Index: html/includes/graphs/port/sec_addresses.inc.php
===================================================================
--- html/includes/graphs/port/sec_addresses.inc.php (nonexistent)
+++ html/includes/graphs/port/sec_addresses.inc.php (working copy)
@@ -0,0 +1,43 @@
+ 'MaxSecureMacAddr', 'descr' => 'Max allowed'),
+ array('ds' => 'CurSecureMacAddr', 'descr' => 'Current'),
+);
+
+$i = 0;
+$rrd_filename = get_port_rrdfilename($port, "security", TRUE);
+
+if (is_file($rrd_filename))
+{
+ foreach ($datasets as $dataset)
+ {
+ $rrd_list[$i]['filename'] = $rrd_filename;
+ $rrd_list[$i]['descr'] = $dataset['descr'];
+ $rrd_list[$i]['ds'] = $dataset['ds'];
+ $i++;
+ }
+}
+
+$colours = "mixed";
+$nototal = 1;
+$unit_text = "MAC Addresses";
+$simple_rrd = 1;
+$scale_min = 0;
+
+include($config['html_dir']."/includes/graphs/generic_multi_line.inc.php");
+
+// EOF
Index: html/includes/graphs/port/sec_violations.inc.php
===================================================================
--- html/includes/graphs/port/sec_violations.inc.php (nonexistent)
+++ html/includes/graphs/port/sec_violations.inc.php (working copy)
@@ -0,0 +1,42 @@
+ 'ViolationCount', 'descr' => 'Violations'),
+);
+
+$i = 0;
+$rrd_filename = get_port_rrdfilename($port, "security", TRUE);
+
+if (is_file($rrd_filename))
+{
+ foreach ($datasets as $dataset)
+ {
+ $rrd_list[$i]['filename'] = $rrd_filename;
+ $rrd_list[$i]['descr'] = $dataset['descr'];
+ $rrd_list[$i]['ds'] = $dataset['ds'];
+ $i++;
+ }
+}
+
+$colours = "mixed";
+$nototal = 1;
+$unit_text = "Violations/sec";
+$simple_rrd = 1;
+$scale_min = 0;
+
+include($config['html_dir']."/includes/graphs/generic_multi_simplex_separated.inc.php");
+
+// EOF
Index: html/pages/device/port/graphs.inc.php
===================================================================
--- html/pages/device/port/graphs.inc.php (revision 9786)
+++ html/pages/device/port/graphs.inc.php (working copy)
@@ -101,6 +101,23 @@
print_graph_row_port($graph_array, $port);
echo('');
}
+
+ if (is_file(get_port_rrdfilename($port, "security", TRUE)))
+ {
+ echo('');
+ echo("Port Security MAC Addresses");
+ $graph_array['type'] = "port_sec_addresses";
+
+ print_graph_row_port($graph_array, $port);
+ echo(' |
');
+
+ echo('');
+ echo("Port Security Violations");
+ $graph_array['type'] = "port_sec_violations";
+
+ print_graph_row_port($graph_array, $port);
+ echo(' |
');
+ }
}
?>
Index: includes/defaults.inc.php
===================================================================
--- includes/defaults.inc.php (revision 9786)
+++ includes/defaults.inc.php (working copy)
@@ -953,6 +953,7 @@
$config['enable_ports_adsl'] = 1; // Enable ADSL-LINE-MIB
$config['enable_ports_vlan'] = 1; // Enable Vlan collection
$config['enable_ports_fdbcount'] = 0; // Enable count of FDB per-port.
+$config['enable_ports_port_security'] = 0; // Enable port security counters
$config['enable_ports_ipifstats'] = 1; // Enable graphing of IP-MIB::ipIfStats.
$config['enable_ports_jnx_cos_qstat'] = 1; // Enable graphing of CoS queues per-port.
$config['enable_ports_sros_egress_qstat'] = 1; // Enable graphing of egress queues per-port.
