Thanks so much for your

firefox111_2000 · ‎03-03-2011

Hello. We are using the ASA 5520 as Firewall and VPN gateway for remote access by employees and vendors. Is there a way to view a history of VPN user logins?

We used to have (or we still have but no longer using it) th CVPN 3005. This device keeps log files of all activities. I miss having this capability in the ASA 5520.

Thanks for any suggestions on what to do to capture VPN logins in the ASA5520.

Todd Pula · ‎03-03-2011

You could enable accounting and send connection information to a RADIUS server for historical purposes. If you are looking to view real-time active sessions details, you can utilize the "sh vpn-sessiondb" command from the CLI. The same details can also be viewed from the Monitoring tab within ASDM.

Todd

firefox111_2000 · ‎03-03-2011

Thanks. I will look for configuration setting on how to enable accounting in ASDM. Is this just for VPN activity or will it enable all activity? If it is for all, this is going to be huge!

firefox111_2000 · ‎03-03-2011

How is this done in ASDM? Thanks.

firefox111_2000 · ‎03-03-2011

Found it! Thanks.

luisepulveda · ‎12-29-2015

Is there anyway to enable the accounting of users to a syslog server?

Richard Burts · ‎12-29-2015

Probably we need to be careful about terminology as we attempt to answer this. If you are truly looking for accounting records then syslog is not the way to achieve it. If you want to achieve a method in which you can find records that show that a user did login and use the Remote Access VPN then you should be able to achieve this using syslog. I implemented AnyConnect for a customer who had this requirement to identify user login to AnyConnect. I configured the ASA to send syslog to their server. Using tools on the server we could search the logs and find records that did identify user access via AnyConnect (I would frequently search for the log record where the user was assigned an IP address and we could then look for activity relative to that address).

HTH

Rick

HTH

Rick

jjohnson36 · ‎04-18-2016

Richard,

I have ASA 5540. How would you setup a log file where the user was assigned an IP address and then we could look for activity relative to that address? I would like the log file to be sent to the syslog server.

Please let me know if you need additional information.

Thanks.

Richard Burts · ‎04-19-2016

I am not clear whether you are asking how to set up a log file or are asking how to send the syslog records to a syslog server. Can you clarify what is the question?

HTH

Rick

HTH

Rick

jill.johnson · ‎04-19-2016

Thanks so much for your prompt response, Richard. I am asking to send the syslog records to a syslog server.

Please let me know if you have any questions or need additional information.

Thanks.

Richard Burts · ‎04-19-2016

logging host inside 192.168.2.5

HTH

Rick

HTH

Rick

jill.johnson · ‎04-19-2016

Thanks so much for your prompt response, Richard. May I ask you another question? My Syslog server is old. I want to upgrade it. Do you know of a good product? Thanks.

Richard Burts · ‎04-19-2016

Syslog server is not in my area of real expertise. Perhaps other readers in the forum are better equipped to make suggestions than I am.

HTH

Rick

HTH

Rick

jill.johnson · ‎04-19-2016

Thanks Richard.

Marvin Rhoads · ‎04-19-2016

Syslog servers are pretty generic. A daemon on a Linux host can suffice to capture the plain text messages in a flat file.

If you're a Windows person, there is the SolarWinds Kiwi syslog server. It comes in a free version (basic capabilities with a GUI) and paid version (lets you filter and customize etc.). If you have the higher end SolarWinds NPM, it also includes these features.

ASA 5520 VPN User Login History.