[Question] Transforming/filtering interface names - removing quotes

[steffenschumacher]

We have Cisco ASA firewalls which have interface names which contain single quotes, which later on messes up queries in Grafana. I Cannot figure out how to get rid of these:

1. Since this is the indexOID for the IF-MIB, creating custom metrics won't work, as a 'native' OID is required?
2. Filtering isn't applicable either, since this is only for suppressing samples entirely? Ideally I'd even like to remove everything surrounding the interface name so we could transform: Adaptive Security Appliance 'management' interface to simply: management

Sample data: snmpwalk -v2c -c vestasnet 10.x.x.x .1.3.6.1.2.1.2.2.1.2 IF-MIB::ifDescr.4 = STRING: Adaptive Security Appliance 'management' interface IF-MIB::ifDescr.5 = STRING: Adaptive Security Appliance 'OOB-management' interface IF-MIB::ifDescr.6 = STRING: Adaptive Security Appliance 'GigabitEthernet0/0' interface IF-MIB::ifDescr.7 = STRING: Adaptive Security Appliance 'GigabitEthernet0/1' interface IF-MIB::ifDescr.8 = STRING: Adaptive Security Appliance 'GigabitEthernet0/2' interface IF-MIB::ifDescr.9 = STRING: Adaptive Security Appliance 'GigabitEthernet0/3' interface IF-MIB::ifDescr.10 = STRING: Adaptive Security Appliance 'GigabitEthernet0/4' interface IF-MIB::ifDescr.11 = STRING: Adaptive Security Appliance 'GigabitEthernet0/5' interface IF-MIB::ifDescr.12 = STRING: Adaptive Security Appliance 'GigabitEthernet0/6' interface IF-MIB::ifDescr.13 = STRING: Adaptive Security Appliance 'GigabitEthernet0/7' interface IF-MIB::ifDescr.14 = STRING: Adaptive Security Appliance 'TenGigabitEthernet0/8' interface IF-MIB::ifDescr.15 = STRING: Adaptive Security Appliance 'TenGigabitEthernet0/9' interface IF-MIB::ifDescr.25 = STRING: Adaptive Security Appliance 'inside' interface

• What SnmpCollector version are you using? = 0.10.0 // commit 61eac23
• What OS are you running snmpcollector on? = your docker image on top of RHEL 7
• What did you do? = start polling Cisco ASA devices
• What was the expected result? = I'd hope it'd somehow be possible to remove single quotes from interface names before sending them to Grafana

[sbengo]

Hi @steffenschumacher , apologies for the late answer!

First of all, I'm not sure where do you have your issue on Grafana, but if you are using it as a variable you can use formatting on variables: https://grafana.com/docs/grafana/latest/variables/advanced-variable-format-options/ , I think that the regex one will fit your usecase

On SNMPCollector, you have the following options:

a) Assuming that ifDescr is your IndexOID on your IF-MIB indexed measurement, the field IndexTagFormat allows you to define a custom tag value based on IDX{1,2} and VAL{1,2} pair on each table result.

In your example, the following IndexTagFormat using this regex would retrieve only the name of the interface Note: if some of the retrieved values doesn't match, the output will be \1 and will create non-unique series. This behaviour will require you to create a Measurement only for your ASA devices, otherwise you should create a quite complicated regex in order to fit all your cases and ensure that the series will be unique

${VAR|SELECTOR|TRANSFORMATOR}
---
${VAL1|REGEX/.*'(.*)'.*/\1/|STRING}

Adaptive Security Appliance 'management' interface --> management
Adaptive Security Appliance 'OOB-management' interface --> OOB-management
Adaptive Security Appliance 'GigabitEthernet0/0' interface --> GigabitEthernet0/0
Adaptive Security Appliance 'GigabitEthernet0/1' interface --> GigabitEthernet0/1
Adaptive Security Appliance 'GigabitEthernet0/2' interface --> GigabitEthernet0/2
Adaptive Security Appliance 'GigabitEthernet0/3' interface --> GigabitEthernet0/3
Adaptive Security Appliance 'GigabitEthernet0/4' interface --> GigabitEthernet0/4
Adaptive Security Appliance 'GigabitEthernet0/5' interface --> GigabitEthernet0/5
Adaptive Security Appliance 'GigabitEthernet0/6' interface --> GigabitEthernet0/6
Adaptive Security Appliance 'GigabitEthernet0/7' interface --> GigabitEthernet0/7
Adaptive Security Appliance 'TenGigabitEthernet0/8' interface --> TenGigabitEthernet0/8
Adaptive Security Appliance 'TenGigabitEthernet0/9' interface --> TenGigabitEthernet0/9
Adaptive Security Appliance 'inside' interface --> inside

b) The IF-MIB is quite generic and will apply on all your metrics, you can use another IndexOID (i.e: ifName) and define ifDescr as a SNMPMetric with DataSrcType: MULTISTRINGPARSER with the regex on there

[steffenschumacher]

Hi, Yeah, so the Grafana regex option is being used, but it doesn't seem to escape single-quotes: "ifDescr" =~ /^${interface:regex}$ -> "ifDescr" =~ /^Adaptive Security Appliance 'Ethernet0\/1' interface$/

I'll need to check out either Opt a/b when I get some time to poke around - I'll see if I can make time on Monday..

[steffenschumacher]

I was able to fix this, using a tolerable regex, which doesn't appear to break other things: ${VAL1|REGEX/([^']')?([^']+)('.)?/\2/|STRING}

[sbengo]

Great @steffenschumacher , Im glad you were able to fix it!

Feel free to re-pone if you have some other question!

Best regards