Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
603
Views
0
Helpful
5
Replies

Cisco SNMP MIB to Provide SSH User Information

Go to solution
sahmadhashmi
Level 1
Level 1

‎09-06-2024 03:29 AM

Hello Community Members,

I'm struggling to find the SNMP MIB that can provide information about the current users logged in through SSH using local credentials on my Cisco router, which is running the firmware universalk9.17.09.04a.SPA.bin.

I’ve already tried CISCO-AAA-SESSION-MIB and OLD-CISCO-TS-MIB (though I’m avoiding this as it's deprecated and old). Could you please suggest any other MIBs that might help in this case?

Your assistance would be greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to sahmadhashmi

‎09-06-2024 06:05 AM

Ok @sahmadhashmi 

The MIB CISCO-REMOTE-ACCESS-MONITOR-MIB  could help monitor remote access sessions, including SSH. It tracks active connections and user details, although it’s more focused on VPN and terminal services, it might provide SSH data as well... 

Try also CISCO-NAC-NODE-MIB which provides details about authenticated network access users, which might include SSH sessions authenticated via local credentials.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
M02@rt37
VIP
VIP

‎09-06-2024 03:58 AM

Hello @sahmadhashmi 

See CISCO-SYSLOG-MIB
This MIB is not specific to SSH sessions, but in some cases, SSH login events are logged via syslog. You could use SNMP to capture these syslog messages and filter for SSH login and logout events...

Other alternative, see HOST-RESOURCES-MIB. This standard MIB may offer basic information about users logged in via terminals (including SSH sessions in some cases). Though it’s not specialized for SSH, you can try checking:

-> hrSWRunTable – this table lists active processes, which could include SSH-related sessions.

https://cric.grenoble.cnrs.fr/Administrateurs/Outils/MIBS/?oid=1.3.6.1.2.1.25.4.2

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
sahmadhashmi
Level 1
Level 1

‎09-06-2024 05:21 AM

Dear M02@rt37 

Thanks for your suggestion.

I wanted to update you on my progress. I previously tried using CISCO-SYSLOG-MIB, but it resulted in excessive syslog information that was unnecessarily consuming our disk space.

I also attempted to use HOST-RESOURCES-MIB, but it seems that my router does not recognize this MIB.

iso.3.6.1.2.1.25.4.2 = No Such Object available on this agent at this OID

If you have any other suggestions or MIBs that might be helpful, I’d appreciate your guidance.

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to sahmadhashmi

‎09-06-2024 06:05 AM

Ok @sahmadhashmi 

The MIB CISCO-REMOTE-ACCESS-MONITOR-MIB  could help monitor remote access sessions, including SSH. It tracks active connections and user details, although it’s more focused on VPN and terminal services, it might provide SSH data as well... 

Try also CISCO-NAC-NODE-MIB which provides details about authenticated network access users, which might include SSH sessions authenticated via local credentials.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
sahmadhashmi
Level 1
Level 1
In response to M02@rt37

‎09-10-2024 03:03 AM

Thanks M02@rt37 for your help and guidance.

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to sahmadhashmi

‎09-10-2024 04:28 AM

You're so welcome @sahmadhashmi 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card