5.02021-11-21T21:35:09ZHalley templateHalley Firewall Watchguard M400Halley Firewall Watchguard M400## Overview
Template for monitoring Firebox Watchuard M400 Firewall with explanations and advices. The mibs are there: <https://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/basicadmin/snmp_about_mibs_c.html>
The content of template:
6 Applications: CPU, Disk Partitions, General, Interfaces, Memory, Traffic rules
10 SNMPv2 and calculated items
Cached memory, Swap used space, Free physical memory in%, Total physical memory, ping check, Device localtion, uptime, description, name
4 LLD rules for:
a) Access rules - taken from template M300 on share.zabbix.com (thanks) to discover traffic on access rules with graph
b) Disk partitions - with filter in post processing to discover (/var, /boot, /, and /tmp) - total and used space
c) Network interfaces - discover incoming/outgoing traffic, operational state and inbound/outbound errors on interface (need to enable) + trigger and graph. To not discover no need interface like virtual or loopback create in Administration->General-> Regular expressions a rule to not allow per example virtual interfaces: (?!)Virtual -result FALSE
d) Processors - discover and monitor with trigger the load on processors
## Author
Ticau Tudor
Halley templateCPUDisk partitionsGeneralInterfacesMemoryTraffic rules- Free physical memory in %CALCULATEDhrStorageFree.1301wFLOAT%(last("hrStorageUsed.1")/last("hrStorageSize.1"))*100Free physical memory in percentage. The memory on this device is an CF cardMemory{last()}<10Lack of available memory on {HOST.NAME}AVERAGEYESValue{ITEM.VALUE}
- Total physical memorySNMP_AGENTHOST-RESOURCES-MIB::hrStorageSize.1hrStorageSize.1301wBTotal physical memory. The memory on this device is an CF cardMemoryMULTIPLIER1024
- Used physical memorySNMP_AGENTHOST-RESOURCES-MIB::hrStorageUsed.1hrStorageUsed.1301wBUsed physical memory. The memory on this device is an CF cardMemoryMULTIPLIER1024
- Cached memorySNMP_AGENTHOST-RESOURCES-MIB::hrStorageUsed.7hrStorageUsed.7301wBCached memory. The memory on this device is an CF cardMemoryMULTIPLIER1024
- Swap used spaceSNMP_AGENTHOST-RESOURCES-MIB::hrStorageUsed.10hrStorageUsed.10301wBSwap used space. The memory on this device is an CF cardMemoryMULTIPLIER1024
- Device descriptionSNMP_AGENTSNMPv2-MIB::sysDescr.0sysDescr301w0CHARA textual description of the entity. This value should include the full name and version identification of the system's hardware type, software operating-system, and networking software.HARDWAREGeneral
- Device locationSNMP_AGENTSNMPv2-MIB::sysLocation.0sysLocation301w0CHARThe physical location of this node (e.g., `telephone closet, 3rd floor'). If the location is unknown, the value is the zero-length string.LOCATIONGeneral
- Device nameSNMP_AGENTSNMPv2-MIB::sysName.0sysName301w0CHARAn administratively-assigned name for this managed node. By convention, this is the node's fully-qualified domain name. If the name is unknown, the value is the zero-length string.NAMEGeneral
- Device uptimeSNMP_AGENTSNMPv2-MIB::sysUpTime.0sysUpTime301wuptimeThe time since the network management portion of the system was last re-initialized.GeneralMULTIPLIER0.01
ProcessorsSNMP_AGENTdiscovery[{#SNMPVALUE},HOST-RESOURCES-MIB::hrProcessorLoad]hrProcessorLoad1dDiscover the processors of the firewall deviceProcessor $1 typeSNMP_AGENTHOST-RESOURCES-MIB::hrDeviceDescr.{#SNMPINDEX}hrDeviceDescr[{#SNMPINDEX}]0CHARProcessor typeCPUUtilization of processor $1SNMP_AGENTHOST-RESOURCES-MIB::hrProcessorLoad.{#SNMPINDEX}hrProcessorLoad[{#SNMPINDEX}]%The average, over the last minute, of the percentage of time that this processor was not idle. Implementations may approximate this one minute smoothing period if necessary.CPU{last(,300)}>70Utilization of processor {#SNMPINDEX} over 70%AVERAGECPU on {HOST.NAME} is over 70%YESValue{ITEM.VALUE}Utilization of processor {#SNMPINDEX}1A7C11- Halley Firewall Watchguard M400hrProcessorLoad[{#SNMPINDEX}]
Disk partitionsSNMP_AGENTdiscovery[{#SNMPVALUE},HOST-RESOURCES-MIB::hrStorageDescr]hrStorageDescr1d{#SNMPVALUE}^(/var|/|/boot|/tmp)$AThe rule will discover all disk partitions matching the global regexp "Storage devices for SNMP discovery".
