Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
60844
Views
21
Helpful
16
Replies

How to log anyconnect sessions in syslog?

rarao_zealot
Level 1
Level 1

‎07-16-2016 04:59 AM - edited ‎02-21-2020 08:53 PM

I would like to know if it is possible to setup my ASA running 9.4 to log events from when my users connect and disconnect the anyconnect vpn client. There was a security issue with one of our remote systems and able to find who had that IP address but unable to find the user with MAC address with that IP address.

syslog# :

When user logs on: syslog# 716001

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4776913

When user logs off: syslog# 716002

You might want to look through the list on syslog# 716xxx as they are all related to SSL VPN, you might be interested in some of them.

who had that IP address during that time.

The IP Pool is defined on the ASA as well, so it is nice to have the following information:

userID connected

userID disconnected

IP address associated with connection

I want to knew that, is there any possibility to find the syslog with details of IP address and MAC address of the specific user.Can anyone help me on this query as soon as possible.

Thanks & Regards,

Apparao.

2 people had this problem
Labels:
0 Helpful
16 Replies 16

tiwang
Level 3
Level 3

‎10-22-2019 05:57 AM

hi out there

I have the same "problem" - even though it looks pretty simple it gives me a bit of a headache - I am running Cisco ASA (FPR-2120 running ASA OS 9.9(2)27 ) and using this purely for Cisco AnyConnect VPN service - with the AnyConnect client.

I get the logoff event but not the logon ?? - even though I get the length of the session so I could calculate when the user has logged on it would be "nicer" if I also could get the logon event? - anyone out there which successfully has got logon & logoff events logged to a syslog server from a ASA ?

0 Helpful

mike.ponder84
Level 1
Level 1
In response to tiwang

‎11-07-2020 05:03 PM

#strictly connects

logging list VPN-USER-CONNECT message 722051

#strictly disconnects
logging list VPN-USER-DISCONNECT message 722012

#my attempt at capturing both using a range
logging list VPN-CONNECTIONS message 722012-722051

#apply
logging console VPN-CONNECTIONS
logging buffered VPN-CONNECTIONS
logging trap VPN-CONNECTIONS
logging asdm VPN-CONNECTIONS

0 Helpful
Customers Also Viewed These Support Documents