cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
213
Views
0
Helpful
1
Replies

asa loggin vpn access

battanc
Level 1
Level 1

hi all,

I have a client who wants to trace all logon / logoff events on the VPN client. 
The LOG of the ASA is very verbose and it becomes difficult to identify interesting events inside.

Does anyone know if there is some post-processing software that can extract the "interesting" data and generate a periodic report?

Best regargs

Claudio

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

You can identify the logon and logoff syslog entries (e.g. 611101 and 611103 (click for details) are a good start) and create a logging message list that only includes them. You then send the syslog messages to an external server using the logging trap <message list> option. The Configuration Guide covers these options here.

The external server could be a commercial syslog product (e.g. Kiwi syslog server) or a simple Linux host running rsyslogd. The commercial products will have the nice things like being able to create and email reports. The Linux option will have a simple text file that you can review.