Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Cisco ASA 5515 VPN sessions and Usernames

https://support.nagios.com/forum/viewtopic.php?t=55370

Page 1 of 1

Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 5:38 am
by makisang
Hello,

I want to get the number of VPN sessions on an ASA 5515 and the usernames of the users connected.
Warning will be at if any users are connected. No critical alert needed.

I have created the script below:

Code: Select all

#!/bin/bash

VPN_USERS=$(sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " ")

if [ -z "$VPN_USERS" ]
then
    echo "OK- No VPN users connected."
    exit 0
else
echo "WARNING - Connected VPN users: $VPN_USERS"
exit 1
fi
Running the command on the ASA gives this output:

Code: Select all

ASA# sh vpn-sessiondb svc

Session Type: AnyConnect

Username     : ABCD                   Index        : 123456789
Assigned IP  : xxx.xxx.xxx.xxx         Public IP    : xxx.xxx.xxx.xxx
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Essentials, AnyConnect for Mobile
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)AES256  DTLS-Tunnel: (1)AES128
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA256  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 99999999               Bytes Rx     : 999999999
Group Policy : XXXXXXXXXXXX
Tunnel Group : XXXXXXXXXXXX
Login Time   : 06:39:27 CEDT Fri Aug 30 2019
Duration     : 4h:00m:44s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 00000000019babcdef123456
Security Grp : XXXXXXXXXXXX

Username     : WXYZ                   Index        : 123456
Assigned IP  : xxx.xxx.xxx.xxx         Public IP    : xxx.xxx.xxx.xxx
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Essentials
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)AES256  DTLS-Tunnel: (1)AES128
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA256  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 999999999               Bytes Rx     : 999999999
Group Policy : XXXXXXXXXXXX
Tunnel Group : XXXXXXXXXXXX
Login Time   : 08:11:47 CEDT Fri Aug 30 2019
Duration     : 1h:42m:24s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 000000000de7abcdef123456
Security Grp : none
When I run the script from terminal I get this output:

Code: Select all

[root@abdcfeg libexec]# ./check_asa_vpn.sh
Connection to xxx.xxx.xxx.xxx closed by remote host.
WARNING - Connected VPN users: ABCD
WXYZ
On Nagios though I get this Image

Running nagios core on centos.

Any tips?

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 8:39 am
by scottwilkerson
I'm not really familiar with this but what do you get when you run this from the Nagios server? To me it seems like there is an extra $ in there

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " "

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 8:57 am
by makisang
scottwilkerson wrote:I'm not really familiar with this but what do you get when you run this from the Nagios server? To me it seems like there is an extra $ in there

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " "
Hi Scott,

When I run the command from terminal I just get the username of the connected users.

Code: Select all

[root@abdcfeg libexec]# sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n' | grep "Username     : " | awk {'print $3'} | tr "\\\ " " "
ABCD
[root@abdcfeg libexec]#

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 9:05 am
by scottwilkerson
Hmm, how about if you change to the nagios user and run the script

Code: Select all

su nagios
./check_asa_vpn.sh

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 10:33 am
by makisang
Hmmmm. I get "OK- No VPN users connected."

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 11:16 am
by scottwilkerson
makisang wrote:Hmmmm. I get "OK- No VPN users connected."
I'd take it one step further and run the following as the nagios user

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n'

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 11:40 am
by makisang
Hi Scott.

I get no output when I run

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n'

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Fri Aug 30, 2019 12:13 pm
by scottwilkerson
makisang wrote:Hi Scott.

I get no output when I run

Code: Select all

sshpass -p 'xxx' ssh [email protected] $'sh vpn-sessiondb svc\n exit\n'
Well there's your problem, so your plugin is working as expected, you just aren't getting output from the command.

I guess the next step would be to figure out why it isn't returning anything when running as the nagios user vs. the root user

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Mon Sep 02, 2019 1:51 am
by makisang
So now the scripts runs and gives the same output from command line for both root and nagios users.

Code: Select all

[root@xxxxxx etc]# /usr/local/nagios/libexec/check_asa_vpn.sh
WARNING - Connected VPN users: xxxx
[root@xxxxxx etc]# su nagios
[nagios@xxxxxx etc]$ /usr/local/nagios/libexec/check_asa_vpn.sh
WARNING - Connected VPN users: xxxxx
But on WebUI i still get Image

Re: Cisco ASA 5515 VPN sessions and Usernames

Posted: Tue Sep 03, 2019 10:36 am
by scottwilkerson
What changes did you make to make it work from the CLI?

If it involved setting something on an environment variable you will likely need to pass that in the command.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited