cancel
Showing results for 
Search instead for 
Did you mean: 
japie
Level 9
Report Inappropriate Content
Message 1 of 5

Juniper VPN Displaying Concurrent Users Logged On

Hi Guys

I am new with Mcafee Nitro SIEM, so hope someone could possibly direct me in the right direction here, we are creating a custom  Dashboard for Juniper VPN and one of the objectives is to display Concurrent users logged in at anytime and to track usage to monitor the  licenses we have and load on the devices.

I have played around with this but can't seem to figure out how to display the correct number of users, please see below event from the drill down:

<134>Juniper: 2013-01-29 08:00:07 System()[] - Number of concurrent users logged in to the device: 229

When I set up a usuage display and filter on this spesific signature ID it SUM's the event count from what I understand, but essentially  I just want to grep that number and display it, and also include in monthly usage report, has anyone done something similiar?

Thanks

J

4 Replies

Re: Juniper VPN Displaying Concurrent Users Logged On

Hi japie,

The REC collects the events from the Juniper device and then reports them up to the ESM. In the ESM view it will display those events.

You can create a new view and drag down a bar chart > then you could select either source user or summary and click next. from there you could add the signature ID in the filter and it would show either the Source Users or total number of that event we have collected.

Image 004 01-31-2013.jpg

japie
Level 9
Report Inappropriate Content
Message 3 of 5

Re: Juniper VPN Displaying Concurrent Users Logged On

Hi Aaron

Thanks for your response but I can't get the Bar display to show me the correct concurrent users, the reason being it counts events as I have indicated above if you look at the PACKET information the number is at the end (bold) below

<134>Juniper: 2013-02-01 08:00:58 System()[] - Number of concurrent users logged in to the device: 251

It reports 8 events for the users logged in, but rather writes an event with this string in it and the value of concurrent users logged in is 251

If I follow your suggestion it will only count events written and still not adding up to concurrent users.

the only way I managed to get it working is using the Dial with the below options

COUNT (DISTINCT Source User)

Filter - Device Type & Device ID

I have attached a screenshot doing it your method it only counts the events generated which is 9 where actually there is  532  users logged in now

Please see below:

4>Juniper: 2013-02-01 09:00:22  [IP] System()[] - Number of concurrent users logged in to the device: 532

ConcurrentUsersSummary.JPG

I still need direction please on how to display this on a Bar

Re: Juniper VPN Displaying Concurrent Users Logged On

So the bar chart will only display the total number of packets we have received for that specific event (so we have recieved that Concurrent Users 9 times). That section in the packet doesnt look like it is parsed out into a field. What you would need to do is save that packet and log a PER for this field to be parsed out so you can report on it.

You can log your PER here:

McAfee ProductEnhancement Requests: https://mcafee.acceptondemand.com/index.jsp

japie
Level 9
Report Inappropriate Content
Message 5 of 5

Re: Juniper VPN Displaying Concurrent Users Logged On

Thanks for your response Aaron, I will complete the PER and provide feedback on the progress.

Tx

Japie

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community