Skip to main content
Dex
Dex
New Member
January 4, 2010
Question

Time interval for SNMP ifInOctets and ifOutOctets

  • January 4, 2010
  • 4 replies
  • 7088 views
Hi all, I am collecting every 2 min from my Fortigate the values from SNMP ifInOctets (1.3.6.1.2.1.2.2.1.10) and ifOutOctets (1.3.6.1.2.1.2.2.1.16). In the RFC1213-MIB it describes the values as octets received and sent on the interface, but not under which time interval. Under what time interval is the amount of octets counted? I am trying to get the in and out network usage on that interface (Mbit/s). Is there an OID I can use on the Fortigate to collect statistics on the different services used in the firewall (TCP, UDP …)?

    4 replies

    abelio
    SuperUser
    abelio
    SuperUser
    January 4, 2010
    Hi and welcome,
    I am collecting every 2 min from my Fortigate the values from SNMP ifInOctets (1.3.6.1.2.1.2.2.1.10) and ifOutOctets (1.3.6.1.2.1.2.2.1.16). In the RFC1213-MIB it describes the values as octets received and sent on the interface, but not under which time interval. Under what time interval is the amount of octets counted? I am trying to get the in and out network usage on that interface (Mbit/s).
    i' m not sure if i understand your post; but when you get some value and normalize it with the time unit, you define the sample rate meaningful for you. for netowrk interfaces, tipically 5 min, hour, day, week, month, year are useful values.
    Is there an OID I can use on the Fortigate to collect statistics on the different services used in the firewall (TCP, UDP …)?
    yes; with each fortiOS firmware release, in the same directory you can get the Fortinet.MIB file with all available OID. Look into FTP support.fortinet.com site. regards,
    Dex
    DexAuthor
    New Member
    January 5, 2010
    Tanks for answering! Maybe I am thinking wrong. What I mean is, if I collect the value of ifInOctets and get 1 000 000. Does it mean the Fortigate has received 1 000 000 octets the last second or has it received 1 000 000 octets since my last retrieval of that value? If I don´t know if the value I am collecting is in seconds, minutes, days etc I have trouble determining the bandwidth used on that interface. Regards, Dex
    abelio
    SuperUser
    abelio
    SuperUser
    January 5, 2010
    What I mean is, if I collect the value of ifInOctets and get 1 000 000. Does it mean the Fortigate has received 1 000 000 octets the last second or has it received 1 000 000 octets since my last retrieval of that value? If I don´t know if the value I am collecting is in seconds, minutes, days etc I have trouble determining the bandwidth used on that interface.
    You' re collecting 1000000 octets merely; only when you decide the time unit to average your octet number, you can talk about bandwith usage in the unit of time. You could use this article http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=10826&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=1991003&stateId=0 as an usable example.
    Dex
    DexAuthor
    New Member
    January 7, 2010
    Thanks your answer helped me solve my problems! But I have one more question maybe you can help me with. Could you perhaps clearify Fortigates SNMP " fnHaStatsNetUsage" ? What exactly is included...? Regards Dex
    abelio
    SuperUser
    abelio
    SuperUser
    January 7, 2010
    from FORTIGATE-MIB.mib 
      fgHaStatsNetUsage OBJECT-TYPE      SYNTAX      Gauge32      MAX-ACCESS  read-only      STATUS      current      DESCRIPTION           " Network bandwidth usage of specified cluster member (kbps)"        ::= { fgHaStatsEntry 5 }
    Dex
    DexAuthor
    New Member
    January 8, 2010
    Thanks Abel! The values of “ifInOctets” and “ifOutOctets” that I am collecting every 120 seconds seem a little bit low or maybe I am counting wrong. One of the values for “ifOutOctets” on the WAN port that I collected is 77 000 000 octets (the difference between the first and second value. I want to convert it to Mbit/s to easier compare with the capacity of the Internet connection we have. This is how I converted it. 77 000 000 octet x 8 = 616 000 000 bit 616 000 000 bit / 1000 = 616 000 kbit 616 000 kbit / 1000 = 616 Mbit 616 Mbit / 120s = 5,13 Mbit/s If this is correct and the value is taken from the WAN port should then all the outbound traffic be included? I was expecting a number 5-6 times higher. Regards Dex
    Terms & ConditionsAccessibility statement