cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16591
Views
10
Helpful
2
Replies
Highlighted
Beginner

Cisco ASA 5510 VPN login history

Hi,

I'm happy owner of Cisco ASA 5510 I would like to get log-in history of VPN logins.

We are authenticating against Active Directory.

How can I get and setup of logging all login/logout operations to syslog or other system?

Thanks                  

2 REPLIES 2
Highlighted

Hi Tibor,

What you can do is this:

1- Turn on logging at debugging level.

2- Connect and disconnect a VPN client.

3- Look for the specific Iog entries and extract the log ID.

4- Then set up syslog and only send the specific messages.

For instance:

logging enable

logging buffer-size 1048576

logging class auth buffered debugging

logging class vpn buffered debugging

!

#  Here you connect and disconnect the client #

!

!

#  Run the "show log" command and find the specific logs:

!

%ASA-6-113039: Group User IP <172.16.250.18> AnyConnect parent session started.

%ASA-4-113019: Group = cisco, Username = cisco, IP = 172.16.250.18, Session disconnected. Session Type: SSL, Duration: 0h:00m:06s, Bytes xmt: 10524, Bytes rcv: 775, Reason: User Requested

!

# Then adjust the logging settings according to this logs, remove the previous configuration.

!

!

logging enable

logging list VPN message 113039

logging list VPN message 113019

logging host inside 1.1.1.1 --> This means that your server can be reached via the inside interface.

logging trap VPN

By doing this, you will only send the specific connection ID for AnyConnect clients.

HTH.

Please rate any helpful posts and mark this post as answered if you do not have any further questions

Highlighted

Thank you a loooot Mr. Javier.
It's a good idee that you mentioned. I taked a looot of time to find this solution.

Best regrads

Content for Community-Ad