Overall Traffic not including Cisco Firepower interfaces

pepperoni-pi · 24 January 2020 22:25

I added 4 firepower appliances to my relatively fresh install of LibreNMS and it seems to be pulling in all of the data I need, but the Overall Traffic graph is not including all of the needed interfaces. It is only drawing one interface “diagnostic”, but ignoring all of the other interfaces i.e. “Adaptive Security Appliance ‘Outside’ interface”. I tried getting it to pull them using the “good_if” configuration option but it did not make any difference.

Excerpt from /opt/librenms/config.php

$config[‘good_if’] = “adaptive”;

Excerpt from ports table for “Outside” interface

SELECT port_id,ifDescr,ifName,ifType,ifAlias FROM ports WHERE port_id = 36264;
±--------±------------------------------------------------±--------±------------±------------------------------------------------+
| port_id | ifDescr | ifName | ifType | ifAlias |
±--------±------------------------------------------------±--------±------------±------------------------------------------------+
| 36264 | Adaptive Security Appliance ‘Outside’ interface | Outside | propVirtual | Adaptive Security Appliance ‘Outside’ interface |
±--------±------------------------------------------------±--------±------------±------------------------------------------------+

Overall Traffic (only includes traffic from “diagnostic” interface)

Chas · 25 January 2020 15:56

not sure, but could be because ifType ends in “irtual” which would seem to be blocked by default in the “bad_ifType” array.

You could try overriding that array in your config by unsetting. See example here Cisco ATM interface not discovered

pepperoni-pi · 27 January 2020 15:09

I don’t see “irtual” in the “bad_ifType” array, but I do have it under the “bad_if” array (image included below). That shouldn’t apply to this interface since “bad_if” should only match the “ifDescr” value right? I might be misunderstanding the purpose of the “good_if” option. I thought that was a way to override the default “bad_if” values to un-ignore an interface based on the “ifDescr” value. Is that not the case?

Chas · 27 January 2020 19:58

Yes it’s meant to match ifDescr . Did you try with a capital A aswell to match the ifDescr?

$config['good_if'][] = 'Adaptive';

pepperoni-pi · 27 January 2020 20:29

I did try it, but I will try again. This page (https://docs.librenms.org/Developing/os/Settings/) says that it should be case insensitive. Do I need to remove and add the device again after making the change to the config.php file?

pepperoni-pi · 28 January 2020 15:19

Traffic from “diagnostic” interface

Traffic from “Outside” interface

pepperoni-pi · 28 January 2020 16:22

Okay, I found under the FAQ (FAQ - LibreNMS Docs) that I was looking at the wrong config values. I should have been using “device_traffic_iftype”, by unsetting it and then recreating it, but commenting out the “/virtual/” entry. For example:

# device_traffic_iftype 
unset($config['device_traffic_iftype']);
$config['device_traffic_iftype'][] = "/loopback/";
$config['device_traffic_iftype'][] = "/tunnel/";
#$config['device_traffic_iftype'][] = "/virtual/";
$config['device_traffic_iftype'][] = "/mpls/";
$config['device_traffic_iftype'][] = "/ieee8023adLag/";
$config['device_traffic_iftype'][] = "/l2vlan/";
$config['device_traffic_iftype'][] = "/ppp/";

FIREPOWER: Overall Traffic after removing “/virtual/” from “device_traffic_ifType”

The only problem I have with this is that it also enables a slew of other interfaces that I had no intention of enabling in the overall traffic graphs because their ifType is also “propVirtual”, not necessarily for this device, but other devices. For example (separate device, not firepower):

NOT FIREPOWER: before removing “/virtual/” does not include port-channels

NOT FIREPOWER: after removing “/virtual/” the Overall Traffic graph does include port-channels

This is problematic because the throughput being added from the port-channels is already being added by the physical interface counters doubling the amount of traffic displayed for those interfaces in the Overall Traffic graph. I could manually add “/port-channel/” to the “device_traffic_descr” config as well as all of the other interfaces that have been inadvertently enabled, but I’d rather be able to whitelist an interface than have to go through and manually blacklist everything else especially given that I likely won’t notice that the traffic is being graphed twice until there is some kind of issue. Is there a way to whitelist an interface for the Overall Traffic graph? Like “device_traffic_good_descr” so you can use the ifDescr to include it?

pepperoni-pi · 29 January 2020 15:00

I opened a Feature Request to have something life $config[‘device_traffic_good_ifalias’] or $config[‘device_traffic_good_ifdescr’] added so interfaces can be whitelisted to be included in the Overall Traffic graph based on the ifAlias or ifDescr values.

Link:

wat-doing · 3 June 2021 06:30

I’m experiencing the same for out Firepower firewalls. I read through the link above (and the other links that spawned off that) and it seems like this fizzled out. A merge request that didn’t seem to go anywhere?
Does anyone know if this hit a dead end, or is work possibly still progressing to resolve the issue?

pepperoni-pi · 24 August 2021 21:43

I ended up having to address my issue by unsetting and redefining “device_traffic_iftype” and “device_traffic_descr” in my config.php.

system · 25 October 2022 17:50

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.