cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
64828
Views
21
Helpful
16
Replies

How to log anyconnect sessions in syslog?

rarao_zealot
Level 1
Level 1

I would like to know if it is possible to setup my ASA running 9.4 to log events from when my users connect and disconnect the anyconnect vpn client. There was a security issue with one of our remote systems and able to find who had that IP address but unable to find the user with MAC address with that IP address.

syslog# :

When user logs on: syslog# 716001

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4776913

When user logs off: syslog# 716002

You might want to look through the list on syslog# 716xxx as they are all related to SSL VPN, you might be interested in some of them.

who had that IP address during that time.

The IP Pool is defined on the ASA as well, so it is nice to have the following information:

userID connected

userID disconnected

IP address associated with connection

I want to knew that, is there any possibility to find the syslog with details of IP address and MAC address of the specific user.Can anyone help me on this query as soon as possible.

Thanks & Regards,

Apparao.