topic How to configure Logging for remote access vpn in Network Security

How to configure Logging for remote access vpn

prashantrecon — Mon, 11 Mar 2019 22:54:35 GMT

Hi,

i have cisco ASA5520 and i have a remote access vpn .I want to configure logging for this remote access vpn.

i want the time user connected .how log it is connected .If any error while connecting ?

Please reply ASAP.

Regards,

Prashant

How to configure Logging for remote access vpn

Jouni Forss — Tue, 17 Apr 2012 09:47:36 GMT

Hi,

To my knowledge for information about users connection times / bandwith usage / etc you will need a separate software to get that information.

If not that, you will have to send the ASAs logs to a syslog server and collect and filter the data from there with some method.

I've considered configuring a some of ours ASAs only used for VPN to only send VPN related log messages (to make the syslog easier to read through and faster to filter through) but I havent still gotten into doing that. I would also have to determine if I can configure separate logging rules for different destination servers.

- Jouni

How to configure Logging for remote access vpn

prashantrecon — Tue, 17 Apr 2012 10:19:03 GMT

we do have syslog server but it takes to much of time to observe the logs.And we donot have any separate asa to configure for vpn only.

Please let us know the softaware for that info

Re: How to configure Logging for remote access vpn

Jouni Forss — Tue, 17 Apr 2012 10:23:44 GMT

Hi,

The programs/software mentioned to me when I asked our Cisco contact was Cisco Security Manager 4.1 and a third party software called Extraxi

I'd imagine using either software to their full extent will cost you.

Though I still imagine you would have other options. As I said, I havent setup any similiar setup in my own work yet.

- Jouni

Re: How to configure Logging for remote access vpn

mvsheik123 — Tue, 17 Apr 2012 11:26:33 GMT

Hi Prashant,

Assuming syslog server getting all the necessary log information from ASA and if you have a SQL server that can pull data from syslog server, you can have your dba a write a script that creats a table with all the VPN related information from syslog. The table will be populated with only related messages from ASA IP- so rest will not be included.

We did the similar implementation recently -as our management wants to know who, what time and how long remote users connected via vpn & citrix (for security reasons). We do not pull error messages into table -as we mainly need login & logout time etc. Few of the message IDs you may want to log...

%PIX|ASA-7-713160: Remote user (session Id - id) has been granted access by the Firewall Server

> %PIX|ASA-3-713161: Remote user (session Id - id) network access has been restricted by the Firewall Server

> %PIX|ASA-3-713162: Remote user (session Id - id) has been rejected by the Firewall Server

> %PIX|ASA-3-713163: Remote user (session Id - id) has been terminated by the Firewall Server

Check with ASA IOS version doc for proper message Ids.

This way you do not need to spend fortune except your DBA's time .

hth