Pages

3/22/2020

Monitor Cisco ASA with snmp using powershell

With the entire company working remotely, the bosses want to see an hourly report of ASA connections since our capacity is limited.
  • To find the SNMP OIDs of interest I used a freeware MIB walker and lots of googling in he past 2 days about this and everything else.
  • I already had SNMPGET for the cisco backup script I've been using for years.
  • This was a good opportunity to learn more about using RRDTOOLS.  I downloaded RRD from www.rrdtool.org to use for saving the connection history and graphing it.
  • I also wanted to capture internet circuit bandwidth and utilization.  I have been using the free Solarwinds Realtime Bandwidth Monitor for this to show all the peaks that get averaged out in Orion and others.  I was able to find a powershell script that grabbed a screen shot and adjusted it to only capture the half of the server screen where the internet circuit monitors are open on,
    • It turns out that this requires that I be RDPd to this machine all the time.  So this isn't a long term kind of thing.
  • Using windows task scheduler a batch file runs that executes the powershell to take a screenshot and save it in the working folder.  Then my powershell launches. 
  • Roughly the powershell does the following:
    • create $report and then add the text of HTML BODY and TABLE headers
    • run SNMPGET to pull the svc and webvpn current connection counts from two ASA's we refer to as PRI and SEC.  svc is anyconnect client connections and webvpn is "clientless" which in my case is workspot user sessions.
    • calculate the total sessions on PRI & SEC and grand total.
    • add table rows and table data fields to $report
    • use rrdtool update to save the total to rrd database.
    • use rrdtool graph to create graph and save to working directory
    • add HTML image tags to insert the RRD graph and the screenshot image to $report
    • save $report as HTML file in working directory 
    • use send-mailmessage to e-mail $report to the recipients.  
      • NOTE:  for the images to be included in the message it is necessary to also attach them.
      • ALSO:  to specify more than one attachment or recipient, they need to be entered in quotes separated by commas.  Like:
        • "joe@cool.net", "woodstock@cool.net"
  • Code for screenprint script is below.  Followed by code for main script.

######################

# send-screen.ps1

#
#start-process "PATH TO AN APPLICATION.EXE"
#Start-Sleep -Milliseconds 1000
$File = "\util\asa\internetbw.bmp"
Add-Type -AssemblyName System.Windows.Forms
Add-type -AssemblyName System.Drawing
$Screen = [System.Windows.Forms.SystemInformation]::VirtualScreen
$Width = ($Screen.Width/2+256)
$Height = ($Screen.Height-64)
$Left = ($Screen.Left+800)
$Top = $Screen.Top
$bitmap = New-Object System.Drawing.Bitmap $Width, $Height
$graphic = [System.Drawing.Graphics]::FromImage($bitmap)
$graphic.CopyFromScreen($Left, $Top, 0, 0, $bitmap.Size)
$bitmap.Save($File) 
Write-Output $File
#$SendTo = "joe@cool.net"
#$SMTPServer = "smtp" 
#$EmailFrom = “noreply@cool.net”
#$EmailSubject = “SCREENSHOT”
#$Image = $File
#$Message = new-object Net.Mail.MailMessage
#Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin -erroraction silentlyContinue
#$attachment = new-object Net.Mail.Attachment($Image)
#$attachment.ContentId = "att"
#$smtp = new-object Net.Mail.SmtpClient($smtpServer)
#$body = ''
#$Message.From = $EmailFrom
#$Message.To.Add($SendTo)
#$Message.Subject = $EmailSubject
#$Message.Body = $body
#$Message.IsBodyHTML = $true
#$Message.Attachments.Add($attachment)
#$smtp.Send($Message)
#$attachment.Dispose()

#
#     END
#######################



##########################################
#
# CONRPT.PS1
#
# ASA Connection Report
#

$community = 'readonly'
$SEC = '10.66.1.16'
$PRI = '10.66.1.6'
$svc = '.1.3.6.1.4.1.9.9.392.1.3.35.0'
$webvpn = '.1.3.6.1.4.1.9.9.392.1.3.38.0'
$outfile = "asa-connect.html"
$logfile = "log.txt"
$rptname = "VPN Connections & Internet Bandwidth Usage"
$recipient = "matt.kunkel@troutman.com","lloyd.petrey@troutman.com"
$today = get-date

############################################################################################
# Report Heading

