What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

ASA VPN Users by group

Votes:

0

On our ASA, we have different groups for ASA users. In PRTG we are currently monitoring the total number of VPN users. Now I would like to see the number of users four each group, is this possible within PRTG?

At the moment I have written a simple bash script for this, is it possible to do some kind of grep on a custom mib within PRTG?

user@server:~/scripts$ cat asascript.sh
	#!/bin/bash
		community=communitystring
	while IFS='' read -r line || [[ -n "$line" ]]; do
	GROUP1=$(snmpwalk -v 2c -c $community -O v -L n $line 1.3.6.1.4.1.9.9.392.1.3.21.1.2 | sed 's/^.*://g' | sed 's/"//g' | grep -oc 'GROUP1')
	GROUP2=$(snmpwalk -v 2c -c $community -O v -L n $line 1.3.6.1.4.1.9.9.392.1.3.21.1.2 | sed 's/^.*://g' | sed 's/"//g' | grep -oc 'GROUP2')
	echo "IP is" $line
	echo "users group1 is" $GROUP1
	echo "users group2 is" $GROUP2
	done < "$1"
	user@server:~/scripts$

At this moment i use the MIB, 1.3.6.1.4.1.9.9.392.1.3.21.1.2 and then i grep the groupname.

1.3.6.1.4.1.9.9.392.1.3.21.1.2 is the mib for: The name of the user group to which this remote access session belongs.

Do you have suggestions, or an idea how I can best solve this? Thanks in advance.

asa group prtg users

Created on Aug 13, 2018 9:48:15 AM

Last change on Aug 13, 2018 10:01:02 AM by Luciano Lingnau [Paessler]



2 Replies

Votes:

2

Hi,

The default PRTG sensor SNMP Cisco ASA VPN Connections is only giving you how many groups are active and how many users in total are connected.

What you want is a split up users per group active.

Looking at the SNMP data against an ASA I see that this might be challenging - I did not read in to the SNMP documentation from Cisco for this - but what I got back so far looks a lot like you might need a custom script executing the SNMP query and summarizing the multiple lines that you get back from a SNMP walk rather then a single value from 1.3.6.1.4.1.9.9.392.1.3.21.1.2 cause it does not seem to work this way - I actually even see IPs in those results as part of the SNMP OID.

There might be a parallel OID that would list you some information - but that's something to read up in the Cisco documentation.

Since you already have some kind of a script, possibly a PowerShell script using an SNMP library (found this in a very brief search: https://www.powershellgallery.com/packages/SNMP/1.0.0.1) etc...

You then count the sub-keys similar to the script you posted and respond it to PRTG as XML data. Keep in mind that there is a channel maximum of I think 10 (if I am not mistaken) that could limit you.

Hope this helps, regards

Florian Rossmark

www.it-admins.com

Created on Aug 13, 2018 2:58:46 PM



Votes:

0

Thanks for chiming in, Florian! Always a pleasure to see active community members helping each other :)

Kind regards,
Stephan Linke, Tech Support Team

Created on Aug 13, 2018 6:57:33 PM by Stephan Linke [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.