Exchange Message Tracking Statistics for Zabbix

I surely missing something but somehow I could not find a way to easily retrieve statistics of Sent and Received messages from Exchange 2013 (SP1 with DAG). I first looked into the performance counters but I could not make sense of all of the MSExchangeTransport – or too lazy to research them up.

typeperf -qx | findstr /ic:MSExchangeTransport

And usually if I am tracking some email flooding or prior to investigating the queues, I go use the get-messagetrackinglog. And so I create a short script to gather the list of the last X minutes of messages, count them, make them available and them to zabbix using zabbix_sender.

So it goes like this:


#import snapin
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010

#list of transport servers
$hts = "EchangeTransport1","EchangeTransport2"
#start one Hour ago from now
$start = (get-date).AddMinutes(-30)
$end = (get-date)
#get all logs
$logs = $hts |% {get-messagetrackinglog -start $start -end $end -server $_ -resultsize unlimited}
#clear stats
$stats = ""| select sent,received
#count Deliver and Send
$logs |% {
if ($_.eventid -eq "Deliver"){[int]$stats.received += 1}
if ($_.eventid -eq "Send"){[int]$stats.sent+= 1}
}
#Display results for debug and info, comment or remove if not needed
$stats | ft -auto > LastCount.log
get-date >> LastCount.log

#cannot run the above using zabbix/system account on exchange
#use zabbix_sender
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP  -s $hts -k Stats.RxMessageCount -o $stats.received
C:\zabbix\bin\win64\zabbix_sender.exe -z zabbixIP -s $hts -k Stats.TxMessageCount -o $stats.sent

It is short and easy but that there some things to do in Zabbix and it can store the sent values, as per above Stats.RxMessageCount and Stats.TxMessageCount.

I went into Zabbix>Configuration>Templates to edit the template I had created to keep all of the Exchange things I monitor. Select the item screen and clicked that “Create Item” button.

msg1

Then the most important is the Type which must be Zabbix Trapper, the rest is up to you.I also chosen a “Unit” and created a new application “Exchange 2013 Statistics”.

msg2

Once the item is create, do the same for the other value. Altogether you’ll end up with 2 new items under the template.

Provided this template is assigned to your exchange host you are running the above script from, the values will be fed to Zabbix accordingly.

I actually set up a scheduled task that matches the timing and now I have some trending of the Sent and Received messages as per the Message Tracking Logs – Yeah it includes the HealthMonitor traffic, I know.

Additionally and once you have a baseline, you can also create a trigger based on the value received.

Advertisements

Deploy the SourceFire Cisco FireSight Management Virtual Appliance

As you know, Cisco entered the game of NGFW purchasing SourceFire. Still now, SourceFire is still a not integrated with ASA, which imo represents 2 different products to manage.

Here we will just deploy the FireSight Management Virtual Appliance which is the new name for the Defense Center. This is the configuration/control center for all of our FirePower devices. But first, let’s get it started.

Download the firesight ovf from the cisco web site. (log in required)
The current package is called:  Cisco_Firepower_Management_Center_VMware-6.0.1-1213 – use the DuckDuckGo Power instead of the browsing the Cisco site.

Somehow there are 2 OVFs:
Cisco_Firepower_Management_Center_Virtual_VMware-VI-6.0.1-1213.ovf
Cisco_Firepower_Management_Center_Virtual_VMware-ESXi-6.0.1-1213.ovf

They offer different style of setup. I am just going to pick the VI one as it includes a wizard to configure the network of the VM.

fire1

I find funny that this is a ovf that doesn’t support much vmware stuff. Not to say, it is officially not supported under ESX6!
The guide makes it look like nothing virtual is supported…
Guidelines and Limitations
The following limitations exist when deploying Firepower NGIPSv for VMware:

  • vMotion is not supported.
  • Cloning a virtual machine is not supported.
  • Restoring a virtual machine with snapshot is not supported.
  • Restoring a backup is not supported.

Something else puzzle me, while the memory and cpu are configurable, the disk size is not!
I wonder how we can increase the size for additional logging/retention.

fire2
Nonetheless, install the ovf as usual using the ovf wizard.
The wizard also include so configuration item for name, dns, and network settings…

It boots, and then says it is going to take forever to initialize. The Ui says up to 30 minutes, the manual says up to 40 minutes!

fire3

25 minutes later
WebUI seems started however

fire4

fire5
Once ready, onto some basic configuration:
Verifying network settings, ntp, smtp
Enabling VMware tools

fire6
Rules and Geolocation updates
Do the recurring update imports as well

fire7
Enable auto-backup
And of course register.

fire8
I usually would do the integrations with your ASA/Firepower device so that you can objects to create rules on and so on. Let me know what you want to see.