1

I'm trying to get a VPN count from asa firewall. I'm using

show vpn-sessiondb summary | i *vpn name

and store the result in a file. I have 5 hosts, each host will return a string like below. and I'll store it in 5 separate file whose names is hostname only

vpn name      : 2345 : 2022098 : 4567 : 590

From the file, I just want only the active VPN count which is 2345. which I took by using the below play,

- name: get active
  shell: "awk '{print $4}' {{ hostname }}_file"
  register: count
- debug:
    msg: "{{ count.stdout }}"

which returns:

2345
1234
1231
3567
5678

Now I want the sum of these 5 values. Any way to find it through the ansible module or shell commands?

Improve this question

2 Answers 2

Reset to default
2

You say you:

  • have 5 hosts, e.g.
firewalls: [hostA, hostB, hostC, hostD, hostE]
  • have 5 separate files, e.g.
shell> find . -name '*_file'
./hostA_file
./hostD_file
./hostB_file
./hostC_file
./hostE_file

storing returned strings, e.g.

shell> cat *_file
vpn name      : 2345 : 2022098 : 4567 : 590
vpn name      : 1234 : 2022098 : 4567 : 590
vpn name      : 1231 : 2022098 : 4567 : 590
vpn name      : 3567 : 2022098 : 4567 : 590
vpn name      : 5678 : 2022098 : 4567 : 590
  • want only the active VPN count
- shell: "awk '{print $4}' {{ hostname }}_file"

which returns:

2345 1234 1231 3567 5678

Q: "I want the sum of these 5 values."

A: Get the active VPN counts in a loop. Declare the variables

  firewalls: [hostA, hostB, hostC, hostD, hostE]
  active_vpn_counts: "{{ count.results|map(attribute='stdout')|
                                       map('int')|list }}"

The task below

    - name: get active
      command:
        cmd: "awk '{print $4}' {{ item }}_file"
        chdir: "{{ playbook_dir }}"
      register: count
      loop: "{{ firewalls }}"

gives

  active_vpn_counts:
  - 2345
  - 1234
  - 1231
  - 3567
  - 5678

sum the items. Declare the variable

  active_vpn_sum: "{{ count.results|map(attribute='stdout')|
                                    map('int')|sum }}"

gives

  active_vpn_sum: '14055'

Notes

  • Example of the project
shell> tree .
.
├── ansible.cfg
├── hostA_file
├── hostB_file
├── hostC_file
├── hostD_file
├── hostE_file
├── hosts
└── pb.yml

0 directories, 8 files
  • Example of a complete playbook for testing
shell> cat pb.yml
- hosts: localhost

  vars:

    firewalls: [hostA, hostB, hostC, hostD, hostE]
    active_vpn_counts: "{{ count.results|map(attribute='stdout')|
                                         map('int')|list }}"
    active_vpn_sum: "{{ count.results|map(attribute='stdout')|
                                      map('int')|sum }}"

  tasks:

    - name: get active
      command:
        cmd: "awk '{print $4}' {{ item }}_file"
        chdir: "{{ playbook_dir }}"
      register: count
      loop: "{{ firewalls }}"

    - debug:
        var: active_vpn_counts
      run_once: true
    - debug:
        var: active_vpn_sum
      run_once: true
Improve this answer
5
  • While i'm using your code. the sum of all firewalls are printing 5 times. any possibility to print it only once. see my output below: Commented Jan 2, 2023 at 6:18
  • ok: [host1] =>{ " sum" = "13000" } ok: [host2] =>{ " sum" = "13000" } ok: [host3] =>{ " sum" = "13000" } ok: [host4] =>{ " sum" = "13000" } ok: [host5] =>{ " sum" = "13000" } Commented Jan 2, 2023 at 6:20
  • Set run_once: true. I updated the code. See Controlling playbook execution Commented Jan 2, 2023 at 6:23
  • and in variable Firewalls: [hosta, hostb, hostc, hostd, hoste], can we put just firewalls: ["{{hosts}}"] Commented Jan 2, 2023 at 6:54
  • Neither in my code nor yours, there is no such variable hosts. Either delete the comment or explain where the variable hosts comes from. Commented Jan 2, 2023 at 9:27
0

You can use the expr function on Bash shell for performing math on values.

https://tecadmin.net/bash-add-two-integers/

You might want to also look into gathering the data you want via SNMP or the ASA API. Both may be more efficient than collecting via command line scraping.

https://www.slsmk.com/monitor-asa-vpn-sessions-via-snmp/

https://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.