09-10-2021 03:35 AM
Hello.
I have been asked to setup logging of successful logins for our Remote VPN users, We have a Cisco ASA firewall running ASA 9.18 acting as the VPN gateway, users use Cisco AnyConnect to establish the VPN connection, logging between the ASA and the syslog server is up and we are getting log messages from the ASA, however, i do not see log messages for user logins on the VPN, the close message that i getting is the log message below but it seems not enough to indicate a successful authentication.
Sep 10 2021 12:21:10 NBS-BT-DC-ASA5516-INTRA-SERVICE : %ASA-5-722033: Group <GroupPolicy_NBS_APN> User <Changaya.g> IP <10.0.205.130> First UDP SVC connection established for SVC session
Is there another way i can a log message that clearly states a successful user login?
Regards.
09-10-2021 03:49 AM
check this thread fully explained :
https://community.cisco.com/t5/vpn/how-to-log-anyconnect-sessions-in-syslog/td-p/2928030
09-10-2021 03:51 AM
The following syslog messages are for succesful authentication, either using local database or aaa (radius).
%ASA-6-113012: AAA user authentication Successful : local database : user = user1
%ASA-6-113004: AAA user authentication Successful : server = 192.168.10.10 : user = user1
Use a logging list referencing the message ID above to send a message to console, syslog etc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide