Hello,

I've got the task to export logon event logs from a CDA server. The log must contain information about the users and their attempts to connect to the domain network via Cisco AnyConnect. No syslog server is in place.

Current scheme of NAC: Cisco AnyConnect -> ASA (-> RADIUS access request) -> CDA <-> Domain Contoller

From the documentation: CDA leverages Active Directory login audit events generated by the Active Directory domain controller to gather user logins information. Actually I thought that I will be able to extract these events from the DC, but even though a corresponding GPO that activates audit logon is enabled, I'm not able to validate whether such logon events were generated by authentication via AnyConnect.

So I think the better way is to extract events from CDA itself. "Mapping of IP Addresses to Identities" and "Live Log" is fine, but 

there's no way to get these logs through web-interface. I tried "copy logs" command and eventually it exported only system logs :( There's also copy ALL command in the documentation:

"Copies all CDA log files from the system to another location. All logs are packaged as cdalogs.tar.gz and transferred to the specified directory on the remote host".

But it doesn't work for me, because possible parameters are only for the config files:

# copy all
running-config startup-config

Cisco Context Directory Agent
---------------------------------------------
Version : 1.0.0.011
Build Date : Tue May 8 19:34:26 2012
Install Date : Mon Jan 22 15:43:54 2018

Any help will be appreciated.