Recommendations for AnyConnect VPN usage reporting?

Christopher Ursich · ‎06-29-2010

I am implementing AnyConnect VPN in my organization. What are recommendations for reporting tools? For administration and support, it would be useful to have reports of things like:

Average & peak user counts
Most recent log-on by a given user

I know that ASDM has live data, and that I could use a tool like MRTG to produce my own graphs, but is there an existing, popular software package that is designed for the ASA or AnyConnect VPN to do this?

Thanks,

Chris Ursich

JORGE RODRIGUEZ · ‎07-02-2010

For non cisco product you can look into Firewall Analizer from Manage Engine http://www.manageengine.com/products/firewall/ excellent reporting tool brakes down traffic traversin the firewall VPN or regular traffic in a very nice graphical fasion , including VPN users logins reports . .. it support Cisco firewall devices , you can try their demo. There may be other products out there that may be free , Im not aware of one , do a google search.

Cisco Security manager seems to be good solution personally have not used it http://www.cisco.com/en/US/products/ps6498/index.html

Regards

Jorge Rodriguez

Jorge Salas · ‎07-02-2010

Use logging for a simple monitoring tool:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

Every event in the ASA is monitored, so create a list and monitor only the events that you want: user connection, user disconnection, etc

Go to the "advanced syslog" section of the article and check the example, also check "Capture VPN Traffic Syslog Messages" change the class to webvpn or SVC I think...

if you want to know the syslog messages that you want to watch go to the document "Cisco Security Appliance System Log Messages"

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html

Of course logging is not a monitoring tool it is just an information tool, but at least you can monitor simple events.