cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
5
Replies

Cisco SNMP MIB to Provide SSH User Information

sahmadhashmi
Level 1
Level 1

Hello Community Members,

I'm struggling to find the SNMP MIB that can provide information about the current users logged in through SSH using local credentials on my Cisco router, which is running the firmware universalk9.17.09.04a.SPA.bin.

I’ve already tried CISCO-AAA-SESSION-MIB and OLD-CISCO-TS-MIB (though I’m avoiding this as it's deprecated and old). Could you please suggest any other MIBs that might help in this case?

Your assistance would be greatly appreciated.

1 Accepted Solution

Accepted Solutions

Ok @sahmadhashmi 

The MIB CISCO-REMOTE-ACCESS-MONITOR-MIB  could help monitor remote access sessions, including SSH. It tracks active connections and user details, although it’s more focused on VPN and terminal services, it might provide SSH data as well... 

Try also CISCO-NAC-NODE-MIB which provides details about authenticated network access users, which might include SSH sessions authenticated via local credentials.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

5 Replies 5

M02@rt37
VIP
VIP

Hello @sahmadhashmi 

See CISCO-SYSLOG-MIB
This MIB is not specific to SSH sessions, but in some cases, SSH login events are logged via syslog. You could use SNMP to capture these syslog messages and filter for SSH login and logout events...

Other alternative, see HOST-RESOURCES-MIB. This standard MIB may offer basic information about users logged in via terminals (including SSH sessions in some cases). Though it’s not specialized for SSH, you can try checking:

-> hrSWRunTable – this table lists active processes, which could include SSH-related sessions.

https://cric.grenoble.cnrs.fr/Administrateurs/Outils/MIBS/?oid=1.3.6.1.2.1.25.4.2

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

sahmadhashmi
Level 1
Level 1

Dear M02@rt37 

Thanks for your suggestion.

I wanted to update you on my progress. I previously tried using CISCO-SYSLOG-MIB, but it resulted in excessive syslog information that was unnecessarily consuming our disk space.

I also attempted to use HOST-RESOURCES-MIB, but it seems that my router does not recognize this MIB.

iso.3.6.1.2.1.25.4.2 = No Such Object available on this agent at this OID

If you have any other suggestions or MIBs that might be helpful, I’d appreciate your guidance.

Ok @sahmadhashmi 

The MIB CISCO-REMOTE-ACCESS-MONITOR-MIB  could help monitor remote access sessions, including SSH. It tracks active connections and user details, although it’s more focused on VPN and terminal services, it might provide SSH data as well... 

Try also CISCO-NAC-NODE-MIB which provides details about authenticated network access users, which might include SSH sessions authenticated via local credentials.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Thanks M02@rt37 for your help and guidance.

You're so welcome @sahmadhashmi 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Review Cisco Networking for a $25 gift card