PanOS 8.1.5 No SNMP ifInOctets/ifOutOctets

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PanOS 8.1.5 No SNMP ifInOctets/ifOutOctets

L1 Bithead

We recently upgraded our firewall to version 8.1.5 and noticed that SNMP data traffic monitoring stopped working. If we get de SNMP values, we receive this informations:

 

 

IF-MIB::ifIndex.9 = INTEGER: 9
IF-MIB::ifDescr.9 = STRING: ethernet1/4
IF-MIB::ifType.9 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.9 = INTEGER: 1500
IF-MIB::ifSpeed.9 = Gauge32: 100000000
IF-MIB::ifPhysAddress.9 = STRING: 0:86:9c:84:3f:13
IF-MIB::ifAdminStatus.9 = INTEGER: up(1)
IF-MIB::ifOperStatus.9 = INTEGER: up(1)
IF-MIB::ifLastChange.9 = Timeticks: (0) 0:00:00.00
IF-MIB::ifInOctets.9 = Counter32: 0
IF-MIB::ifInUcastPkts.9 = Counter32: 0
IF-MIB::ifInNUcastPkts.9 = Counter32: 0
IF-MIB::ifInDiscards.9 = Counter32: 0
IF-MIB::ifInErrors.9 = Counter32: 0
IF-MIB::ifInUnknownProtos.9 = Counter32: 0
IF-MIB::ifOutOctets.9 = Counter32: 0
IF-MIB::ifOutUcastPkts.9 = Counter32: 0
IF-MIB::ifOutNUcastPkts.9 = Counter32: 0
IF-MIB::ifOutDiscards.9 = Counter32: 0
IF-MIB::ifOutErrors.9 = Counter32: 2293361

 

Notice the zero ifInOctets and ifOutOctets values.

 

In the firewall CLI, we get the values:

 

>show interface ethernet1/4

--------------------------------------------------------------------------------
Name: ethernet1/4, ID: 19
Link status:
  Runtime link speed/duplex/state: 100/half/up
  Configured link speed/duplex/state: auto/auto/auto
MAC address:
  Port MAC address 00:86:9c:84:3f:13
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/4, ID: 19
Operation mode: layer3
Virtual router default
Interface MTU 1500
Interface IP address: ###.###.###.###/##
Interface management profile: default
  ping: yes  telnet: no  ssh: yes  http: no  https: yes
  snmp: yes  response-pages: yes  userid-service: yes
Service configured: IKE
Zone: external, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast                  61123
rx-bytes                      53526882686
rx-multicast                  196
rx-unicast                    51082677
tx-broadcast                  65
tx-bytes                      9766237925
tx-multicast                  0
tx-unicast                    36211878
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
--------------------------------------------------------------------------------
rx packets 64 bytes                      10111961
rx packets 65 to 127 bytes               31737416
rx packets 128 to 255 bytes              2072235
rx packets 256 to 511 bytes              1969770
rx packets 512 to 1023 bytes             2070995
rx packets 1024+ bytes                   39427569
collisions                               756704
late_collisions                          612166
sent_deferred                            2304503
sent_multiple                            124474
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received                           678602007
bytes transmitted                        97658231
packets received                         616505
packets transmitted                      409213
receive incoming errors                  0
receive discarded                        0
receive errors                           67
packets dropped                          0
--------------------------------------------------------------------------------

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received                           678597987
bytes transmitted                        97658231
packets received                         616438
packets transmitted                      409213
receive errors                           0
packets dropped                          110
packets dropped by flow state check      37
forwarding errors                        0
no route                                 0
arp not found                            0
neighbor not found                       0
neighbor info pending                    0
mac not found                            0
packets routed to different zone         0
land attacks                             0
ping-of-death attacks                    0
teardrop attacks                         0
ip spoof attacks                         0
mac spoof attacks                        0
ICMP fragment                            0
layer2 encapsulated packets              0
layer2 decapsulated packets              0
tcp cps                                  1
udp cps                                  0
sctp cps                                 0
other cps                                0
--------------------------------------------------------------------------------

 

 

Is this a known bug?

