Number of AnyConnect Sessions and Bandwidth Utilization

  • Updated
THIS IS A CUSTOMER GENERATED SCRIPT AND COMES WITH NO WARRANTY OR SUPPORT. PROCEED AT YOUR OWN RISK.
 
FEB 2020

3 Functions covering Splunk, VPNs, DCHP scopes in Infoblox

Below are 3 functions.


Sub splunk: This is a generic sub to send to Splunk that translates hashes into key value pairs for easier parsing. In the syslog you end up with key1=”value1” key2=”value2”


Sub sched_5m_metrics_pulse_secure: This is written for PulseSecure VPN appliances but the logic can be used for other VPNs. It is pulling back particular data points like concurrent users, disck, cpu, memory etc. It would also be pulling the external interface statistics but for some reason this is failing on Pulse. Instead I have identified the switch ports for each node and have included logic to add in/out utilization and bitrate.


Sub sched_5m_metrics_infoblox_subnets: This looks at particular DHCP scopes in Infoblox and send to splunk metrics about percent utilized. There are particular reasons we need to do this….you may not.

 

The log messages going into Splunk look like this:

2020-03-09T15:35:00-07:00 192.168.1.1 akips_sub="sched_5m_metrics_pulse_secure" akips_type="metric" clusterConcurrentUsers="1020" diskFullPercent="6" ext0_ifInBitRate="120" ext0_ifInUtil="0" ext0_ifOutBitRate="264" ext0_ifOutUtil="0" iveConcurrentUsers="0" iveCpuUtil="0" iveMemoryUtil="2" iveSwapUtil="0" src="VPNSERVER-01"
2020-03-09T15:35:01-07:00 192.168.1.1 akips_sub="sched_5m_metrics_infoblox_subnets" akips_type="metric" dhcp_util="14" mask="255.255.240.0" subnet="192.168.100.0"

 

Here are the site specific items in the scripts that would need to be changed out if you were using Splunk, PulseSecure, Infoblox.

SPLUNKSERVERIP
VPNSERVER-01, VPNSERVER-02, VPNSERVER-03, VPNSERVER-04
SWITCH-01, SWITCH-02, SWITCH-03, SWITCH-04
PORT-01, PORT-02, PORT-03, PORT-04
192.168.0.0, 192.168.100.0, 192.168.200.0

sub sched_5m_metrics_pulse_secure {
 use Data::Dumper;
 my $val;
 my %data;
 my %device;

 my $sub_name = (caller(0))[3]; $sub_name =~ s/.*:://;

 

for my $dev (adb_result ("mget device * any group PulseSecure")) {
  $data{$dev}{akips_type} = "metric";
  $data{$dev}{akips_sub} = $sub_name;
  $data{$dev}{src} = $dev;
  $data{$dev}{iveConcurrentUsers} = adb_result (sprintf ("calc avg time last5m gauge %s users PULSESECURE-PSG-MIB.iveConcurrentUsers", $dev)) || 0;

   $data{$dev}{clusterConcurrentUsers} = adb_result (sprintf ("calc avg time last5m gauge %s users PULSESECURE-PSG-MIB.clusterConcurrentUsers", $dev)) || 0;

  $data{$dev}{iveCpuUtil} = adb_result (sprintf ("calc avg time last5m gauge %s cpu PULSESECURE-PSG-MIB.iveCpuUtil", $dev)) || 0;

  $data{$dev}{diskFullPercent} = adb_result (sprintf ("calc avg time last5m gauge %s disk PULSESECURE-PSG-MIB.diskFullPercent", $dev)) || 0;

  $data{$dev}{iveSwapUtil} = adb_result (sprintf ("calc avg time last5m gauge %s disk PULSESECURE-PSG-MIB.iveSwapUtil", $dev)) || 0;

  $data{$dev}{iveMemoryUtil} = adb_result (sprintf ("calc avg time last5m gauge %s ram PULSESECURE-PSG-MIB.iveMemoryUtil", $dev)) || 0;

