cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9869
Views
18
Helpful
3
Replies

Reporting for Cisco Anyconnect VPN usage?

josh.goodin
Level 1
Level 1

My director wants a report showing all Anyconnect sessions, who made them, and the duration of the session.  Does anyone know of a solution that would provide this information?

3 Replies 3

Dinesh Moudgil
Cisco Employee
Cisco Employee

Hi josh.goodin,

I have created a sample configuration that you can use to retrieve information pertianing to Anyconnect users session:-

logging enable
logging timestamp
logging list Anyconnect level informational class svc
logging list Anyconnect level informational class ssl
logging list Anyconnect message 113019
logging list Anyconnect message 725002
logging list Anyconnect message 716001
logging list Anyconnect message 716002
logging list Anyconnect message 713228

logging trap Anyconnect
logging host inside <syslog server IP>
logging buffer-size 1048576
logging buffered debugging


For your reference, below messages will be logged and sent to syslog server through which you can gather the relevant details:


1. %ASA-4-113019: Group = group, Username = username, IP = peer_address, Session disconnected. Session Type: type, Duration: duration, Bytes xmt: count, Bytes rcv: count, Reason: reason

2. %ASA-6-725002 Device completed SSL handshake with remote_device interface_name: IP_address/port

3. %ASA-6-716001: Group group User user WebVPN session started.

4. %ASA-6-716002: Group group User user WebVPN session terminated: reason.

5. %ASA-6-713228: Group = group, Username = uname, IP = remote_IP_address Assigned private IP address assigned_private_IP to remote user

Ref link:-
https://supportforums.cisco.com/discussion/11271861/question-how-log-anyconnect-sessions-syslog

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

With a complex load balanced many ASA setup leveraging AnyConnect VPN we need to be able to find which ASA we are connected on at any given time ideally from remote. All we see from remote is which load balanced ASA group we are using under the VPN Statistics Service IP. Is there some way to enable ASA name reporting in the AnyConnect VPN statistics or would that appear (or be made to appear) in some file on the AnyConnect client system or are there options to log that information to syslog similar to what you have logged above?

sagebrazil
Level 1
Level 1

i'm using a tool called VPN TTG, excellent for recording VPN Clients users access and VPN connections. 
ref link - vpnttg dot com.