{$SNMP_COMMUNITY} is a global macro.Description of storage $1SNMP_AGENTHOST-RESOURCES-MIB::hrStorageDescr.{#SNMPINDEX}hrStorageDescr[{#SNMPVALUE}]30s0CHARA description of the type and instance of the storage described by this entry.Disk partitionsTotal disk space on $1SNMP_AGENTHOST-RESOURCES-MIB::hrStorageSize.{#SNMPINDEX}hrStorageSize[{#SNMPVALUE}]30sBtotal disk space in bytes.Disk partitionsMULTIPLIER10240Used disk space on $1SNMP_AGENTHOST-RESOURCES-MIB::hrStorageUsed.{#SNMPINDEX}hrStorageUsed[{#SNMPVALUE}]30sBUsed disk space in bytes.Disk partitionsMULTIPLIER10240{Halley Firewall Watchguard M400:hrStorageUsed[{#SNMPVALUE}].last(0)} / {Halley Firewall Watchguard M400:hrStorageSize[{#SNMPVALUE}].last(0)} > 0.8Free disk space is less than 20% on volume {#SNMPVALUE}WARNINGDisk space usage {#SNMPVALUE}6003400NONOPIEYES1A7C11- Halley Firewall Watchguard M400hrStorageSize[{#SNMPVALUE}]
1F63100- Halley Firewall Watchguard M400hrStorageUsed[{#SNMPVALUE}]
Network interfacesSNMP_AGENTdiscovery[{#SNMPVALUE},IF-MIB::ifDescr]ifDescr1dYou may also consider using IF-MIB::ifType or IF-MIB::ifAlias for discovery depending on your filtering needs.
{$SNMP_COMMUNITY} is a global macro.Inbound errors on interface $1SNMP_AGENTIF-MIB::ifInErrors.{#SNMPINDEX}ifInErrors[{#SNMPVALUE}]DISABLEDFor packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol.InterfacesCHANGE_PER_SECONDIncoming traffic on interface $1SNMP_AGENTIF-MIB::ifInOctets.{#SNMPINDEX}ifInOctets[{#SNMPVALUE}]30sBpsThe number of octets in valid MAC frames received on this interface in 1 second, including the MAC header and FCS.InterfacesCHANGE_PER_SECONDMULTIPLIER8Operational status of interface $1SNMP_AGENTIF-MIB::ifOperStatus.{#SNMPINDEX}ifOperStatus[{#SNMPVALUE}]The current operational state of the interface.Interfaces{diff(0)}=1Operational status was changed on {HOST.NAME} interface {#SNMPVALUE}INFOYESOutbound errors on interface $1SNMP_AGENTIF-MIB::ifOutErrors.{#SNMPINDEX}ifOutErrors[{#SNMPVALUE}]DISABLEDFor packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors.InterfacesCHANGE_PER_SECONDOutgoing traffic on interface $1SNMP_AGENTIF-MIB::ifOutOctets.{#SNMPINDEX}ifOutOctets[{#SNMPVALUE}]BpsThe number of octets transmitted in MAC frames on this interface per second , including the MAC header and FCS.InterfacesCHANGE_PER_SECONDMULTIPLIER8Traffic on interface {#SNMPVALUE}1A7C11- Halley Firewall Watchguard M400ifInOctets[{#SNMPVALUE}]
1F63100- Halley Firewall Watchguard M400ifOutOctets[{#SNMPVALUE}]
Access RulesSNMP_AGENTdiscovery[{#SNMPVALUE},.enterprises.3097.4.2.2.1.2]rule[{#SNMPVALUE}]1dhttps://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/basicadmin/snmp_mibs_details_c.htmlTraffic on {#SNMPVALUE}SNMP_AGENT.enterprises.3097.4.2.2.1.3.{#SNMPINDEX}Traffic[{#SNMPVALUE}]BpsTraffic rulesCHANGE_PER_SECONDMULTIPLIER8Traffic on {#SNMPVALUE}1A7C11- Halley Firewall Watchguard M400Traffic[{#SNMPVALUE}]
{$SNMP_COMMUNITY}MonitorZabbixMemory Usage1A7C11- Halley Firewall Watchguard M400hrStorageSize.1
1F63100- Halley Firewall Watchguard M400hrStorageUsed.1
Swap used space1A7C11- Halley Firewall Watchguard M400hrStorageUsed.10