Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Sep 19, 2022
Solved

SNMP OID for SSL TPS

I'm looking for the OID of the SSL TPS, like they will be displayed in the "Performance Reports" screen in the section SSL Transactions. As of now I only use the OID for open connections, which is fine for current TCP connections. It also contains a value for SSL connections, but this is only for VPN or APM session, right?

Based on a snmpwalk I identified "ltmClientSslStatCurConns."<clientSSL-profile name>", but this is individual for each SSL-profile. Is there also an automatic sum of all these different sub-OIDs as a single OID or do I have to calculate this in my monitoring tool? I mean, where does the performance graph is taking this information from?

Thank you!

Regards Stefan ๐Ÿ™‚

9 Replies

  • HI Stefan_Klotz:

    This is the monitoring of My Prodection environment,

    I am using Telegraf + Influxdb + Grafana to gather together.

    Hope it helps you.

    have a nice day!!!

     

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin

      that looks cool, oscarnet. Could you share more details on how you've integrated those tools into a production workflow? That would make a good CrowdSrc article!

  • Did you check the OID in the MIB Browser program?

    this program is useful for finding OIDs

    • Stefan_Klotz's avatar
      Stefan_Klotz
      Icon for Cumulonimbus rankCumulonimbus

      No, I didn't use a MIB browser yet. I made a snmpwalk from the root and enabled logging of the putty-session. I opened the resulted text-file in Excel and splitted the output in several columns. But I will try with a MIB browser as well, maybe I'll find something more.

      But still the question to others, if the overall SSL TPS is available as a direct SNMP OID.

      Thank you!

      Regards Stefan ๐Ÿ™‚

  • I'm just looking for the values, which will be displayed in this diagram:

    I mean, where does the WebGUI taking these values from?

    Thank you!

    Regards Stefan ๐Ÿ™‚

      • JRahm's avatar
        JRahm
        Icon for Admin rankAdmin

        I'd add that you can gather all the values (if not exactly the OID name at least the relative name) and compare from first /config/stats.conf and the resulting rrd files from the *.info files in /var/rrd, for example, from /var/rrd/connections.info:

        # DO NOT DELETE OR MODIFY this autogenerated file.
        # This file contains the contents of the RRDFILE section
        # of the statsd.conf file used to
        # generate the rrdfile: '/var/rrd/connections'
        # To restore the /config/statsd.conf contents to match this
        # rrdfile, replace the existing rrdfile entry for /var/rrd/connections
        # with the contents of this file
        RRDFILE "/var/rrd/connections" {
            DATASOURCE "sslcurclientconns" {
                EXPR       "sslcurclientconns"
                DSTYPE     GAUGE
                MIN       0
                MAX     UNKNOWN
            }
            DATASOURCE "sslcurserverconns" {
                EXPR       "sslcurserverconns"
                DSTYPE     GAUGE
                MIN       0
                MAX     UNKNOWN
            }
            DATASOURCE "ssltotnatclient" {
                EXPR       "ssltotnatclient"
                DSTYPE     DERIVE
                MIN       0
                MAX     UNKNOWN
            }
            DATASOURCE "ssltotcomclient" {
                EXPR       "ssltotcomclient"
                DSTYPE     DERIVE
                MIN       0
                MAX     UNKNOWN
            }
            DATASOURCE "ssltotnatserver" {
                EXPR       "ssltotnatserver"
                DSTYPE     DERIVE
                MIN       0
                MAX     UNKNOWN
            }
            DATASOURCE "ssltotcomserver" {
                EXPR       "ssltotcomserver"
                DSTYPE     DERIVE
                MIN       0
                MAX     UNKNOWN
            }

        You can even repurpose that exact data if you want instead of duplicating the polling by using the rrdtool export command. An exmaple of that is shown in this thread.

  • Thanks oscarnet, this is exactly what I'm looking for.
    I was almost there, but with the huge amount of OIDs from the root snmpwalk, I had simply overseen this specific OID.
    I think I will use the sysClientsslStatCurNativeConns, then I don't need any further calculation.

    Regards Stefan ๐Ÿ™‚