Hi all,
Is there a way to collect information about Cisco ASA Anyconnect users? I know there’s a graph that shows VPN user count.
But our management want to see user login/logout time. Of course it is related to COVID-19.
I think it could be interesting for other LibreNMS users too.
Thanks
My first try would be to send syslog from cisco asa to librenms and see if the ASA sends a logline everytime users login/logout.
Then create a syslog based rule with no recovery notification that checks for login and another one that checks for logout.
What do you think?
Right now I’m doing exactly the same thing you mentioned. Except that I export the syslogs from Graylog in CSV format. Later on I’m doing some formatting (calculating duration, etc) and converting into Excel.
But our management want to have daily report and this method is a bit complicated.
I thought it would be sophisticated if this information could be collected by SNMP and stored in DB.
I dont think you could get that info directly from SNMP, but who knows? Did you snmpwalk the device to check it?
No, I didn’t walk the device but there is a MIB for it:
CISCO-REMOTE-ACCESS-MONITOR-MIB
From this MIB these could be interesting:
crasUsername
crasSessionDuration
crasISPAddress
crasLocalAddress
etc,
I think it should contain the information like “show vpn-sessiondb” command.