Date Tags tech

I've just chucked the following onto GitHub should anyone want it. It's a little script that will get you the names of connected users on a Cisco ASA vpn via SNMP.

usage: asausers.py [-h] -f FIREWALL [-i IGNORE] -c COMMUNITY_STRING
                   [-o OUTPUT]

Get connected users from ASA via SNMP

optional arguments:
  -h, --help            show this help message and exit
  -f FIREWALL, --firewall FIREWALL
                        Address of the Cisco ASA
  -i IGNORE, --ignore IGNORE
                        Comma separated list of IP addresses to ignore
  -c COMMUNITY_STRING, --community_string COMMUNITY_STRING
                        SNMP community string
  -o OUTPUT, --output OUTPUT
                        Output type, option are json and text. Defaults to json'

This might sound like something that should be straightforward but as it turned out it wasn't so that's why I've put it on Github in case anyone else comes up against this issue.

To cut a long story short, to find out who is connected to a Cisco ASA vpn programmatically, you either need to ssh on to the device (which has a broken ssh implementation making using higher-level languages a pain) and do string manipulation to parse the output of a command. Or you can use SNMP.

The only problem with using SNMP is that the official "CISCO-REMOTE-ACCESS-MONITOR-MIB" is full of lies. It says there should be an OID for "crasUsername" but there isn't. There is another solution though, which is detailed here. It basically involves using a different OID and decoding the username from ASCII which is hidden within it.

To save anyone else the pain of doing this, if you use this script it will do that for you. It will output in JSON or plain text and uses standard Python libraries.



Comments

comments powered by Disqus