As a admin of a firewall with vpn solution its nice to have a sensor that shows a counter for local locked out vpn accounts. I use plink inside of a batch file
@echo off
REM configure "Credentials for Linux/solaris/MAC OS (ssh/webm) Systems" for the device you want to watch
REM create a PRTG "EXE/Script Sensor" under the device you want to monitor
REM for Sensor Name select this script, the script you have to store in the PRTG installation folder, default is C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE\Cisco-locked-accounts_exe_1.bat
REM Sensor Parameters: %host %linuxuser %linuxpassword
REM please keep in mind the filter (for /F "delims=" %%i in ('findstr "..:..:.." %output% ^| find ":" /c') do set value=%%i) has to be changed when remote-command changes
REM assign prtg parameters (%host %linuxuser %linuxpassword) to variables
set host=%1
set user=%2
set pw=%3
REM output folder c:\temp you have to create manualy
set output="c:\temp\cisco-locked-accounts_exe_output_1.txt"
REM change path to plink
set pl="C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\PuTTY\plink.exe"
REM variable for the command file that plink wil execute on the cisco
set remote-command-file="c:\temp\cisco-locked-accounts_exe_1.txt"
REM command that will send back info that you want to monitor
set remote-command=show aaa local user
REM create command file that plink will execute on the cisco
echo login>>%remote-command-file%
echo %user%>>%remote-command-file%
echo %pw%>>%remote-command-file%
echo %remote-command%>>%remote-command-file%
echo logout>>%remote-command-file%
echo exit>>%remote-command-file%
REM if exists %output% del /F /Q %output% >nul 2>&1
REM plink execution
%pl% -ssh -batch -pw %pw% %user%@%host% -m %remote-command-file% > %output%
REM filter and count output
for /F "delims=" %%i in ('findstr "..:..:.." %output% ^| find ":" /c') do set value=%%i
REM output that prtg receives
if "%value%" equ "0" (echo %value%:OK)
if "%value%" gtr "0" (echo %value%:notOK)
REM delete temporary created files
del %remote-command-file%
del %output%
you can modify this solution to get other values from a cisco asa also but keep in mind you can see credentials in the command file what will be executed on the cisco device, so please use a cisco account with only required permissions to get the values you want, do not use a admin account. http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/access_management.html#wp1042033
Nice, thanks for sharing! :) I'm sure plenty of other users will find this helpful :)
Sep, 2015 - Permalink