Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Query RAS user count using API

Jump to solution

Hello community,

does anybody know a way to query the count of current RAS users using the API?

I guess during the current time of extended home office working due to pandemic precautions, having a good overview over the current RAS user count per gateway is helpfull.

I'm aware of sk54641, but the value retrievable via SNMP is just wrong. Its the same wrong number, SmartConsole/SmartViewMonitor/GaiaDashboard is showing as Active Tunnels - Remote Access. The table Users by Gateway in SmartViewMonitor is showing the correct number (when counting the lines).

See here the CLI output:

 

fw tab -t userc_users -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost userc_users 165 554 662 0

iso.3.6.1.4.1.2620.1.2.5.4.23.0 = Counter64: 2245

 

The value 554 is the correct one. 2245 is just wrong and I have no idea, how this number is calculated.

Just plain old IPSecVPN blade here, if this is important. No MobileAccess blade. All users are using current Endpoint VPN Security Client and Office Mode.

As long as this ?bug? is not fixed, we need a way to retrieve the correct number remotely.

Btw, has anybody experience with NRPE or something like that on GAIA?

Thanks for any ideas!

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin

I thought you already have REST API based solution and want to get the date this way. 

From where I stand, you could run Ansible or Terraform, or any other popular tools to retrieve the data. In addition, similar API call is available directly from GAIA OS API: https://sc1.checkpoint.com/documents/latest/APIs/#clish/run-script~v1.6%20

For API calls, you need an admin account and client defined. You can also run mgmt_cli tool on the management itself.

It is a good idea, actually, cause you could use the default admin for auth with mgmt_cli, and then SIC auth (no additional admin credentials) to reach out to GWs and run the scripts there. ./jq or basic grep would do the rest.

If you do not want to invest time and efforts into Orchestration tools at this point, simple python based scripts would do the trick.

Or, the laziest way is to use technique described here: 

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/GAIA-Easy-execute-CLI-commands-on...


View solution in original post

0 Kudos
9 Replies
Highlighted
Sapphire

fw tab is the best command for this purpose - see         Remote Access Users license + count                for other possible parameters and outputs !

0 Kudos
Highlighted

Thank you, Albrecht, for this quick reply, but this is what I know already: fw tab is giving the correct information.

The question was, how to retrieve this value remotely. From a system monitoring platform like HP OpenView, Solar Winds, Icinga or whatever.

0 Kudos
Highlighted
Admin
Admin

You can use mgmt_cli run-script command, look here for more details: https://sc1.checkpoint.com/documents/latest/APIs/#cli/run-script~v1.6%20

 

0 Kudos
Highlighted

That could work, thank you, Val.

We would need to make mgmt_cli runnable on a non Check Point Linux host (monitoring worker plattform) and it is a quite costly operation to just retrieve a single value (create session with management which creates session with gateway (I hope not in using CPMI)), but it should work. From a security point of view, I have concerns. What kind of permissions would be needed for mgmt_cli run-script on a gateway target and it is a good idea to provide such high priviledge credentials to a monitoring plattform?

BTW, any idea, why the values retrievable by SNMP and GUI tools are wrong?

0 Kudos
Highlighted
Admin
Admin

I thought you already have REST API based solution and want to get the date this way. 

From where I stand, you could run Ansible or Terraform, or any other popular tools to retrieve the data. In addition, similar API call is available directly from GAIA OS API: https://sc1.checkpoint.com/documents/latest/APIs/#clish/run-script~v1.6%20

For API calls, you need an admin account and client defined. You can also run mgmt_cli tool on the management itself.

It is a good idea, actually, cause you could use the default admin for auth with mgmt_cli, and then SIC auth (no additional admin credentials) to reach out to GWs and run the scripts there. ./jq or basic grep would do the rest.

If you do not want to invest time and efforts into Orchestration tools at this point, simple python based scripts would do the trick.

Or, the laziest way is to use technique described here: 

https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/GAIA-Easy-execute-CLI-commands-on...


View solution in original post

0 Kudos
Highlighted

You're right, there is of course no need to use mgmt_cli, as run-script is also available over API web service. Not sure, why I didn't had that idea yesterday. Thanks also for hinting me to all the other options we have!

0 Kudos
Highlighted
Admin
Admin

happy to help

0 Kudos
Highlighted
Admin
Admin
If SNMP is returning wrong data a TAC case is in order.
0 Kudos
Highlighted
Platinum

Btw, OID .1.3.6.1.4.1.2620.1.2.5.4.23 surprisingly works on SMB but it only counts users with built-in accounts. Those that are using their domain ones are not counted.

0 Kudos