VPN collector for ASA 5540
VPN -collector functionality.
The source data for VPN collector is the VNP syslog stream ,which is coming directly from Cisco VPN systems to the directory /home/nimi/vpn_syslog on nimisrv system via pipe (FIFO) .
The VPN collector code design to perform the following :
1 Close all open sessions ,which are older then 24 hours from current time in case if termination UDP message will be missing .
2 Select from pipe-stream open session messages (type %ASA-4-722051) and define : Start session time , User name , Group, User IP address , Given IP address. Then store in NIMI DB like as an active session.
3 Select from pipe-stream closed session messages ( type %ASA-4-113019) and define : End session time, User name , Receive bytes , Sent bytes, Duration ,Disconnection reason. Then updated active session in NIMI DB .
4 User can have a multiply sessions under one outside IP address , so it can create the situation ,when one IP from outside can handle a few onsite IPs .
It forces to use :user name, User IP, Given IP and duration to define user session and the end of this session, because the session ID doesn’t support for Cisco ASA 5540. (see Cisco TAC 613402939)
5 Check regarding the old active sessions every 24 hours.
#1 Updated by Vladimir Bravov about 9 years ago
- File VPN_collect.jpg VPN_collect.jpg added
- Due date changed from 03/31/2010 to 09/30/2010
- % Done changed from 60 to 90
The source data for VPN collector is the VNP syslog stream was changed to avoid development system-NIMISRV.
It was set via SNMPBRIDGE for production and development dispatchers (see the attachment pic.)
To deploy it in production in parallel with the old VPN collector we need to make the following:
- make auto-restart ;
- update nimi- make file to include components in tar
file and make the autostart; set monitoring for process on nimisrva and snmpbridge;
-perfom regression test and complex test via development sysyem.