pperreault

Members
  • Content Count

    21
  • Joined

  • Last visited

  • Days Won

    4

Posts posted by pperreault


  1. Just created a ds to count SonicWall SSL VPN sessions. Locator FMN27M. Would love some feedback and code improvements as this is my first groovy script.

    • Not a fan of just dropping the exit code as I have. There must be a better way to implement validations/error checking and output appropriate exit codes
    • Would like to see other methods for counting the users. Maybe matching on the string "User Name" and counting the lines that follow?
    • Could see this growing to include user session length
    • Would be nice to only apply the ds to a resource if ssl vpn server was running

    For ease here is sample output from the firewall and the script.

    =======================
    Active SSLVPN Sessions:
    =======================
    
    User Name     Client Virtual IP  Client WAN IP   Login Time    Inactivity Time  Logged In            
    user1          10.10.10.10         6.6.6.6  1799 Minutes  0 Minutes        01/23/2020 09:29:52  
    user2      	   10.10.10.11         5.5.5.5   460 Minutes   0 Minutes        01/24/2020 07:49:31  
    user3  	       10.10.10.12         4.4.4.4   368 Minutes   0 Minutes        01/24/2020 09:22:08  
    user4          10.10.10.13         3.3.3.3   224 Minutes   0 Minutes        01/24/2020 11:45:54  
    user5          10.10.10.14         2.2.2.2   170 Minutes   0 Minutes        01/24/2020 12:39:37  
    user6          10.10.10.15         1.1.1.1   13 Minutes    0 Minutes        01/24/2020 15:15:49 

     

    import com.santaba.agent.groovyapi.expect.Expect;
    
    hostname = hostProps.get("system.hostname");
    userid = hostProps.get("ssh.user");
    passwd = hostProps.get("ssh.pass");
    
    // initialize a variable to contain the actual host prompt
    def actualPrompt = "";
    def sslvpn_user_count = 0;
    
    // open an ssh connection and wait for the prompt
    ssh_connection = Expect.open(hostname, userid, passwd);
    ssh_connection.expect(">");
    
    // capture full prompt e.g. user@host
    ssh_connection.before().eachLine
    { line ->
    	actualPrompt = line;
    }
    
    // display the ssl vpn sessions
    ssh_connection.send("show ssl-vpn sessions \n");
    ssh_connection.expect(actualPrompt + ">");
    
    cmd_output = ssh_connection.before();
    
    // read thru multiline output
    // rows with 9 columns are user sessions
    // increment to total user sessions
    cmd_output.eachLine
    { line ->
    
    	row_length = line.split(/\s+/);
    	if ( row_length.size() == 9 )
    	{
    		sslvpn_user_count++
    	}
    }
    
    ssh_connection.send("exit");
    
    println(sslvpn_user_count);
    return 0;

     


  2. @Antony Hawkins Thanks for the follow up. I've played with this configsource over the last few days and have some thoughts. The property names for the API key and id have changed but that is easy enough to update in the configsource script. What is limiting the value of this configsource is that IOS provides different output from show run and show start. Show starting-config includes certificate chains while show running-config does not. This of course results in a diff trigger.

    IOS does have a show runing-config brief option that excludes certificate data. However that would obviously require a change to the IOS configsource pulling the configurations. If possible there would be value in excluding the certificate data from the diff in this configsource. 


  3. Thanks for this, this is great.

    I am only interested in the ip and org info so in the interest of de-cluttering the property source info I reduced the script output to just that. Stack Exchange (since I'm not a groovy guy) pointed me to this solution.
     

    //comment out orig map iteration
    //arrayInfo_map.each{ key, value -> println "$key=$value"};
    
    def ip_addr = arrayInfo_map.find{ it.key == "ip" }?.value;
    if(ip_addr)
        println "ip = ${ip_addr}";
    
    def carrier = arrayInfo_map.find{ it.key == "org" }?.value;
    if(carrier)
        println "org = ${carrier}";

    I wouldn't be surprised if improvement on this is possible.

    Thanks again.


  4. One of our collectors is experiencing what seems to be connectivity issues. Common symptoms are it loses communication with the LM cloud, remote sessions to it or monitored devices fail to complete. I also notice that the collector heartbeat fail datapoint is increasing with time. I've seen it's value over 6000. Support hasn't been able to tell me what this value actual is other than providing developer notes, which are unfortunately unhelpful.  Can anyone provide some insight to what this failure count is actually counting? Has anyone seen and resolved this symptom?

    We are planning on rebuilding the host server and recreating the collector.


  5. We manage multiple Meraki organizations and have been limited by the one collector per organization rule. Monitoring a Meraki organization via the Meraki cloud requires snmp.meraki.com be used as the IP Address/DNS name with the organizations unique snmp settings. A collector requires unique IPaddress/DNS name for each Logicmonitor device which prevents multiple organizations from being monitored by the same collector.

    To circumvent the one controller per organization limitation we've created internal DNS c-name records which point to snmp.meraki.com and use those as the IP Address/DNS name entry for different client organizations. We are currently running this as a test and haven't experienced any issues to date.

    I'd like to know if anyone else has experience with this (or any other) workaround, if so if any issues were experienced or if anyone can identify potential problems.

    Thanks


  6. Has using an empty value for the depends_on property been tested to have negative results? My testing shows no ill effect. Adding this property at the group level obviously speeds deployment. However if the primary device is within the group I don't want to make it dependent on itself. Adding the depends_on property to the primary device with an empty value seems to resolve this.


  7. We are an MSP migrating an existing client base to LM for network and voice infrastructure health monitoring. For ease of deployment, when we do not manage their server infrastructure, we are thinking of providing clients with an ova to deploy within their network. Once the VM is deployed the collector will be installed. Any words of wisdom or lessons learned from your experiences doing something similar would be appreciated.

    • Upvote 1

  8. This is fairly standard functionality in a monitoring tool. Many WAN circuits will be delivered at a rate limited speed. As an example, a carrier circuit may be clocked at 100Mbps or 1Gbps while the service speed is limited to 10Mbps, 20Mbps or 50Mbps. Utilization reporting, alerting and forecasting should be tied to this service speed, not the interface clock rate.


  9. Is there an update on this feature request? To reiterate the request, it is important to be able to specify a service speed which can be different than a physical interface speed. The physical interface speed being what is learned from the SNMP poll. Then of course, we need to be able to graph, trigger alerts, etc based on this service speed. If you want to be complete, you'll include both an In service speed and an Out service speed as these are sometimes different.