cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2934
Views
10
Helpful
7
Replies

SSL Webvpn session logging on IOS router

ronald.tuns
Level 1
Level 1

Hi everyone,

I would like to log the following to a syslog server regarding VPN connections to an IOS router:

- username

-time of login

-time of logout (or duration of session)

I have managed to set up a syslog server and thanks to the commands 'debug webvpn aaa' and 'login on-success log' the login events are monitored successful.

What I would also like to log is the time of logout or the duration of the VPN session. Does anyone know if there is some kind of a 'logout on-success' command available to log this to the syslog server ?

Thanks for your help in advance!

1 Accepted Solution

Accepted Solutions

Thanks for your information everyone.

I have managed to create a workaround by submitting 'loggin enable' on the webvpn context.

This (among other things) logs:

UTC: %SSLVPN-5-SESSION_TERMINATE: vw_ctx: CTX vw_gw: GW2 remote_ip: 1.1.1.1 user_name: testvpn reason: session expired

For me that is sufficient information to see when a user logged out.

View solution in original post

7 Replies 7

ronald.tuns
Level 1
Level 1

Anyone ?

If your authentication is local then can't be done. If your authentication is ACS/ISE, the you send configure radius accounting to capture session details.

Thanks for your information everyone.

I have managed to create a workaround by submitting 'loggin enable' on the webvpn context.

This (among other things) logs:

UTC: %SSLVPN-5-SESSION_TERMINATE: vw_ctx: CTX vw_gw: GW2 remote_ip: 1.1.1.1 user_name: testvpn reason: session expired

For me that is sufficient information to see when a user logged out.

Thank you Ronald. I tried "loggin enable" under webvpn context and it works.
I was able to get the logs relates to webvpn.

Hi anmo,

 

Great that it worked out for you as well!

 

Rahul Govindan
VIP Alumni
VIP Alumni

Not that I am aware of. IOS SSLVPN is very sparse when it comes to syslog. Most of the information needs to be obtained from one of the following debugs:

debug webvpn aaa

debug webvpn tunnel

If using Radius for user authentication, you can use radius and aaa accounting debugs to receive user session information either from the router or the AAA server. Unfortunately, local authentication does not give too much of information.

Farhan Mohamed
Cisco Employee
Cisco Employee

If your authentication is local then can't be done. If your authentication is ACS/ISE, the you send configure radius accounting to capture session details.