Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5386
Views
5
Helpful
3
Replies

how to get username, hostname and OS info from anyconnect client

Go to solution
ismailsh12
Level 1
Level 1

‎10-23-2020 09:28 AM

I would like to know if there was a way to collect username, hostname and operating system info from our anyconnect users.  Currently we have syslog enabled that tells us what time users connected etc but we would like to get more info like the hostname and OS of the computer that is initiating the anyconnect connection to our headend ASA.

 

Thanks.

Labels:
3 Accepted Solutions

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎10-23-2020 10:27 AM

Hi,


If you use external radius server such as ISE, ASA sends this info in
radius access request which are parsed by ISE.

Otherwise, you can forward radius messages to syslog server but you need to
write custom normalization rules to parse the fields.

Anyconnect syslog messages don't include these details.

*** please remember to rate useful posts

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-25-2020 03:34 AM

You can get the information from syslog messages if you use a Dynamic Access Policy (DAP). The DAP debug messages will have all of those details and more. You can override their severity level and get them as alerts (or whatever level message you like) to forward to your syslog server.

View solution in original post

0 Helpful

Go to solution
vsurresh
Level 1
Level 1

‎10-29-2020 11:50 AM

Hi, Ismail.

 

You can use the command show vpn-sessiondb detail anyconnect filter name user1 to get information about the OS and AnyConnect Version. If you have a syslog server, you can use the syslog ID of 722055 to search for this information. 

 

ASA# show vpn-sessiondb detail anyconnect filter name user1 | incl Client

Client OS    : mac-intel              
Client OS Ver: 10.13.6                
Client Type  : AnyConnect
Client Ver   : Cisco AnyConnect VPN Agent for Mac OS X 4.7.04056
Client OS    : Mac OS X               
Client Type  : SSL VPN Client
Client Ver   : Cisco AnyConnect VPN Agent for Mac OS X 4.7.04056
Client OS    : Mac OS X               
Client Type  : DTLS VPN Client
Client Ver   : Cisco AnyConnect VPN Agent for Mac OS X 4.7.04056

https://packetswitch.co.uk/cisco-asa-useful-commands/

 

Please let me know if you need more information.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎10-23-2020 10:27 AM

Hi,


If you use external radius server such as ISE, ASA sends this info in
radius access request which are parsed by ISE.

Otherwise, you can forward radius messages to syslog server but you need to
write custom normalization rules to parse the fields.

Anyconnect syslog messages don't include these details.

*** please remember to rate useful posts
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-25-2020 03:34 AM

You can get the information from syslog messages if you use a Dynamic Access Policy (DAP). The DAP debug messages will have all of those details and more. You can override their severity level and get them as alerts (or whatever level message you like) to forward to your syslog server.

0 Helpful

Go to solution
vsurresh
Level 1
Level 1

‎10-29-2020 11:50 AM

Hi, Ismail.

 

You can use the command show vpn-sessiondb detail anyconnect filter name user1 to get information about the OS and AnyConnect Version. If you have a syslog server, you can use the syslog ID of 722055 to search for this information. 

 

ASA# show vpn-sessiondb detail anyconnect filter name user1 | incl Client

Client OS    : mac-intel              
Client OS Ver: 10.13.6                
Client Type  : AnyConnect
Client Ver   : Cisco AnyConnect VPN Agent for Mac OS X 4.7.04056
Client OS    : Mac OS X               
Client Type  : SSL VPN Client
Client Ver   : Cisco AnyConnect VPN Agent for Mac OS X 4.7.04056
Client OS    : Mac OS X               
Client Type  : DTLS VPN Client
Client Ver   : Cisco AnyConnect VPN Agent for Mac OS X 4.7.04056

https://packetswitch.co.uk/cisco-asa-useful-commands/

 

Please let me know if you need more information.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents