Anyconnect and Hostscan logging

pronin_sergey · ‎06-05-2015

Hello guys,

I have a running ASA with Anyconnect and HostScan. We use DAP policies to terminate the connections from various OSes, checking for keys in win registry and etc.

Now I would like to somehow log all possible parameters gathered by Hostscan on ASA. For instance:

- OS version

- MAC address

- BIOS serial number

and so on.

Is there a way to do this?

--

Sergey

pronin_sergey · ‎06-08-2015

Hello,

anyone? I don't believe that it is just me, who wants to get as much info as possible from users.

This info could be perfectly used in SIEM.

pronin_sergey · ‎06-09-2015

Found the solution.

In ASDM do the following:

Configuration -> Device management -> Logging -> Logging Filters

Choose logging destination you need, then in Syslog from Specific Event Classes do:

Event class: dap

Severity: debugging

Then in logs you'll see smth like this:

Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.version="Linux"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.servicepack="3.19.0-15-generic"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.os.architecture="x86"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.policy.location="Default"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.device.protection="none"
Jun  9 16:30:14 ASA_INSTANCE %ASA-7-734003: DAP: User USERNAME, Addr 1.2.3.4: Session Attribute endpoint.device.protection_version="3.1.08009"

TheSlyOne · ‎04-15-2020

Apparently there are two of us ;)