11-26-2012 08:34 AM
Hi,
I'm happy owner of Cisco ASA 5510 I would like to get log-in history of VPN logins.
We are authenticating against Active Directory.
How can I get and setup of logging all login/logout operations to syslog or other system?
Thanks
11-26-2012 01:14 PM
Hi Tibor,
What you can do is this:
1- Turn on logging at debugging level.
2- Connect and disconnect a VPN client.
3- Look for the specific Iog entries and extract the log ID.
4- Then set up syslog and only send the specific messages.
For instance:
logging enable
logging buffer-size 1048576
logging class auth buffered debugging
logging class vpn buffered debugging
!
# Here you connect and disconnect the client #
!
!
# Run the "show log" command and find the specific logs:
!
%ASA-6-113039: Group
%ASA-4-113019: Group = cisco, Username = cisco, IP = 172.16.250.18, Session disconnected. Session Type: SSL, Duration: 0h:00m:06s, Bytes xmt: 10524, Bytes rcv: 775, Reason: User Requested
!
# Then adjust the logging settings according to this logs, remove the previous configuration.
!
!
logging enable
logging list VPN message 113039
logging list VPN message 113019
logging host inside 1.1.1.1 --> This means that your server can be reached via the inside interface.
logging trap VPN
By doing this, you will only send the specific connection ID for AnyConnect clients.
HTH.
Please rate any helpful posts and mark this post as answered if you do not have any further questions
01-12-2017 01:45 AM
Thank you a loooot Mr. Javier.
It's a good idee that you mentioned. I taked a looot of time to find this solution.
Best regrads
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide