pte900@jatz.aarnet.edu.au (Peter Elford) (09/25/90)
A while back I asked if anyone had an application that retrieved the cisco IP Accounting table via SNMP, preferably using the CMU SNMP package. The only response I got was from Carl Rigney (cdr@brahms.AMD.COM) who had written a Perl script to parse the output of the CMU snmpwalk command. I decided to do it myself and this is the result: gwacc [-c] [-n] [-d] <router> <community> Retrieve the cisco specific IP accounting table from the specified router. -c says get the checkpoint accounting table. -n says don't translate IP addresses into names. -d says dump the SNMP packets in hex. **WARNINGS** -c does not work with release 8.0(13) of the cisco gateway server code. If the checkpoint IP accounting table has not been created (ie. a CLEAR IP ACCOUNTING command has not been given) it will crash routers running 8.1(19) of the cisco gateway server code (to be fixed in the next maintenance release of 8.1). The output looks like this ... Source Destination Packets Bytes 16.1.0.1 129.78.64.1 4 284 16.1.0.1 129.78.64.2 1 71 16.1.0.2 129.78.64.1 3 213 16.1.0.2 129.78.64.2 1 71 16.1.240.23 129.78.64.1 7 483 18.87.0.28 129.78.64.1 1 71 139.130.116.2 129.78.64.5 1 348 : 192.43.207.1 134.148.48.250 4 320 192.52.195.1 129.78.131.11 8 560 192.52.195.1 130.155.128.8 12 812 192.52.195.10 129.78.64.1 4 554 192.52.195.10 129.78.64.2 1 151 192.52.195.10 134.148.16.240 2 248 192.67.67.53 129.78.64.1 2 266 192.67.67.53 134.148.4.2 6 765 The source code is available via anonymous ftp from aarnet.edu.au (130.56.4.16) as file pub/tools/gwacc.c. You will need the CMU SNMP libraries to compile it (available from lancaster.andrew.cmu.edu - 128.2.13.21). I would appreciate it if someone could make this available for ftp in the US rather than everyone beating up our overloaded satellite link (assuming they think it's worth having :-), Peter Elford, e-mail: P.Elford@aarnet.edu.au Network Co-ordinator, phone: +61 6 249 3542 Australian Academic Research Network, fax: +61 6 247 3425 c/o, Computer Services Centre, post: PO Box 4 Australian National University Canberra 2601 Canberra, AUSTRALIA
sblair@synoptics.com (Steven Blair) (09/25/90)
gwacc.c is now available here on the Internet from: syn-gate-gw.synoptics.com(134.177.32.116) in ~ftp/sources login as anonymous, of course -- Steven C. Blair Network Operations Center SynOptics Communications Inc. Mountain View, California INTERNET: sblair@synoptics.com sblair@excalibur.synoptics.com PROBLEMS/EMAIL: HOSTMASTER@SYNOPTICS.COM postmaster@synoptics.com ---->>RIP Stevie Ray Vaughan 1954-1990 You Will Be *Missed*<<----
terpstra@nikhef.nl (Marten Terpstra) (09/26/90)
-- In the message of Sep 25, you write : --
A while back I asked if anyone had an application that retrieved the
cisco IP Accounting table via SNMP, preferably using the CMU SNMP
package. The only response I got was from Carl Rigney
(cdr@brahms.AMD.COM) who had written a Perl script to parse the
output of the CMU snmpwalk command.
Daniel Karrenberg from CWI/EUnet Amsterdam wrote his own program to fetch the
IP accounting from a cisco. He chose to use a direct TCP connection to the
cisco in stead of using SNMP, for speed and the fact that some lower versions
of GS screw up on the SNMP variables with the IP accounting.
The only problem with this is that both passwords for your cisco are included
in the sources, therefore you should be carefull with access rights on these
files.
