Cisco ASA 5510 VPN login history

Tibor Marchyn · ‎11-26-2012

Hi,

I'm happy owner of Cisco ASA 5510 I would like to get log-in history of VPN logins.

We are authenticating against Active Directory.

How can I get and setup of logging all login/logout operations to syslog or other system?

Thanks

Javier Portuguez · ‎11-26-2012

Hi Tibor,

What you can do is this:

1- Turn on logging at debugging level.

2- Connect and disconnect a VPN client.

3- Look for the specific Iog entries and extract the log ID.

4- Then set up syslog and only send the specific messages.

For instance:

logging enable

logging buffer-size 1048576

logging class auth buffered debugging

logging class vpn buffered debugging

!

# Here you connect and disconnect the client #

!

# Run the "show log" command and find the specific logs:

!

%ASA-6-113039: Group User IP <172.16.250.18> AnyConnect parent session started.

%ASA-4-113019: Group = cisco, Username = cisco, IP = 172.16.250.18, Session disconnected. Session Type: SSL, Duration: 0h:00m:06s, Bytes xmt: 10524, Bytes rcv: 775, Reason: User Requested

!

# Then adjust the logging settings according to this logs, remove the previous configuration.

!

logging enable

logging list VPN message 113039

logging list VPN message 113019

logging host inside 1.1.1.1 --> This means that your server can be reached via the inside interface.

logging trap VPN

By doing this, you will only send the specific connection ID for AnyConnect clients.

HTH.

Please rate any helpful posts and mark this post as answered if you do not have any further questions

foued kh · ‎01-12-2017

Thank you a loooot Mr. Javier.
It's a good idee that you mentioned. I taked a looot of time to find this solution.

Best regrads