Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1083
Views
5
Helpful
7
Replies

Syslog server for vpn sessions

Go to solution
foued kh
Level 1
Level 1

‎01-04-2017 05:46 AM

Hi all,

Please, can you recommand for me an open source tool that I can use to redirect syslog from cisco asa so I can show vpn sessions with some details from any date and any time I suggest

Thank you in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to foued kh

‎01-05-2017 07:53 AM

You can export as a CSV file from Graylog:

http://docs.graylog.org/en/2.1/pages/auditlog/usage.html?highlight=csv

With ELK Stack there's a plug-in that enables this functionality:

https://github.com/minewhat/es-csv-exporter

However if your data set is so small that Excel is your analysis tool, you are probably fine with the plain text files that free Kiwi saves. It's trivial to parse them in Excel and make a macro if it's something you need to do regularly.

View solution in original post

7 Replies 7

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎01-04-2017 11:26 AM

Pretty much every Linux distribution comes with syslog included.  I prefer Ubuntu myself.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-04-2017 09:33 PM

Not open source but free is the free version of SolarWinds Kiwi Syslog Server. I have used this in conjunction with tweaking the log settings on the ASA to elevate the severity level of VPN login/logout to critical (default in informational if I recall correctly) so that I can log only critical messages and then a very small set of log event on my syslog server showing mostly VPN events.

0 Helpful

Go to solution
foued kh
Level 1
Level 1
In response to Marvin Rhoads

‎01-05-2017 07:23 AM

Thank you Mr. Marvin,

I agree with you about using kiwi as a syslog server but I want to khnow is ; kiwi can it reload logs from any time and any date that I want (I mean for example loading logs from last month or last two months) ?

Thank you in advance

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to foued kh

‎01-05-2017 07:28 AM

You're welcome.

The free Kiwi server will archive syslog messages as flat files, one file per day. You search old messages by opening up the files in a text editor.

The paid version uses a database with user-selectable retention time. It's limited mostly by your storage capacity (although if you are generating a large volume of messages the database might get slow after some time).

If you have high end requirements you might be better served by something like ELK Stack or Graylog server (both open source) or Splunk (licensed product and potentially very expensive).

0 Helpful

Go to solution
foued kh
Level 1
Level 1
In response to Marvin Rhoads

‎01-05-2017 07:43 AM

Thank you Mr. Marvin but I need a tool that can generate log message in excel file. Graylog and ELK do that or not?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to foued kh

‎01-05-2017 07:53 AM

You can export as a CSV file from Graylog:

http://docs.graylog.org/en/2.1/pages/auditlog/usage.html?highlight=csv

With ELK Stack there's a plug-in that enables this functionality:

https://github.com/minewhat/es-csv-exporter

However if your data set is so small that Excel is your analysis tool, you are probably fine with the plain text files that free Kiwi saves. It's trivial to parse them in Excel and make a macro if it's something you need to do regularly.

Go to solution
foued kh
Level 1
Level 1
In response to Marvin Rhoads

‎01-09-2017 02:17 AM

Thank you Mr. Marvin for all clarifications

Best regrads

0 Helpful
Customers Also Viewed These Support Documents