$report=@'
<STYLE>
BODY{font-family: Verdana, Arial, Helvetica, sans-serif;font-size:12;font-color: #000000}
TABLE{border-width: 2px;padding: 1px;border-style: solid;border-color: black;border-collapse: collapse;} 
TH{border-width: 2px;padding: 4px;border-style: solid;border-color: black;background-color: #dddddd;font-size:16;font-weight:bold}
TD{border-width: 2px;padding: 4px;border-style: solid;border-color: black;background-color: #efefef; font-size:12;font-weight:normal} 
TD.error{border-width: 2px;padding: 4px;border-style: solid;border-color: black;background-color: #ffffff;font face="monospace";font-size:10;font-color: #cccccc}
</STYLE> 
<HTML>
<HEAD> 
<TITLE></TITLE> 
</HEAD> 
<BODY>
'@

$report+="<H2>VPN Connections</H2><H4>"
$report+=$today
$report+="</H4><table><th>Connection </th><th>PRI </th><th>SEC </th></tr>"

############################################################################################




$cmd = "c:\snmp\bin\snmpget -M c:\snmp\mib -O nQ -v 2c -r 2 -t 1000 -c $community $SEC $svc"
$result = invoke-expression $cmd
$output = $result -split "= "
$anyconnectsec = $output[1]
$result=''
$output=''

$cmd = "c:\snmp\bin\snmpget -M c:\snmp\mib -O nQ -v 2c -r 2 -t 1000 -c $community $PRI $svc"
$result = invoke-expression $cmd
$output = $result -split "= "
$anyconnectpri = $output[1]
$result=''
$output=''

$cmd = "c:\snmp\bin\snmpget -M c:\snmp\mib -O nQ -v 2c -r 2 -t 1000 -c $community $PRI $webvpn"
$result = invoke-expression $cmd
$output = $result -split "= "
$workspotpri = $output[1]
$result=''
$output=''

$cmd = "c:\snmp\bin\snmpget -M c:\snmp\mib -O nQ -v 2c -r 2 -t 1000 -c $community $SEC $webvpn"
$result = invoke-expression $cmd
$output = $result -split "= "
$workspotsec = $output[1]
$result=''
$output=''

$totalPRI = [int]$anyconnectpri + [int]$workspotpri
$totalSEC = [int]$anyconnectsec + [int]$workspotsec

$report+="<tr><td>anyconnect</td><td>$anyconnectpri</td><td>$anyconnectsec</td></tr>"
$report+="<tr><td>workspot</td><td>$workspotpri</td><td>$workspotsec</td></tr>"
$report+="<tr><td>total</td><td>$totalPRI</td><td>$totalSEC</td></tr>"

$total = $totalPRI + $totalSEC

$log = "`t`t`t PRI `t SEC `n"
$log+= "anyconnect `t $anyconnectpri `t $anyconnectsec `n"
$log+= "workspot `t $workspotpri `t $workspotsec `n"
$log+= "total `t`t $totalPRI `t $totalSEC `n"
$log+= "$total `n"

$log | out-file $logfile

$now = get-date -date $today -uformat %s
$timestamp = [int]$now

& \rrd\bin\rrdtool update allcon.rrd N:$total 

& & \rrd\bin\rrdtool graph all-week.png --units-exponent 0 --start now-7d --end now DEF:ds1a=allcon.rrd:all:AVERAGE VDEF:ds1max=ds1a`,MAXIMUM LINE3:ds1a#FF0000:"Total Connections = $total" GPRINT:ds1max:"Max for Week=%5.0lf     "







$image=@'
</TABLE><img src="all-week.png"></img>
</img>
'@
$report+=$image
$report+="</BODY></HTML>" 

$report | out-file $outfile 

############################################################################################
#e-mail the report

$messageSubject = $rptname
$smtpServer = "smtp.cool.net"
$smtpFrom = "noreply@cool.net"
$smtpTo = $recipient
$message = $report 
#send-mailmessage -to $smtpTo -cc "joe@cool.net" -from $smtpFrom -subject $messageSubject -body $message -smtpserver $smtpServer -BodyAsHtml
send-mailmessage -to $smtpTo -cc "cool.net" -from $smtpFrom -subject $messageSubject -body $message -smtpserver $smtpServer -BodyAsHtml -attachments "\util\asa\all-week.png","\util\asa\internetbw.bmp"
###



















at
15:56


0
comments
























Labels:
,
,
,













        

      









Subscribe to:
Posts (Atom)