04-27-2024 05:00 PM
We are trying to use PLINK to export a list of active AnyConnect users via TFTP to a text file that's then parsed and displayed via HTML.
We use a batch file with the following contents that calls a text file containing the required commands:
plink -ssh -l admin -pw IDpd#:!7763 165.206.243.61 -m FirePower-VPN-script.txt
pause
Contents of FirePower-VPN-Script.txt:
system support diagnostic-cli
enable
/r/n
show vpn-sessiondb anyconnect | redirect tftp://<TFTP Server IP Address>/Firepower-vpnconnections.txt
exit
Any guidance would be appreciated or if there is another process we can use to schedule the export of the active AnyConnect sessions such as the api.
Thanks
Solved! Go to Solution.
04-27-2024 10:48 PM
You can also run EEM script on FTD to export automatically every day 1:00am or desired timing or frequency
example :
event manager applet vpnsessiondb
description vpnsessiondb-export
event timer absolute time 00:01:00
action 1 cli command "show vpn-sessiondb anyconnect | redirect tftp://<TFTP Server IP Address>/Firepower-vpnconnections.txt"
I have not played with API - you can use postman to see if you get output you looking and incorporate with your program to get data once it working.
Request Type: GET
Description: Retrieves the FTD RA VPN topology associated with the specified ID. If no ID is specified for a GET, retrieves list of all FTD RA VPN topologies.
you can check below :
04-27-2024 10:48 PM
You can also run EEM script on FTD to export automatically every day 1:00am or desired timing or frequency
example :
event manager applet vpnsessiondb
description vpnsessiondb-export
event timer absolute time 00:01:00
action 1 cli command "show vpn-sessiondb anyconnect | redirect tftp://<TFTP Server IP Address>/Firepower-vpnconnections.txt"
I have not played with API - you can use postman to see if you get output you looking and incorporate with your program to get data once it working.
Request Type: GET
Description: Retrieves the FTD RA VPN topology associated with the specified ID. If no ID is specified for a GET, retrieves list of all FTD RA VPN topologies.
you can check below :
04-28-2024 03:48 PM
Thank you for your response. Set up a FlexObject that worked perfectly!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide