Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1101
Views
0
Helpful
4
Replies

How to log anyconnect sessions in syslog? I am looking for the total active user count

KEN COUSINO JR.
Level 1
Level 1

‎03-13-2020 01:21 PM

I have a Cisco ASA 5525 and we are have users connecting with AnyConnect.  I can look at the ASDM and get the current active users sessions.  I am looking to send that info to syslog but I am not sure what my config should look like.  I am looking a quick snapshot of the current connected users.

Any help would be appreciated.

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2020 09:11 PM

You can get logon and logoff events in syslog but not the count of current users. That would have to be derived from the events or queried (via SNMP).

0 Helpful

KEN COUSINO JR.
Level 1
Level 1
In response to Marvin Rhoads

‎03-14-2020 02:36 AM

Marvin,
Thanks for the reply. As I am new to SNMP settings. What would the
commands be for doing an SNMP query or for that matter how would you grab
it with events?
Thanks,

Ken
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to KEN COUSINO JR.

‎03-14-2020 07:08 AM

@KEN COUSINO JR. when a user connects (and disconnects) to the VPN a syslog message is generated. Those messages aren't usually very interesting to us unless we are troubleshooting or doing a forensic investigation.

As @Cristian Matei noted, ASDM is pulling information from the ASA via executing a command. You can create a script (either externally or on the ASA itself) to run the same command and track the results at points in time.

Similarly there is an SNMP OID that tells us the number of VPN users. I don't know the OID variable off the top of my head as I have typically relied on tools (such as PRTG, SolarWinds NPM etc.) to do that for me.

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-14-2020 02:12 AM

Hi,

 

    In order to send something to a syslog server, it needs to respect a certain format in order to be readable, thus it needs to be a log message on the device sending it. When VPN sessions go up/down, there is a log message, thus it can be sent to the syslog server. What you're looking at in ASDM, the number and type and details of VPN sessions, is the result of a corresponding CLI command and its options (show vpn-sessiondb), not the result of a log message, thus this information cannot be sent to a syslog server.

   If you're interested on these statistics at certain points in time, you could configure an EEM script to run the proper "show vpn-sessiondb" commands at regular intervals, and put the output on a local file, or on a remote TFTP/FTP server, so that whenever you want to see those statistics, you'll just look into that file. Here's a good guide for EEM on ASA:

 

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117883-config-eem-00.html#anc18

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents