Re: Logging remote access VPN user logins

vitumbiko nkhwazi · ‎09-10-2021

Hello.

I have been asked to setup logging of successful logins for our Remote VPN users, We have a Cisco ASA firewall running ASA 9.18 acting as the VPN gateway, users use Cisco AnyConnect to establish the VPN connection, logging between the ASA and the syslog server is up and we are getting log messages from the ASA, however, i do not see log messages for user logins on the VPN, the close message that i getting is the log message below but it seems not enough to indicate a successful authentication.

Sep 10 2021 12:21:10 NBS-BT-DC-ASA5516-INTRA-SERVICE : %ASA-5-722033: Group <GroupPolicy_NBS_APN> User <Changaya.g> IP <10.0.205.130> First UDP SVC connection established for SVC session

Is there another way i can a log message that clearly states a successful user login?

Regards.

balaji.bandi · ‎09-10-2021

check this thread fully explained :

https://community.cisco.com/t5/vpn/how-to-log-anyconnect-sessions-in-syslog/td-p/2928030

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎09-10-2021

@vitumbiko nkhwazi

The following syslog messages are for succesful authentication, either using local database or aaa (radius).

%ASA-6-113012: AAA user authentication Successful : local database : user = user1
%ASA-6-113004: AAA user authentication Successful : server = 192.168.10.10 : user = user1

Use a logging list referencing the message ID above to send a message to console, syslog etc