bunch of other things. Without some kind of baseline how do you know if things are operating as they should?

Oh, so you’re wondering what Cacti is, well here is the developer’s description:

Cacti is a complete network graphing solution designed to harness the power of RRDTool‘s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Anyway, I’ve been using MRTG for last 8+ years to graph utilization, etc. It was a great product, and I’ve built up a number of useful scripts and hacks to monitor all kinds of things from Windows boxes to printers to email queues. I’ve even built a neat menu system, but it was a real hack. It was hard to manage, add devices, or even make changes. I’ve followed the RRDTool world for a while (and even moved my MRTG configs over to using RRD), but never found a solution that was easy to use and had the flexibility I wanted/needed. That was until I stumbled across Cacti.

Cacti has a templating system that makes adding new devices easy, it as an active user community that is sharing their templates for graphs, and device monitoring. It is really powerful and actually quite easy to use. It even integrates with Nagios, although I have yet to accomplish that integration. In the coming weeks I’ll be sharing my adventures with the installation and configuration as well as some of the templates that I have used and created/modified. So stay tuned for further post about Cacti.