Datasource to monitor active SSL Cisco AnyConnect sessions on a Cisco ASA LM Exchange Locator: RWLRW2

On 3/17/2020 at 4:20 PM, Stuart Weenig said: Check now. It should be good to go. Thanks for getting this pushed through, with all that's going on at the moment it saved a little time in putting something like this together. & Thanks to @Sawer.lef for publishing in the first place

As an FYI - I have added the following OID to the datasource I have downloaded so that we can see the Maximum Session count (Raw Data) - this may be of use to others as well. alSslStatsMaxSessions - 1.3.6.1.4.1.3076.2.1.2.26.1.3.0 Description - "The maximum number current of active sessions at any one time."

Unable to download, states it is "LogicModule is Private, Cannot Read" - is this because LM are vetting it?

This is due to the new changes that are soon to be released regarding the exchange. All non-LM (i.e. non-core) datasources in the exchange are marked as private. Once the exchange features are released, the module owner will be able to flip the switch to make it public. If the original poster wants, he can publish the XML or the scripts themselves to github, pastebin, etc. and link from here to there. How urgently did you want to look at it @Nick?

@Stuart Weenig it would be good to have this anyconnect sessions module asap, my company use the cisco anyconnect for vpn and due to corvid19 have just been told to all work from home so this would be useful to track VPN connection usage etc thanks

CiscoAnyConnect Active Sessions | LogicMonitor

Nick
5 years ago

On 3/17/2020 at 4:20 PM, Stuart Weenig said:

Check now. It should be good to go.

Thanks for getting this pushed through, with all that's going on at the moment it saved a little time in putting something like this together.

& Thanks to @Sawer.lef for publishing in the first place
Nick
5 years ago
As an FYI -

I have added the following OID to the datasource I have downloaded so that we can see the Maximum Session count (Raw Data) - this may be of use to others as well.

alSslStatsMaxSessions - 1.3.6.1.4.1.3076.2.1.2.26.1.3.0
Description - "The maximum number current of active sessions at any one time."
Nick
5 years ago
Unable to download, states it is "LogicModule is Private, Cannot Read" - is this because LM are vetting it?
Anonymous
5 years ago
This is due to the new changes that are soon to be released regarding the exchange. All non-LM (i.e. non-core) datasources in the exchange are marked as private. Once the exchange features are released, the module owner will be able to flip the switch to make it public.

If the original poster wants, he can publish the XML or the scripts themselves to github, pastebin, etc. and link from here to there.

How urgently did you want to look at it @Nick?
Nick
5 years ago
@Stuart Weenig it would be good to have this anyconnect sessions module asap, my company use the cisco anyconnect for vpn and due to corvid19 have just been told to all work from home so this would be useful to track VPN connection usage etc

thanks
Anonymous
5 years ago
On it. Stay tuned.
Anonymous
5 years ago
Check now. It should be good to go.
sawyer_lef
5 years ago
Thanks @Stuart Weenig I didnt see this until today. Do I still need to put the XML for anyone else? When will the new features roll out?
Anonymous
5 years ago
I don't see the need to post the XML unless you really want to. Anyone who wants it can get it from the exchange.

As far as when it will come out: sooner than soon but later than now?
Matt_M_
5 years ago
I have been seeing session numbers much higher than I would expect. When I looked closer the numbers are not matching the output from manually checking using the CLI. This is across a few dozen devices with different setups. I think the OID may be different I found the following ones that I am testing. I will post back if I get better results:

crasSVCNumSessions 1.3.6.1.4.1.9.9.392.1.3.35.0

crasWebvpnNumSessions 1.3.6.1.4.1.9.9.392.1.3.38.0

The OID being used I think may be used for total SSL sessions and not specifically anyconnect users? Not sure, just a thought.

Forum Discussion

CiscoAnyConnect Active Sessions

Related Content

LogicMonitor session timeouts

Remote Session: Reconnect button broken

DataSource PowerShell Active Discovery and Collector scripts

Tech Enablement session for API v3

Palo Alto GlobalProtect Gateway Active Sessions

Recent Discussions

LM Logs ingestion alerting

Datapoints configuration Discussion

Freqency of Alerts

SQL CERTIFICATE MONITORING

CERTIFICATES - GET ALL CERTIFICATES FROM SERVER