Logging VPN connections

Unanswered Question
May 8th, 2007

Greetings All,

I have a customer who wishes to log all VPN user activity on their ASA5510 so he can look back and see who was using a VPN connection on a particular day.

I can see in the ASDM how you can see real time, who is on but do you know what logging command I need to use to log this activity for reference so that it can be viewed at a later date?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
haroon.shaikh Wed, 05/09/2007 - 12:37

Thanks Jay,

But my issue is that VPN users are already authenticated locally. My only requirement is that I want ASA to send syslogs of the connections made by VPN clients.

i.e. Everytime a VPN client logs in, ASA should send a syslog to syslog server.

Thanks,

laurent.geyer Wed, 05/09/2007 - 12:54

My firewall logs this as %ASA-7-713052.

May 3 09:31:37 xxxfrwxxx %ASA-7-713052: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, User (xxx) authenticated.

This is just one of many log messages that I see upon authentication.

laurent.geyer Wed, 05/09/2007 - 13:17

Logging is configured pretty verbose.

logging enable

logging timestamp

logging standby

logging console debugging

logging monitor debugging

logging buffered debugging

logging trap debugging

logging history debugging

logging asdm debugging

logging facility 21

logging host inside aaa.bbb.ccc.ddd

logging host inside aaa.bbb.ccc.eee

no logging message 710005

no logging message 710003

Here's the failure message btw.

May 3 17:46:02 xxxfrwxxx %ASA-3-713167: Group = xxx, Username = xxx, IP = aaa.bbb.ccc.ddd, Remote peer has failed user authentication - check configured username and password

Actions

This Discussion