https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532695#M493017 <HTML><HEAD></HEAD><BODY><P>We’re currently (and have been) able to log VPN access through our firewall for our IPSEC clients via RADIUS in MS InternetAuthentication Service (IAS) on our domain controller.&nbsp; However, moving forward with LDAP authentication, we need a replacement for this functionality.&nbsp; We need to log account, IP address, start and stop times.&nbsp; I’ve done a quick Internet search of ASA Logging (VPN) without success.&nbsp; I’ve also tried to find a place to configure this in ASDM on theASA without success.&nbsp; Is this possible without 3<SUP>rd</SUP> partysoftware via ASDM?&nbsp; If not, what scripting 3<SUP>rd</SUP> party tools would you recommend?</P></BODY></HTML> Wed, 16 Nov 2011 16:23:13 GMT kardos420 2011-11-16T16:23:13Z https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532695#M493017 <HTML><HEAD></HEAD><BODY><P>We’re currently (and have been) able to log VPN access through our firewall for our IPSEC clients via RADIUS in MS InternetAuthentication Service (IAS) on our domain controller.&nbsp; However, moving forward with LDAP authentication, we need a replacement for this functionality.&nbsp; We need to log account, IP address, start and stop times.&nbsp; I’ve done a quick Internet search of ASA Logging (VPN) without success.&nbsp; I’ve also tried to find a place to configure this in ASDM on theASA without success.&nbsp; Is this possible without 3<SUP>rd</SUP> partysoftware via ASDM?&nbsp; If not, what scripting 3<SUP>rd</SUP> party tools would you recommend?</P></BODY></HTML> Wed, 16 Nov 2011 16:23:13 GMT https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532695#M493017 kardos420 2011-11-16T16:23:13Z https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532696#M493019 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>There are two vehicles available for logging user sessions.&nbsp; The method that makes most sense is to continue to use RADIUS accounting. This can be used even if the authentication method is no longer RADIUS.&nbsp; The other option is to leverage syslog for this purpose, but that is a lot less desirable as normal commercial products will not parse these syslog messages in to a useful format for running reports.</P><P></P><P>Hope this helps!</P></BODY></HTML> Thu, 17 Nov 2011 23:04:00 GMT https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532696#M493019 stsong 2011-11-17T23:04:00Z https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532697#M493020 <HTML><HEAD></HEAD><BODY><P>Syslog-ng can be used for capturing syslog and you can use scripts to pull information out of general logs into a usable format, requires some basic linux scripting ability.&nbsp; Solarwinds Kiwi Syslog is a windows based tool that has some basic filtering that is more of a point and click gui.</P><P></P><P>-d</P></BODY></HTML> Fri, 27 Apr 2012 16:26:31 GMT https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532697#M493020 doedelmo 2012-04-27T16:26:31Z https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532698#M493022 <HTML><HEAD></HEAD><BODY><P>You could also deploy CD-Agent (AD_Agent) and configure your ASA for Identity Firewall.</P><P></P><P>This would allow mapping of user to IP, and you could then correallte Radius Start_Stop, with the Identity FW Logs.</P><P></P><P></P><P>For information just google "ASA Identity Firewall with AD Agent"</P></BODY></HTML> Mon, 19 Aug 2013 19:29:15 GMT https://community.cisco.com/t5/network-security/asa-vpn-logging/m-p/3532698#M493022 leciscokid 2013-08-19T19:29:15Z