What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Count local locked out VPN accounts on a Cisco ASA 9.x

Votes:

2

As a admin of a firewall with vpn solution its nice to have a sensor that shows a counter for local locked out vpn accounts. I use plink inside of a batch file

@echo off
REM configure "Credentials for Linux/solaris/MAC OS (ssh/webm) Systems" for the device you want to watch
REM create a PRTG "EXE/Script Sensor" under the device you want to monitor
REM for Sensor Name select this script, the script you have to store in the PRTG installation folder, default is C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE\Cisco-locked-accounts_exe_1.bat
REM Sensor Parameters: %host %linuxuser %linuxpassword
REM please keep in mind the filter (for /F "delims=" %%i in ('findstr "..:..:.." %output% ^| find ":" /c') do set value=%%i) has to be changed when remote-command changes

REM assign prtg parameters (%host %linuxuser %linuxpassword) to variables
set host=%1
set user=%2
set pw=%3

REM output folder c:\temp you have to create manualy
set output="c:\temp\cisco-locked-accounts_exe_output_1.txt"

REM change path to plink
set pl="C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\PuTTY\plink.exe"

REM variable for the command file that plink wil execute on the cisco
set remote-command-file="c:\temp\cisco-locked-accounts_exe_1.txt"

REM command that will send back info that you want to monitor
set remote-command=show aaa local user

REM create command file that plink will execute on the cisco
echo login>>%remote-command-file%
echo %user%>>%remote-command-file%
echo %pw%>>%remote-command-file%
echo %remote-command%>>%remote-command-file%
echo logout>>%remote-command-file%
echo exit>>%remote-command-file%

REM if exists %output% del /F /Q %output% >nul 2>&1

REM plink execution
%pl% -ssh -batch -pw %pw% %user%@%host% -m %remote-command-file% > %output%

REM filter and count output
for /F "delims=" %%i in ('findstr "..:..:.." %output% ^| find ":" /c') do set value=%%i

REM output that prtg receives
if "%value%" equ "0" (echo %value%:OK)
if "%value%" gtr "0" (echo %value%:notOK)

REM delete temporary created files
del %remote-command-file%
del %output%

you can modify this solution to get other values from a cisco asa also but keep in mind you can see credentials in the command file what will be executed on the cisco device, so please use a cisco account with only required permissions to get the values you want, do not use a admin account. http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_management.html#wp1042033

batch-script-with-plink cisco-asa locked-vpn-accounts

Created on Sep 2, 2015 11:19:45 AM

Last change on Sep 2, 2015 11:42:12 AM by Torsten Lindner [Paessler Support]



1 Reply

Votes:

0

Nice, thanks for sharing! :) I'm sure plenty of other users will find this helpful :)

Created on Sep 7, 2015 6:31:07 AM by Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.