Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3879
Views
5
Helpful
3
Replies

Anyconnect and Hostscan logging

pronin_sergey
Level 1
Level 1

‎06-05-2015 06:22 AM - edited ‎03-10-2019 10:47 PM

Hello guys,

 

I have a running ASA with Anyconnect and HostScan. We use DAP policies to terminate the connections from various OSes, checking for keys in win registry and etc.

 

Now I would like to somehow log all possible parameters gathered by Hostscan on ASA. For instance:

- OS version

- MAC address

- BIOS serial number

and so on.

Is there a way to do this?

 

--

Sergey

Labels:
0 Helpful
3 Replies 3

pronin_sergey
Level 1
Level 1

‎06-08-2015 04:39 AM

Hello,

 

anyone? I don't believe that it is just me, who wants to get as much info as possible from users.

This info could be perfectly used in SIEM.

0 Helpful

pronin_sergey
Level 1
Level 1
In response to pronin_sergey

‎06-09-2015 06:37 AM

Found the solution.

In ASDM do the following:

Configuration -> Device management -> Logging -> Logging Filters

 

Choose logging destination you need, then in Syslog from Specific Event Classes do:

Event class: dap

Severity: debugging 

 

Then in logs you'll see smth like this:

Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.version="Linux"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.servicepack="3.19.0-15-generic"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.architecture="x86"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.policy.location="Default"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.device.protection="none"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.device.protection_version="3.1.08009"

TheSlyOne
Level 1
Level 1
In response to pronin_sergey

‎04-15-2020 05:59 AM

Apparently there are two of us  ;)

0 Helpful
Top