• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 1036 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Enabling CLI in ASA

lmantonio

Hi Everyone.

My question is:

After enabling the CLI polling on ASA device it sends every two minutes to the kiwi Syslog server the following 

User authentication succeeded: IP address:  source (NPM Primary IP xx.xx.xx.xx) Uname: user

and it will follow with:

the "user **** executed terminal pager line 0" though we did not execute this command?  

This is happening throughout the day continiously as long as cli polling was checked.

Help is much appreciated.

  • 0
    What did you expect CLI polling does?
    It is downloading the config to show you the ACLs... and more
  • 0 in reply to HerrDoktor
    I might have sounded a little harsh yesterday, but I am German and I have to fit in the stereotype...
    CLI polling gathers additional information that is not available over SNMP. It is logging on to the device over SSH and issues various commands, parses the output and puts this information in the Orion DB to be displayed nice and shiny.
    So why do we need Terminal length 0?
    If a command produces an output that does not fit into the terminal window, you would get the — more — prompt, hit a key and get the next lines. For human readability this is nice, but for a „robot“ this is not efficiently as the robot would need to check if the more prompt is there or if the output is already complete or if something else happened. So the Orion platform tells the device to send all lines for the command in a single output as it needs to parse it externally anyway, that’s your terminal length 0 command.
    To make it short: this is intended behavior when enabling CLI polling.
  • 0 in reply to HerrDoktor

    Thanks for your time and understanding. I think my post lacks detail allow me to clarify.

    What did you expect CLI polling does? is a very good question.

    After the enable cli polling box checked in ASA. The Orion constantly authenticate every two minutes and it will  immediately execute terminal pager line 0. This is a continuous cycle which only happen in ASA . which I'm not sure if it is normal or a bug.issue.

  • 0 in reply to lmantonio

    2 minutes is the polling interval. So it is polling via CLI every 2 minutes, yes. For ACLs this is too much, yes, but what about VPN Tunnels? Don’t you want to know that your VPN is not working properly within that timeframe? Or other metrics that are polled via CLI rather than SNMP? So yes, if you set the polling interval to 2 Minutes, this is again intended behavior. Orion will grab all information needed every 2 minutes.

    HerrDoktor_0-1592073353180.jpeg

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.