Execute commands via NPM alerts and log the output from your SSH devices. More specifically, how to check the connection counts on your Cisco ASA.

Version 2

    A co-worker and I came up with a hacky way of logging output from a device after an NPM alert has been triggered. For example if your Cisco ASA's connections are spiking and causing problems on your network, and every time you connect to it to drop some commands everything is back to normal. Here's how you grab output from the ASA while the event is happening:

     

    1. Simply create your alert in NPM, and for your trigger action use "Execute Program". (hint: OID 1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40 - row 6)

     

    2. Your target program should be a batch file that launches Plink, a variant of PuTTY.

    Here's my script: C:\plink.exe -ssh -l USERNAME -pw PASSWORD -m "C:\ciscoscript.txt" DEVICE_IP > C:\ASAconnectionsOutput.txt


    3. The "ciscoscript.txt" is simply a file containing the commands you want to run. If your command requires lots of output, on the next line you can include a bunch of spaces so the command cycles through it all.

    For example:

    en

    password

    show local-host connection embryonic 500 | in host|count/limit

    [insert spaces here]

     

    show local-host connection tcp 500 | in host|count/limit

    [insert spaces here]

     

    show local-host connection udp 500 | in host|count/limit

    [insert spaces here]

     

    exit

     

    Taa-daa! You've now got a way to instantly grab output from an SSH device based on any NPM alert!