SecurID^® Discussions

TIFFANYIRELAND · ‎2018-07-18

Hello!

Is there a table in the database that lists the AVAILABLE license count, NOT the licensed users? (I've read the KB on the accurate active license count here:000030005 - How to get an accurate active user license count in RSA Authentication Manager 8.1 using SQL )

We are looking to connect our database to Tableau for metrics reporting, and would like to display an "available licenses vs licensed users" count on that dashboard. I've figured out how to query all of the other metrics we'd like, except for this available license count field - (if it's even available).

So any help would be appreciated!

EdwardBayley · ‎2018-09-21

You're very welcome, Tiffany! Just one wrinkle I have since found... I've just implemented this in our production Auth Mgr instance, only to find that the OID with the license count is .1.3.6.1.4.1.2197.20.24.1.2.527, not .1.3.6.1.4.1.2197.20.24.1.2.526! So the OID for license consumption is clearly a 'movable feast', so you'll either need an 'if... else' clause in your code to select the correct OID depending on whether you're running your script in your Prod or Dev environment, or else run the following command:

snmpwalk -v 3 -u {user name} -l {security level} -a {authentication protocol} -A {authentication password} -x {privacy protocol} -X {privacy password} {hostname}.1.3.6.1.4.1.2197 | grep ims.license.active_user_count

This returns something like:

SNMPv2-SMI::enterprises.2197.20.24.1.1.527 = STRING: "ims.license.active_user_count"

The last number in the partial OID shows you where to look for the license count, in this case it will be .1.3.6.1.4.1.2197.20.24.1.2.527 (because of the final 527 in the output above).

View solution in original post

EdwardDavis · ‎2018-07-18

In PSQL I am not sure, but it is easy with snmpv3 gets.

Poll the License Strategies Table (.rsa.ims.strategyTable)

.1.3.6.1.4.1.2197.20.20 shows this table including max possible users on license [not actual users].

.1.3.6.1.4.1.2197.30.5.1 would give the total current active users (all active users = tokens+oda+rba)

EdwardBayley · ‎2018-09-14

Great question, and it's just come up in my organization too. The OIDs above don't work for me (I am running Auth Mgr 8.2), seems that the total number of licenses and the number of used licenses are available through different OIDs. Obviously the number of remaining available license is total licenses - used licenses.

The following snmpget commands worked for me:

Total Number of Licenses (i.e. Used + Available)

snmpget -v 3 -u {user name} -l {security level} -a {authentication protocol} -A {authentication password} -x {privacy protocol} -X {privacy password} {hostname} .1.3.6.1.4.1.2197.20.20.1.7.2

where 'hostname' is the hostname of your Primary Auth Mgr server (or any Replica) and the other parameters are configured in the Security Console 'Network Monitoring (SNMP)' link under 'Advanced Settings'. (The settings are also visible in /etc/snmp/snmpd.conf).

Number of Used Licenses

snmpget -v 3 -u {user name} -l {security level} -a {authentication protocol} -A {authentication password} -x {privacy protocol} -X {privacy password} {hostname} .1.3.6.1.4.1.2197.20.24.1.2.526

I also found this command useful to list every single value and establish every OID available:

snmpwalk -u {user name} -l {security level} -a {authentication protocol} -A {authentication password} -x {privacy protocol} -X {privacy password} {hostname} .1.3.6.1.4.1.2197

TIFFANYIRELAND · ‎2018-09-17

Thank you for this info, Edward. I really appreciate the help!

EdwardBayley · ‎2018-09-21

You're very welcome, Tiffany! Just one wrinkle I have since found... I've just implemented this in our production Auth Mgr instance, only to find that the OID with the license count is .1.3.6.1.4.1.2197.20.24.1.2.527, not .1.3.6.1.4.1.2197.20.24.1.2.526! So the OID for license consumption is clearly a 'movable feast', so you'll either need an 'if... else' clause in your code to select the correct OID depending on whether you're running your script in your Prod or Dev environment, or else run the following command:

snmpwalk -v 3 -u {user name} -l {security level} -a {authentication protocol} -A {authentication password} -x {privacy protocol} -X {privacy password} {hostname}.1.3.6.1.4.1.2197 | grep ims.license.active_user_count

This returns something like:

SNMPv2-SMI::enterprises.2197.20.24.1.1.527 = STRING: "ims.license.active_user_count"

The last number in the partial OID shows you where to look for the license count, in this case it will be .1.3.6.1.4.1.2197.20.24.1.2.527 (because of the final 527 in the output above).

David · ‎2019-01-10

As a dynamic get of the license count, you should proceed this way using BASH :

totalLicense=xxx <= PUT HERE THE LICENSE COUNT YOU BOUGHT FROM RSA

                licenseOID=`$SNMPWALK -v 3 -u $COMM $HOST .1.3.6.1.4.1.2197.20.24.1.1 | grep -i active_user_count | cut -d' ' -f1 | rev | cut -d'.' -f1 | rev`
                RESULT=$?
                if [ $RESULT -ne 0 ]; then
                        exit 3
                fi
                usedLicense=`$SNMPGET -v 3 -u $COMM $HOST .1.3.6.1.4.1.2197.20.24.1.2.$licenseOID | sed 's/"//g'`
                warnCount=$((totalLicense*85/100))
                critCount=$((totalLicense*90/100))
                OUTPUT="Consommation licence: $usedLicense / $totalLicense|'usedLicense'=$usedLicense;$warnCount;$critCount;0;$totalLicense"
                PERFDATA=1
                if [ $usedLicense -gt $critCount ]; then
                        echo "[CRITICAL] $OUTPUT"
                        exit 2
                elif [ $usedLicense -gt $warnCount ]; then
                        echo "[WARNING] $OUTPUT"
                        exit 1

fi

echo "$OUTPUT"

exit 0

SecurID® Discussions

Available License Count?

SecurID^® Discussions