0 Replies Latest reply on May 24, 2017 10:07 PM by lkcameron

    Universal Device Poller: Pull data from Table Row References?

    lkcameron

      I'm trying to set up a UnDP to give me a bunch of data on VPN sessions connected to a Cisco ASA. I'm using data from the CISCO-REMOTE-ACCESS-MONITOR-MIB crasSessionTable (at OID 1.3.6.1.4.1.9.9.392.1.3.21).

       

      What I need is the usernames logged into the ASA. Now before anyone states the obvious, there is a row in the table called "crasUsername" which you would think would give me what I need. NOT SO. That column seems to be empty and is not supported by the ASA devices at present.

       

      BUT, all is not completely lost. After some googling, I've discovered that the row IDs (Sub-OIDs) in the table actually contain the username in a very clandestine manner. I found this info here: https://supportforums.cisco.com/document/51116/asa-ra-vpn-user-information-using-snmp

       

      Eg. When I query the table I can see row ID "20.117.115.101.114.45.110.97.109.101.108601345" with a value of "TunnelGroup" (I'm not putting real names etc in here). When you follow the ASCII table here: http://www.asciitable.com/ you end up with 20.user-name.108601345. Where I've put user-name here, I'm actually getting bonafide usernames in the row ID. So in fact, the VPN usernames are encoded in the session table row IDs. eg, If I SNMPWalk 1.3.6.1.4.1.9.9.392.1.3.21.1.2.[20.117.115.101.114.45.110.97.109.101.108601345] the result is STRING:"TunnelGroup" (again, actual group name obfuscated) and the highlighted portion of the OID is actually the username in ASCII Code (user-name in my example). The portion in brackets is the Row ID.

       

      What of course I need to figure, is how can I get a UnDP to pull that info out... As far as I can tell at the moment, there's no way that I can 'see' the row ID in NPM or UnDP to be able to convert, manipulate or map values.

       

      Has anyone got any bright idea's on what if anything can be done to get the usernames out of those OIDs?