Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
2
Helpful
3
Replies

Where to see VPN log in ASA

Electronic20
Spotlight
Spotlight

‎08-17-2024 08:39 PM

Hi Community:

I have an ASA firewall and I would like to know which option I can use to view the logs of all VPN client connections?

Is it possible to get a report of these connections?

I look forward to your kind response.

Regards
Electronic20

Labels:
0 Helpful
3 Replies 3

ccieexpert
VIP
VIP

‎08-18-2024 01:17 AM

If you log at information level , then you should get all of this.

But if you want to filter them out , Here is the example to obtain all this information:

 

  1. Create a logging list with the logging message ID:

 

 

logging list VPN-USER-DISCONNECT message 746012

logging list VPN-USER-DISCONNECT message 722051

logging list VPN-USER-DISCONNECT message 746013

logging list VPN-USER-DISCONNECT message 113019

 

 

  1. Apply the logging list to the method you want to generate the logs (buffered, trap, asdm, so on)

 

When you want to send them via a syslog server:

logging trap VPN-USER-DISCONNECT

logging host inside <ServerIPAddress>

When you want to store them on ASA buffer:

 logging buffered VPN-USER-DISCONNECT

 

  1. Enable logging and timestamp:

 

logging enable

logging timestamp

 

The result of that will be this for example:

Aug 19 2015 10:27:11: %ASA-7-746012: user-identity: Add IP-User mapping 10.10.10.1 - LOCAL\dina Succeeded - VPN user

Aug 19 2015 10:27:11: %ASA-4-722051: Group <DfltGrpPolicy> User <dina> IP <192.168.79.132> IPv4 Address <10.10.10.1> IPv6 address <::> assigned to session

Aug 19 2015 10:27:33: %ASA-7-746013: user-identity: Delete IP-User mapping 10.10.10.1 - LOCAL\dina Succeeded - VPN user logout

Aug 19 2015 10:27:33: %ASA-4-113019: Group = Teams_AAA, Username = dina, IP = 192.168.79.132, Session disconnected. Session Type: SSL, Duration: 0h:00m:27s, Bytes xmt: 11120, Bytes rcv: 3501, Reason: User Requested

 

You can raise those message IDs to a higher logging level like 4 or whatever you want if you just want to see this plus more severe messages...

 

reports have to be obtained from your syslog server or other sources..

 

**please rate as useful if this was helpful**

Electronic20
Spotlight
Spotlight
In response to ccieexpert

‎08-18-2024 08:20 AM

Hi @ccieexpert 

Thanks for the information, I have some additional questions.

I see that there are 4 IDs from step 1. Are they the only ones to see the logs related to the VPN? Or if there are more IDs, how can I find out which IDs are related to the VPN logs?

Also, if you want to enable HOSTSCAN in "Continue" mode in the VPN client, what would the logs be like when a user connects to the VPN but does not meet the requirements? That is the type of information you want to obtain.

I hope for your kind support

regards

electronica20

0 Helpful

ccieexpert
VIP
VIP

‎08-18-2024 06:11 PM

if you just enable logging for a class, you will only see logs for that:

logging class vpn trap notifications
logging class vpnc trap notifications
logging class vpnfo trap notifications
logging class webfo trap notifications
logging class webvpn trap informational

so the class and destination and logging level as shown above.

this will explain about hostcan/dap:

https://community.cisco.com/t5/network-access-control/anyconnect-and-hostscan-logging/td-p/2668980

0 Helpful
Customers Also Viewed These Support Documents