Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active/Live user count on Pulse Secure Connect

swathiadireddy
New Contributor
‎07-31-2020 06:06:PM
‎07-31-2020 06:06:PM

Active/Live user count on Pulse Secure Connect

Based on what factors PSA (Pulse Secure Appliance) calculates the active user counts?

 

 

I am trying to work on a dashboard in Splunk for active user counts and would like to display all the active user counts of all the boxes in a single cluster.

 

 

0 Kudos
7 REPLIES 7
r@yElr3y
Moderator
Moderator
‎08-01-2020 11:38:PM
‎08-01-2020 11:38:PM

Re: Active user count on Pulse Secure Connect

Active users count should cover the users who are connected to Pulse through web or client session.

 

If you're looking for logs that shows the number of users connected, then please check the events logs and you should find "Number of concurrents users logged" updated every one-hour.

 

Configure the splunk to differentiate the counts based on the VPN server node name and concat them to show the overall user count logged into the cluster.

PCS Expert
Pulse Connect Secure Certified Expert
swathiadireddy
New Contributor
‎08-02-2020 10:10:AM
‎08-02-2020 10:10:AM

Re: Active user count on Pulse Secure Connect

Thanks for your response!
That is something I have already implemented and working fine as expected but "Number of concurrent users logged" gets updated every one-hour instead I would want to calculate users for every 5 mins or so as they start their session instead of waiting for hourly update.

For example: Total active users @ 10:00 is 1340 and after 5 mins or so 10 additional users added.
So I wanted to get the total active users count displayed @ 10:05/10:10 as 1350 instead of waiting for the update till 11:00.

I wanted to calculate the "Number of users" which is displayed under Active users (Pulse secure updates this count as the users add on)


0 Kudos
swathiadireddy
New Contributor
‎08-02-2020 05:00:PM
‎08-02-2020 05:00:PM

Re: Active user count on Pulse Secure Connect

To be more specific on this, I am trying to achieve this with user Log information.

Example: like counting the user Login session and subtracting the Logout/closed connection/terminated session.
I have noticed that it all depends on how the user is going to end the session.

0 Kudos
r@yElr3y
Moderator
Moderator
‎08-02-2020 08:41:PM
‎08-02-2020 08:41:PM

Re: Active user count on Pulse Secure Connect

Oh yes, we can capture the login succeeded and logout/closed connection events using msg filter (msg='keyword') or event-ID filter, but it look like overhead to me (still achievable).

We need to have additional logic built-in to ignore the session resumptions and identify multiple user sessions, if allowed.
PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
swathiadireddy
New Contributor
‎08-02-2020 09:11:PM
‎08-02-2020 09:11:PM

Re: Active user count on Pulse Secure Connect

I am curious to know if there is any formula based on how Pulse calculates the Active/Live users.

Here is what I have tried intially  Active users = Login_users - Logout_users but the results were not as expected.

For example: Below are the events of two users I am considering based on how their session ends.

User1: 1. 9:30:37.000 AM - msg="AUT24414: Agent login succeeded

            2.10:29:47.000 AM - msg="AUT23181: Session for user has been terminated

            3.10:36:15.000 AM - msg="AUT24414: Agent login succeeded

            4.12:25:20.000 PM - msg="NWC30993: Closed connection

User2: 1. 1:23:06.000 PM - msg="AUT24414: Agent login succeeded

            2. 4:09:12.000 PM - msg="AUT22673: Logout

            3. 4:09:12.000 PM - msg="NWC30993: Closed connection

            4. 8:08:20.000 PM - msg="AUT24414: Agent login succeeded

            5. 11:59:44.000 PM - msg="AUT22673: Logout

            6. 11:59:44.000 PM - msg="NWC30993: Closed connection

 

Is there any specific logic how the users sessions ends ?

 

            

 

0 Kudos
r@yElr3y
Moderator
Moderator
‎08-03-2020 06:35:PM
‎08-03-2020 06:35:PM

Re: Active user count on Pulse Secure Connect

I believe the logic that you've mentioned is correct. I don't see any other way of calculating the Active users Smiley Happy

 

Maybe you can add "Idle timeout" and "maximum session length" events as well.

PCS Expert
Pulse Connect Secure Certified Expert
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.