Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2790
Views
10
Helpful
7
Replies

SSL Webvpn session logging on IOS router

Go to solution
ronald.tuns
Level 1
Level 1

‎12-05-2016 04:50 AM

Hi everyone,

I would like to log the following to a syslog server regarding VPN connections to an IOS router:

- username

-time of login

-time of logout (or duration of session)

I have managed to set up a syslog server and thanks to the commands 'debug webvpn aaa' and 'login on-success log' the login events are monitored successful.

What I would also like to log is the time of logout or the duration of the VPN session. Does anyone know if there is some kind of a 'logout on-success' command available to log this to the syslog server ?

Thanks for your help in advance!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ronald.tuns
Level 1
Level 1
In response to Mohammed al Baqari

‎01-13-2017 05:28 AM

Thanks for your information everyone.

I have managed to create a workaround by submitting 'loggin enable' on the webvpn context.

This (among other things) logs:

UTC: %SSLVPN-5-SESSION_TERMINATE: vw_ctx: CTX vw_gw: GW2 remote_ip: 1.1.1.1 user_name: testvpn reason: session expired

For me that is sufficient information to see when a user logged out.

View solution in original post

7 Replies 7

Go to solution
ronald.tuns
Level 1
Level 1

‎01-09-2017 06:27 AM

Anyone ?

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to ronald.tuns

‎01-09-2017 09:09 PM

If your authentication is local then can't be done. If your authentication is ACS/ISE, the you send configure radius accounting to capture session details.

0 Helpful

Go to solution
ronald.tuns
Level 1
Level 1
In response to Mohammed al Baqari

‎01-13-2017 05:28 AM

Thanks for your information everyone.

I have managed to create a workaround by submitting 'loggin enable' on the webvpn context.

This (among other things) logs:

UTC: %SSLVPN-5-SESSION_TERMINATE: vw_ctx: CTX vw_gw: GW2 remote_ip: 1.1.1.1 user_name: testvpn reason: session expired

For me that is sufficient information to see when a user logged out.

Go to solution
anmo
Level 1
Level 1
In response to ronald.tuns

‎01-10-2018 02:10 AM

Thank you Ronald. I tried "loggin enable" under webvpn context and it works.
I was able to get the logs relates to webvpn.
0 Helpful

Go to solution
ronald.tuns
Level 1
Level 1
In response to anmo

‎01-10-2018 02:30 AM

Hi anmo,

 

Great that it worked out for you as well!

 

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-09-2017 04:56 PM

Not that I am aware of. IOS SSLVPN is very sparse when it comes to syslog. Most of the information needs to be obtained from one of the following debugs:

debug webvpn aaa

debug webvpn tunnel

If using Radius for user authentication, you can use radius and aaa accounting debugs to receive user session information either from the router or the AAA server. Unfortunately, local authentication does not give too much of information.

0 Helpful

Go to solution
Farhan Mohamed
Cisco Employee
Cisco Employee

‎01-18-2017 07:37 AM

If your authentication is local then can't be done. If your authentication is ACS/ISE, the you send configure radius accounting to capture session details.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents