Cisco ASA 5515 VPN sessions and Usernames

makisang · Post by **makisang** » Fri Aug 30, 2019 5:38 am

Hello,

I want to get the number of VPN sessions on an ASA 5515 and the usernames of the users connected.
Warning will be at if any users are connected. No critical alert needed.

I have created the script below:

Code: Select all

#!/bin/bash

VPN_USERS=$(sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " ")

if [ -z "$VPN_USERS" ]
then
    echo "OK- No VPN users connected."
    exit 0
else
echo "WARNING - Connected VPN users: $VPN_USERS"
exit 1
fi

Running the command on the ASA gives this output:

Code: Select all

ASA# sh vpn-sessiondb svc

Session Type: AnyConnect

Username     : ABCD                   Index        : 123456789
Assigned IP  : xxx.xxx.xxx.xxx         Public IP    : xxx.xxx.xxx.xxx
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Essentials, AnyConnect for Mobile
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)AES256  DTLS-Tunnel: (1)AES128
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA256  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 99999999               Bytes Rx     : 999999999
Group Policy : XXXXXXXXXXXX
Tunnel Group : XXXXXXXXXXXX
Login Time   : 06:39:27 CEDT Fri Aug 30 2019
Duration     : 4h:00m:44s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 00000000019babcdef123456
Security Grp : XXXXXXXXXXXX

Username     : WXYZ                   Index        : 123456
Assigned IP  : xxx.xxx.xxx.xxx         Public IP    : xxx.xxx.xxx.xxx
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Essentials
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)AES256  DTLS-Tunnel: (1)AES128
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA256  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 999999999               Bytes Rx     : 999999999
Group Policy : XXXXXXXXXXXX
Tunnel Group : XXXXXXXXXXXX
Login Time   : 08:11:47 CEDT Fri Aug 30 2019
Duration     : 1h:42m:24s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 000000000de7abcdef123456
Security Grp : none

When I run the script from terminal I get this output:

Code: Select all

[root@abdcfeg libexec]# ./check_asa_vpn.sh
Connection to xxx.xxx.xxx.xxx closed by remote host.
WARNING - Connected VPN users: ABCD
WXYZ

On Nagios though I get this

Running nagios core on centos.

Any tips?

scottwilkerson · Post by **scottwilkerson** » Fri Aug 30, 2019 8:39 am

I'm not really familiar with this but what do you get when you run this from the Nagios server? To me it seems like there is an extra $ in there

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " "

makisang · Post by **makisang** » Fri Aug 30, 2019 8:57 am

scottwilkerson wrote:I'm not really familiar with this but what do you get when you run this from the Nagios server? To me it seems like there is an extra $ in there
Code: Select all
sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " "

Hi Scott,

When I run the command from terminal I just get the username of the connected users.

Code: Select all

[root@abdcfeg libexec]# sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " "
ABCD
[root@abdcfeg libexec]#

scottwilkerson · Post by **scottwilkerson** » Fri Aug 30, 2019 9:05 am

Hmm, how about if you change to the nagios user and run the script

Code: Select all

su nagios
./check_asa_vpn.sh

makisang · Post by **makisang** » Fri Aug 30, 2019 10:33 am

Hmmmm. I get "OK- No VPN users connected."

scottwilkerson · Post by **scottwilkerson** » Fri Aug 30, 2019 11:16 am

makisang wrote:Hmmmm. I get "OK- No VPN users connected."

I'd take it one step further and run the following as the nagios user

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n'

makisang · Post by **makisang** » Fri Aug 30, 2019 11:40 am

Hi Scott.

I get no output when I run

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n'

scottwilkerson · Post by **scottwilkerson** » Fri Aug 30, 2019 12:13 pm

makisang wrote:Hi Scott.

I get no output when I run
Code: Select all
sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n'

Well there's your problem, so your plugin is working as expected, you just aren't getting output from the command.

I guess the next step would be to figure out why it isn't returning anything when running as the nagios user vs. the root user

makisang · Post by **makisang** » Mon Sep 02, 2019 1:51 am

So now the scripts runs and gives the same output from command line for both root and nagios users.

Code: Select all

[root@xxxxxx etc]# /usr/local/nagios/libexec/check_asa_vpn.sh
WARNING - Connected VPN users: xxxx
[root@xxxxxx etc]# su nagios
[nagios@xxxxxx etc]$ /usr/local/nagios/libexec/check_asa_vpn.sh
WARNING - Connected VPN users: xxxxx

But on WebUI i still get

scottwilkerson · Post by **scottwilkerson** » Tue Sep 03, 2019 10:36 am

What changes did you make to make it work from the CLI?

If it involved setting something on an environment variable you will likely need to pass that in the command.

Nagios Support Forum

Cisco ASA 5515 VPN sessions and Usernames

Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames

Re: Cisco ASA 5515 VPN sessions and Usernames