Index: includes/definitions/graphtypes.inc.php
===================================================================
--- includes/definitions/graphtypes.inc.php (revision 9786)
+++ includes/definitions/graphtypes.inc.php (working copy)
@@ -41,6 +41,8 @@
$config['graph_types']['port']['discards'] = array('name' => 'Discards', 'descr' => "Discards/sec");
$config['graph_types']['port']['etherlike'] = array('name' => 'Ethernet Errors', 'descr' => "Detailed Errors/sec for Ethernet-like interfaces");
$config['graph_types']['port']['fdb_count'] = array('name' => 'FDB counts', 'descr' => "FDB usage");
+$config['graph_types']['port']['sec_addresses'] = array('name' => 'MAC Addresses', 'descr' => "Port Security limits");
+$config['graph_types']['port']['sec_violations'] = array('name' => 'MAC Violations', 'descr' => "Port Security violations");
$config['graph_types']['oid_entry']['graph'] = array('name' => 'OID Graph', 'descr' => 'Custom OID Graph');
Index: includes/definitions/mibs/cisco.inc.php
===================================================================
--- includes/definitions/mibs/cisco.inc.php (revision 9786)
+++ includes/definitions/mibs/cisco.inc.php (working copy)
@@ -410,6 +410,12 @@
$config['mibs'][$mib]['mib_dir'] = 'cisco';
$config['mibs'][$mib]['descr'] = '';
+$mib = 'CISCO-PORT-SECURITY-MIB';
+$config['mibs'][$mib]['enable'] = 1;
+$config['mibs'][$mib]['identity_num'] = '.1.3.6.1.4.1.9.9.315';
+$config['mibs'][$mib]['mib_dir'] = 'cisco';
+$config['mibs'][$mib]['descr'] = 'Port Security';
+
$mib = 'CISCO-POWER-ETHERNET-EXT-MIB';
$config['mibs'][$mib]['enable'] = 1;
$config['mibs'][$mib]['identity_num'] = '.1.3.6.1.4.1.9.9.402';
Index: includes/definitions/os.inc.php
===================================================================
--- includes/definitions/os.inc.php (revision 9786)
+++ includes/definitions/os.inc.php (working copy)
@@ -221,6 +221,7 @@
$config['os_group'][$os_group]['mibs'][] = "CISCO-BGP4-MIB";
$config['os_group'][$os_group]['mibs'][] = "CISCO-RTTMON-MIB"; // SLA
$config['os_group'][$os_group]['mibs'][] = "CISCO-FLASH-MIB";
+$config['os_group'][$os_group]['mibs'][] = "CISCO-PORT-SECURITY-MIB";
$config['os_group'][$os_group]['mibs'][] = "CISCO-POWER-ETHERNET-EXT-MIB";
$config['os_group'][$os_group]['mibs'][] = "CISCO-AAA-SESSION-MIB";
$config['os_group'][$os_group]['mibs'][] = "CISCO-RF-MIB";
Index: includes/definitions/rrdtypes.inc.php
===================================================================
--- includes/definitions/rrdtypes.inc.php (revision 9786)
+++ includes/definitions/rrdtypes.inc.php (working copy)
@@ -286,6 +286,15 @@
),
);
+config['rrd_types']['port-security'] = array(
+ 'file' => 'port-%index%-security.rrd',
+ 'ds' => array(
+ 'MaxSecureMacAddr' => array('type' => 'GAUGE', 'min' => 0),
+ 'CurSecureMacAddr' => array('type' => 'GAUGE', 'min' => 0),
+ 'ViolationCount' => array('type' => 'COUNTER', 'max' => 100000000000),
+ ),
+);
+
$config['rrd_types']['port-adsl'] = array(
'file' => 'port-%index%-adsl.rrd',
// 'graphs' => array('port_adsl'), // not a device graph
Index: includes/polling/ports/cisco-port-security-mib.inc.php
===================================================================
--- includes/polling/ports/cisco-port-security-mib.inc.php (nonexistent)
+++ includes/polling/ports/cisco-port-security-mib.inc.php (working copy)
@@ -0,0 +1,30 @@
+ $this_port['cpsIfMaxSecureMacAddr'],
+ 'CurSecureMacAddr' => $this_port['cpsIfCurrentSecureMacAddrCount'],
+ 'ViolationCount' => $this_port['cpsIfViolationCount'],
+ ), get_port_rrdindex($port));
+
+ if ($GLOBALS['config']['statsd']['enable'] == TRUE)
+ {
+ foreach ($portsec_oids as $oid)
+ {
+ // Update StatsD/Carbon
+ StatsD::gauge(str_replace(".", "_", $device['hostname']).'.'.'port'.'.'.$this_port['ifIndex'].'.'.$oid, $this_port[$oid]);
+ }
+ }
+ }
+}
+
+// EOF