topic Hello, anyone? I don't in Network Access Control

Anyconnect and Hostscan logging

pronin_sergey — Mon, 11 Mar 2019 05:47:01 GMT

Hello guys,

I have a running ASA with Anyconnect and HostScan. We use DAP policies to terminate the connections from various OSes, checking for keys in win registry and etc.

Now I would like to somehow log all possible parameters gathered by Hostscan on ASA. For instance:

- OS version

- MAC address

- BIOS serial number

and so on.

Is there a way to do this?

Sergey

Hello, anyone? I don't

pronin_sergey — Mon, 08 Jun 2015 11:39:15 GMT

Hello,

anyone? I don't believe that it is just me, who wants to get as much info as possible from users.

This info could be perfectly used in SIEM.

Found the solution.

pronin_sergey — Tue, 09 Jun 2015 13:37:30 GMT

Found the solution.

In ASDM do the following:

Configuration -> Device management -> Logging -> Logging Filters

Choose logging destination you need, then in Syslog from Specific Event Classes do:

Event class: dap

Severity: debugging

Then in logs you'll see smth like this:

Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.version="Linux"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.servicepack="3.19.0-15-generic"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.architecture="x86"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.policy.location="Default"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.device.protection="none"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.device.protection_version="3.1.08009"

Re: Found the solution.

TheSlyOne — Wed, 15 Apr 2020 12:59:28 GMT

Apparently there are two of us 😉