Check ASA VPN Sessions per Customer

Checkmk Exchange
1

Hi there,

our customers want to know, how many active vpn sessions are open on our cisco ASA devices.

It´s no problem to read out the value for all vpn sessions on the device, i´ve done this by changing the OIT in snmp_info of the cisco_asa_webvpnsessions check (cisco_asa_sessions extension)

from .1.3.6.1.4.1.9.9.392.1.3", [38] to .1.3.6.1.4.1.9.9.392.1.3", [3].

This OID returns the sum as int.

now, to seperate the sessions per customer, i have to count all values which i get from

snmpwalk [DEVICE] 1.3.6.1.4.1.9.9.392.1.3.21.1.2

the output looks like

.1.3.6.1.4.1.9.9.392.1.3.21.1.2.8.72.66.48.48.48.50.56.57.109600769 = STRING: “customer1”
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.8.72.66.48.48.48.50.56.57.109600770 = STRING: “customer1”
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.8.73.90.48.48.48.51.55.54.28971009 = STRING: “customer2”
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.8.73.90.48.48.48.51.55.54.28971014 = STRING: “customer3”
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.8.82.72.48.48.56.51.57.57.97034241 = STRING: “customer4”
.1.3.6.1.4.1.9.9.392.1.3.21.1.2.8.82.72.48.48.56.51.57.57.97034242 = STRING: “customer1”

and so one…

i think i have to count the diffent strings via parse function? and give back the different values like

yield {“active_sessions customer1”: int(sessions[‘customer1’])}
yield {“active_sessions customer2”: int(sessions[‘customer2’])}
yield {“active_sessions customer3”: int(sessions[‘customer3’])}

but i have no idea how to come to this point.

Any ideas, experiences ect. about such kind of check?

regards

Sascha

2

What you can do inside your parse function is to build a dictionary with the customer names as keys.
Now you have to add every VPN session found for this customer to a list of sessions inside the dictionary.

parsed = {}
parsed['customer1'] = []

add data here :slight_smile:

return parsed

now build your session data and append the entry to the empty list
To discover your items it is possible to use the discover() function as you have a dictionary with keys that can be used as items.

The easiest check later is then only count the length of your list to have the amount of active sessions for this customer. But you can also make more like traffic calculation and so on. If the data is stored in the list :slight_smile:

3

You might want to try this?

BR