 

given ($dev) {

 when ($_ eq "VPNSERVER-01") {

  $data{$dev}{ext0_ifInBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-01 IF-MIB.ifInBitRate") || 0;
  $data{$dev}{ext0_ifOutBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-01 IF-MIB.ifOutBitRate") || 0;
  $data{$dev}{ext0_ifInUtil} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-01 IF-MIB.ifInUtil") || 0;
  $data{$dev}{ext0_ifOutUtil} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-01 IF-MIB.ifOutUtil") || 0;

}

 when ($_ eq "VPNSERVER-02") {

  $data{$dev}{ext0_ifInBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-02 IF-MIB.ifInBitRate") || 0;

  $data{$dev}{ext0_ifOutBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-02 IF-MIB.ifOutBitRate") || 0;

  $data{$dev}{ext0_ifInUtil} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-02 IF-MIB.ifInUtil") || 0;
  $data{$dev}{ext0_ifOutUtil} = adb_result ("calc avg time last5m ifrate SWITCH-01 PORT-02 IF-MIB.ifOutUtil") || 0;

}

 when ($_ eq "VPNSERVER-03") {

  $data{$dev}{ext0_ifInBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-03 IF-MIB.ifInBitRate") || 0;

  $data{$dev}{ext0_ifOutBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-03 IF-MIB.ifOutBitRate") || 0;

  $data{$dev}{ext0_ifInUtil} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-03 IF-MIB.ifInUtil") || 0;

  $data{$dev}{ext0_ifOutUtil} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-03 IF-MIB.ifOutUtil") || 0;

}

 when ($_ eq "VPNSERVER-04") {

  $data{$dev}{ext0_ifInBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-04 IF-MIB.ifInBitRate") || 0;
  $data{$dev}{ext0_ifOutBitRate} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-04 IF-MIB.ifOutBitRate") || 0;

  $data{$dev}{ext0_ifInUtil} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-04 IF-MIB.ifInUtil") || 0;

  $data{$dev}{ext0_ifOutUtil} = adb_result ("calc avg time last5m ifrate SWITCH-02 PORT-04 IF-MIB.ifOutUtil") || 0;

  }

 }

}

 

for my $dev (nat_sort keys %data) {
 splunk (%{ $data{$dev} });

 #print Dumper(%{ $data{$dev} });

 }

}

 

sub sched_5m_metrics_infoblox_subnets {

 my %data;

 my %device;

 my $sub;

 my $sub_name = (caller(0))[3]; $sub_name =~ s/.*:://;

 

 my @subnets = ('192.168.0.0','192.168.100.0','192.168.200.0');

 

for my $subnet (@subnets) {

  my $line = adb_result (sprintf ("mget * * /^dhcpnet/ IB-DHCPONE-MIB.ibDHCPSubnetNetworkAddress value %s any group infoblox", $subnet));

  my ($dev, $child, $attr, undef, $val) = split (" ", $line, 5);

  $data{$subnet}{akips_type} = "metric";

  $data{$subnet}{akips_sub} = $sub_name;

  $data{$subnet}{subnet} = $subnet;

  $data{$subnet}{mask} = adb_result (sprintf ("get %s %s IB-DHCPONE-MIB.ibDHCPSubnetNetworkMask", $dev, $child)) || "";
  $data{$subnet}{dhcp_util} = adb_result (sprintf ("calc avg time last5m gauge %s %s IB-DHCPONE-MIB.ibDHCPSubnetPercentUsed", $dev, $child)) || 0;

}

 

for my $subnet (nat_sort keys %data) {

  splunk (%{ $data{$subnet} });

 }

}

 

sub splunk {
 my (%splunk_vars) = @_;
 my $dest_ip = "SPLUNKSERVERIP";

 my $priority = "error";

 my $facility = "local3";

 my $message = "";

 

if (values %splunk_vars == 1 && length scalar(keys %splunk_vars) == 1) {

  $message = (%splunk_vars)[0];
} else {
  for my $splunk_var (sort keys %splunk_vars) {

   $message = $message . $splunk_var . '="' . trim($splunk_vars{$splunk_var}) . '" ';

  }
}

 

# Send the syslog message
syslog ({

 ipaddr => $dest_ip,
 priority => $priority,

 facility => $facility,

 message => $message,
 });

# log to Akips logs errlog ($ERR_ALERT, "splunk $dest_ip $priority $facility $message");

}

Was this article helpful?

/

Comments

0 comments

Please sign in to leave a comment.