I'm amazed any type of usage reporting does not exist, whether thru Cisco, third-party, or home-grown. Is reporting of successful connection sessions just not possible?????

This is a question we had about a month ago. The easiest way to pull the data you want from the C3000 concentrator is to write the log files to an FTP Server and parse the log files with a script to a Database.

Although it sounds difficult is quite easy. Here is how ours works.

The C3030 writes log files (Usually 170kb each) to an FTP Server.

Our (W2K) Web Server runs a PERL script twice a day which does a few things:

1. Parse every file in the FTP directory looking for any line with a "Disconnect" in it. This line is important as it contains the Username, Duration, XMBytes, TXBytes... All the User Data you might be interested in.

2. Writes each parsed line into a Microsoft Database (Using SQL statements).

3. After parsing each file, it moves the file to an Archive directory so it isn't parsed twice.

There is a 2nd Script I wrote which produces HTML Reports on Usage from the Database file. The Reports can be customized to produce durations (Last Day, week, month, year) you like.

NOTE: Group Name is contained in a separate Log Entry, which show prior to the "Disconnect" I am interested in. You could parse for both lines if you like. Here are the two sample lines we are interested in:

35353 08/02/2002 11:58:22.760 SEV=5 IKE/50 RPT=536 12.65.54.9 Group [DrcUser] User [drc\larry smith]Connection terminated for peer drc\larry smith (Peer Terminate)Remote Proxy 1.2.3.4 Local Proxy 4.3.2.0

35356 08/02/2002 11:58:22.760 SEV=4 AUTH/28 RPT=201 12.65.54.9 User [drc\larry smith] disconnected: Duration: 0:01:47 Bytes xmt: 4968 Bytes rcv: 11528 Reason: User Requested

Steve , there's a couple of ways you can accomplish this.

1) Send your VPN 3000 logs to an FTP/Syslog server.

Interesting events are those in AUTH, IKE, and IKEDBG. For the most part level 6 events are enough for what you want. There are specific events that tell you what you are looking for, see examples below:

417 10/24/2002 07:52:21.450 SEV=4 IKE/52 RPT=52 x.y.z.a

Group [Unity] User [carvalheda]

User (carvalheda) authenticated.

791 10/24/2002 00:15:54.870 SEV=5 IKE/184 RPT=592 x.y.z.a

Group [remote] User [willy]

Client OS: WinNT

Client Application Version: 3.61(Rel)

803 10/24/2002 00:15:56.140 SEV=9 IKEDBG/31 RPT=579 x.y.z.a

Group [remote] User [willy]

Obtained IP addr (161.44.128.52) prior to initiating Mode Cfg (XAuth enabled)

(the Assigned IP address)

649 10/24/2002 07:52:22.770 SEV=4 IKE/120 RPT=72 x.y.z.a

Group [Unity] User [carvalheda]

PHASE 2 COMPLETED (msgid=61fc8407)

(this event means the tunnel/user is connected)

21 10/24/2002 00:15:47.850 SEV=4 AUTH/28 RPT=574 x.y.z.a

User [willy] disconnected:

Duration: 0:53:29

Bytes xmt: 2706280

Bytes rcv: 366336

Reason: User Requested

2) a second way is via SNMP Get/GetNext request on the following

VPN 3000 (Altiga) private mib table.

.iso.org.dod.internet.private.enterprises.altigaRoot.altigaGeneric.

altigaMib.altigaStats.alStatsSession.alActiveSessionTable.alActiveSessionEntry

( OID .1.3.6.1.4.1.3076.2.1.2.17.2.1 )

alActiveSessionUsername- authenticated user names

alActiveSessionIpAddress- Assigned IP address

alActiveSessionConnectTime- tunnel duration

alActiveSessionGroupName- group name

Hope this helps.

Nelson.

Try PrivateI from Network Intelligence Corp.

www.network-intelligence.com