People interested can find it at mcsun.eu.net (192.16.202.1) in
~/network/cisco/account.shar.Z
Marten
--
Marten Terpstra National Institute for Nuclear
Internet : terpstra@nikhef.nl and High Energy Physics
Oldie-net: {....}mcsun!nikhefh!terpstra (NIKHEF-H), PO Box 41882, 1009 DB
Phone : +31 20 592 5102 Amsterdam, The Netherlandsnewbery@rata.vuw.ac.nz (Michael Newbery) (09/26/90)
I have retrieved the gwacc.c file and made it available for anonymous ftp in New Zealand on rata.vuw.ac.nz. Kiwis take note. (The rest of the world should be aware that our piece of wet string to the Internet runs at 14k4bps, so we are not a very attractive alternate source for gwacc.c) Thanks to Peter for producing the code and letting us all have it. -- Michael Newbery<newbery@rata.vuw.ac.nz> Dear Lucrezia, thank you for the chocolates, they are delic...
nipper@iramu1.ira.uka.de (Arnold Nipper) (09/26/90)
In article <26881@boulder.Colorado.EDU> pte900@jatz.aarnet.edu.au (Peter Elford) writes: >I decided to do it myself and this is the result: > [ ... stuff deleted ... ] > How long does it take to let's say retrieve ~1000 entries from the CISCO via SNMP. We retrieve the data via a telnet program written by Daniel Karrenberg (dfk@cwi.nl) and this works quite fine. With another tool you can have domainnames or information about the IP-networks given by NIC/NSF/RIPE instead of pure IP-addresses. This tool was written by Daniel too. >it's worth having :-), ... because it's via SNMP??? Arnold ******************************************************************************** Arnold Nipper *** Universitaet Karlsruhe, Am Fasanengarten 5 * nipper@ira.uka.de XLINK, Inst. fuer Betr.- und Dialogsysteme, D-7500 Karlsruhe * +49 721 608 4331 ********************************************************************************
pte900@jatz.aarnet.edu.auP (Peter Elford) (09/27/90)
In article <90.269.16:58:45@ira.uka.de>, nipper@iramu1.ira.uka.de (Arnold Nipper) writes: |> How long does it take to let's say retrieve ~1000 entries |> from the CISCO via SNMP. We retrieve the data via a telnet |> program written by Daniel Karrenberg (dfk@cwi.nl) and this |> works quite fine. With another tool you can have domainnames |> or information about the IP-networks given by NIC/NSF/RIPE |> instead of pure IP-addresses. This tool was written by Daniel too. This is true. Because of the MIB structure, each IP accounting table entry (four SNMP variable instances) requires a separate SNMP query. They packets won't be very large, so the time to retrieve "~1000" entries is a function of your network speed and the ability of the router to respondto the queries. Pulling it pack through a telnet sessioon will be more efficient because MIB I defines inherently scalar objects only; the telnet session gets blocks of data (equal to the screen size) thus giving you (sort of) portions of vectors of information. This limitation (of SNMP) is being addressed by the IETF: take a look at draft-ietf-snmp-mibdefinitions-00.txt, which talks about columnar objects. |> >it's worth having :-), You have misquoted me. I was asking sites elsewhere in the Internet to make it available for ftp only if they thought it was worth having. |> ... because it's via SNMP??? Well yes! If you have only a small IP accounting table this is a more elegant way of doing it. Sure, for 1000+ entries elegance is less important compared to getting the data, but if people don't make use of new facilities like SNMP then they are not going to develop to be useful (like the columnar objects). I did forget to mention the responses I got from the guys who had done telnet based IP accounting grabbers (there were two), for which I apologise. Peter Elford, e-mail: P.Elford@aarnet.edu.au Network Co-ordinator, phone: +61 6 249 3542 Australian Academic Research Network, fax: +61 6 247 3425 c/o, Computer Services Centre, post: PO Box 4 Australian National University Canberra 2601 Canberra, AUSTRALIA