If you log at information level , then you should get all of this.
But if you want to filter them out , Here is the example to obtain all this information:
- Create a logging list with the logging message ID:
logging list VPN-USER-DISCONNECT message 746012
logging list VPN-USER-DISCONNECT message 722051
logging list VPN-USER-DISCONNECT message 746013
logging list VPN-USER-DISCONNECT message 113019
- Apply the logging list to the method you want to generate the logs (buffered, trap, asdm, so on)
When you want to send them via a syslog server:
logging trap VPN-USER-DISCONNECT
logging host inside <ServerIPAddress>
When you want to store them on ASA buffer:
logging buffered VPN-USER-DISCONNECT
- Enable logging and timestamp:
logging enable
logging timestamp
The result of that will be this for example:
Aug 19 2015 10:27:11: %ASA-7-746012: user-identity: Add IP-User mapping 10.10.10.1 - LOCAL\dina Succeeded - VPN user
Aug 19 2015 10:27:11: %ASA-4-722051: Group <DfltGrpPolicy> User <dina> IP <192.168.79.132> IPv4 Address <10.10.10.1> IPv6 address <::> assigned to session
Aug 19 2015 10:27:33: %ASA-7-746013: user-identity: Delete IP-User mapping 10.10.10.1 - LOCAL\dina Succeeded - VPN user logout
Aug 19 2015 10:27:33: %ASA-4-113019: Group = Teams_AAA, Username = dina, IP = 192.168.79.132, Session disconnected. Session Type: SSL, Duration: 0h:00m:27s, Bytes xmt: 11120, Bytes rcv: 3501, Reason: User Requested
You can raise those message IDs to a higher logging level like 4 or whatever you want if you just want to see this plus more severe messages...
reports have to be obtained from your syslog server or other sources..
**please rate as useful if this was helpful**
