No SNMP data returned

[crushkov]

Hi, I've tried to install firewall filter template but it return 0 items.

• Running data query [15].
• Found type = '3' [SNMP Query].
• Found data query XML file at '/usr/share/cacti/site/resource/snmp_queries/Juniper_Firewall_Filter.xml'
• XML file parsed ok.
• <oid_num_indexes> missing in XML file, 'Index Count Changed' emulated by counting oid_index entries
• Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.2636.3.5.2.1.8' Index Count: 0
• No SNMP data returned

Could you recommend anything to check?

cacti Version 0.8.8b
Model: srx210h
JUNOS Software Release [12.1X46-D20.5]

[scline]

Are you using firewall filters or security policies on this device? This template will only pick up firewall filters that are being counted. Can you show me the output of "show firewall" (I believe that's the command to show these stats). Feel free to block out actual filter names in the response :)

…

Sent from my iPhone

On Apr 11, 2017, at 10:14 AM, crushkov ***@***.***> wrote: Hi, I've tried to install firewall filter template but it return 0 items. Running data query [15]. Found type = '3' [SNMP Query]. Found data query XML file at '/usr/share/cacti/site/resource/snmp_queries/Juniper_Firewall_Filter.xml' XML file parsed ok. <oid_num_indexes> missing in XML file, 'Index Count Changed' emulated by counting oid_index entries Executing SNMP walk for list of indexes @ '.1.3.6.1.4.1.2636.3.5.2.1.8' Index Count: 0 No SNMP data returned Could you recommend anything to check? cacti Version 0.8.8b Model: srx210h JUNOS Software Release [12.1X46-D20.5] — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[scline]

If you are using security policies please take a look at this Juniper forum post about this template https://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Cacti-Graph-Templates/td-p/233038

The only way to expose security policy data to snmp is by adding the count statement, example:
set security policies from-zone UNTRUST to-zone TRUST policy POLICY-NAME then count

You will also need to use the SRX Security Policy graphs and not the firewall filter ones. Please let me know if this helps any (^_^).

[crushkov]

Hi, this is my "sh firewall" result
Filter: default_bpdu_filter

Filter: mgmt-in
Counters:
Name Bytes Packets
c_allow_ssh 22279 398

Yes, i'm using security policies and your template works great. I'm using firewall filter to block access to device managment and I want to graph information about dropped pockets to lo0 interface.

term deny-ssh {
from {
protocol tcp;
destination-port ssh;
}
then {
count c_allow_ssh;
log;
discard;

[scline]

Gotcha, form the looks of your rule it should all work. I don't have an SRX up this moment to retest all the things, but this weekend if I can get some time I will throw this up and see if I can find whats wrong.

[crushkov]

Hi, sorry for inconvenience. Have you gotten a time to to check?