 

System Info

 

show system info

hostname: #############
ip-address: ###.###.###.###
public-ip-address: unknown
netmask: ###.###.###.###
default-gateway: ###.###.###.###
ip-assignment: static
ipv6-address: unknown
ipv6-link-local-address: ###.###.###.###
ipv6-default-gateway:
mac-address: 00:86:9c:84:3f:00
time: Fri Dec 21 13:21:24 2018
uptime: 1 days, 8:58:38
family: 800
model: PA-820
serial: ##############
cloud-mode: non-cloud
sw-version: 8.1.5
global-protect-client-package-version: 4.1.2
app-version: 8108-5218
app-release-date:
av-version: 2834-3344
av-release-date:
threat-version: 8108-5218
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 307255-309916
wildfire-release-date:
url-filtering-version: 20181221.20161
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 8.1.8
platform-family: 800
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal

 

2 accepted solutions

Accepted Solutions

if you want get interface counter you need get from "Counter64" (.1.3.6.1.2.1.31.1.1.1.6.x )

 

  you couldn't see value of Counter32 

 

View solution in original post

Yeah, that's it.
I discovered this last week

 

Now I'm using this oids:

 

IF-MIB::ifHCInBroadcastPkts.X - .1.3.6.1.2.1.31.1.1.1.9.X

IF-MIB::ifHCOutBroadcastPkts - .1.3.6.1.2.1.31.1.1.1.13.X

IF-MIB::ifHCInMulticastPkts - .1.3.6.1.2.1.31.1.1.1.8.X

IF-MIB::ifHCOutMulticastPkts - .1.3.6.1.2.1.31.1.1.1.12.X

IF-MIB::ifHCInOctets - .1.3.6.1.2.1.31.1.1.1.6.X

IF-MIB::ifHCOutOctets - .1.3.6.1.2.1.31.1.1.1.10.X

IF-MIB::ifHCInUcastPkts - .1.3.6.1.2.1.31.1.1.1.7.X

IF-MIB::ifHCOutUcastPkts - .1.3.6.1.2.1.31.1.1.1.11.X

 

Thanks to all

View solution in original post

4 REPLIES 4

L0 Member

i have the same iss,can you solve the problem?

L0 Member

Hi

 

Some of my customer had similer issue , part of SNMP cannot get information after upgrading PAN-OS8.1.5.

 

some of SNMP issue seems like fixed in 8.1.6 released today ?

PAN-97672

Fixed an issue where polled SNMP object identifiers (OID) stopped responding

after the firewall was restarted.

if you want get interface counter you need get from "Counter64" (.1.3.6.1.2.1.31.1.1.1.6.x )

 

  you couldn't see value of Counter32 

 

Yeah, that's it.
I discovered this last week

 

Now I'm using this oids:

 

IF-MIB::ifHCInBroadcastPkts.X - .1.3.6.1.2.1.31.1.1.1.9.X

IF-MIB::ifHCOutBroadcastPkts - .1.3.6.1.2.1.31.1.1.1.13.X

IF-MIB::ifHCInMulticastPkts - .1.3.6.1.2.1.31.1.1.1.8.X

IF-MIB::ifHCOutMulticastPkts - .1.3.6.1.2.1.31.1.1.1.12.X

IF-MIB::ifHCInOctets - .1.3.6.1.2.1.31.1.1.1.6.X

IF-MIB::ifHCOutOctets - .1.3.6.1.2.1.31.1.1.1.10.X

IF-MIB::ifHCInUcastPkts - .1.3.6.1.2.1.31.1.1.1.7.X

IF-MIB::ifHCOutUcastPkts - .1.3.6.1.2.1.31.1.1.1.11.X

 

Thanks to all

  • 2 accepted solutions
  • 8184 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!