Good tool for reporting real-time and trend stats for multiple VPN 3000 concentrators?

Discussion in 'Cisco' started by Heath Roberts, Nov 29, 2005.

  1. Can anyone point me to a good tool that can provide near-real-time and
    trend stats for multiple VPN 3000 concentrators?

    Let's say that I have a cluster of concentrators at a site in D.C.,
    another cluster in San Diego, and one in Paris. I'd like to know at any
    given time how many total users are connected, and be able to drill
    down by site (for example 12000 total users connected, 6000 of them are
    in Paris, 2000 are on one concentrator, and 4000 are on the other).

    The trending would mostly be used to show usage patterns--my Paris
    users connect early in the morning until noon, but San Diego users
    connect all day Saturday. That sort of thing.

    Having the output on a web page would be ideal.

    I've called Cisco, and it seems like they listened to my request, and
    sent me literature on their syslog appliance that can be configured to
    send alarms, but provides no reporting function like what I've
    described, at least not that I can see from the literature. If
    someone's used one of these and can comment I'd appreciate that as

    I've looked at sawmill for analyzing syslogs, and I suspect it could be
    made to do what I need, but I wonder if there are other
    parsers/reporting tools that are better suited to the 3000-series
    concentrators out of the box.

    Heath Roberts, Nov 29, 2005
    1. Advertisements

  2. Heath Roberts

    DigitalVinyl Guest

    I just started working with Concentrators in production this past year
    and I'm still flabergasted that enterprise level VPN appliances don't
    have reporting worth a damn. The only rpeorting is who is logged in
    at this second which is barely useful.

    We have the same issue and someone here is doing a home made script to
    cull the syslogs and generate a DB of sessions.

    I have to say... Nortel Contivity back in 2002 had built in history
    (multiple months) and reporting right on the device. Unlike Cisco's
    their redundant pairs also maintained a sync'd config. I can't believe
    I'm supposed to manually maintain sync'd configs between redundant
    nodes. I've becoming increasingly aware that as Cisco absorbs more
    and more companies to grow markets and remain "competitive" they seem
    to slip further away from building products that fit even basic
    customer needs.

    DiGiTAL_ViNYL (no email)
    DigitalVinyl, Nov 29, 2005
    1. Advertisements

  3. Heath Roberts

    Hansang Bae Guest

    DigitalVinyl wrote:
    [snip: incredible lack of enterprise level reporting]

    I guess if you complain enough, it gets in there. We actually punted
    on the stackable 3700 series switches because it lacked basic snmp
    monitoring. It was a case of "rush it out and call it an enterprise
    switch" "What about the management?" We'll worry about that later!

    But eventually, they do seem to add it in. It'll be interesting as
    they move more and more into other spaces (AON, cable settop boxes etc)

    I must admit, the recent cable box acquisition was a brilliant move.



    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    Hansang Bae, Nov 30, 2005
  4. Heath Roberts

    DigitalVinyl Guest

    We've got a few 3750 stacks and the auto-update-sw function is totally
    unreliable. Only one of four stacks successfully upgraded the slaves.
    And Cisco reps are pushing these stacks as the next-best-thing.
    Meanwhile we've had 3 hardware replacements out of about 16 boxes in
    productions. All three failed within the first few weeks. Maybe we're
    unlucky... i dunno. At another company we experienced similar
    unreliablility with Nortel's latest-greatest set of stacks (in
    2001-don't recall the models).

    With the PIX firewalls I think items like the fact that they still
    haven't come up with a fully functional reliable GUI for their
    firewall is embarassing. The latest ASDM GUI still doesn't compare in
    functionality or reliability to what I used on Checkpoint in 2002!

    With technology changes everybody has problems, but I guess we always
    assume the market leader is the most forward-looking or at least
    talented in that respect. Unfortunately it is often the opposite. I
    still recall Bill Gates' affirmation that there was no commercial
    potential in 'the Internet'. Then suddenly MS woke up.

    I do get frustrated that security and ESPECIALLY manageablility are
    typically unimportant in the design of new technolgoy. As I started
    dealing with fast switching (MLS/CEF) I found that thing we relied
    upon in the apst, like statistics and ACL hits were made useless
    because hardware switching made accounting on the traffic not
    possible. Then of course you can buy new expensive board to enable
    NetFlow technology which gets you back the visibility lost by the last
    technolgical move forward. That type of stuff frustrates me.

    DiGiTAL_ViNYL (no email)
    DigitalVinyl, Dec 1, 2005
  5. Heath Roberts

    brink Guest

    Can anyone point me to a good tool that can provide near-real-time and
    For a single box I'm using good old MRTG to graph the number of active
    users. It should be possible to set that up for multiple units
    and the total ? It's SNMP, use any tool you like.

    Here's an extract from the MRTG config file, the SNMP OID is in there
    if needed :

    ### user count : . ###

    SetEnv[vpn-users]: MRTG_INT_IP="@@@@@" MRTG_INT_DESCR=""
    MaxBytes[vpn-users]: 100
    Title[vpn-users]: Users -- VPN concentrator
    PageTop[vpn-users]: <H1>Users -- VPN concentrator</H1>
    <TR><TD>System:</TD> <TD>Cisco 3000 VPN concentrator in
    <TR><TD>Description:</TD><TD>Users active </TD></TR>
    brink, Dec 1, 2005
  6. Heath Roberts

    Hansang Bae Guest

    DigitalVinyl wrote:
    Not to bash on Cisco too much, but what they hell were they thinking
    putting in such a small drive on their NMS modules? If you span a few
    ports on the 6500, you're done in a few minutes. What were they



    "Somehow I imagined this experience would be more rewarding" Calvin
    **************************ROT13 MY ADDRESS*************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    Hansang Bae, Dec 2, 2005
  7. Heath Roberts

    Johan Guest

    Why not use MRTG or Cacti to monitor the amount of logged in users on your
    Both monitoring tools will do the job, provided that you specify the OID's.
    These can also be found on cacti page.

    I do like MRTG but cacti is easier to work with if you want it to do simple

    Johan, Dec 4, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.