Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
7
Replies

VPN Connections

dvanzee
Level 2
Level 2

‎08-29-2008 06:28 AM - edited ‎02-21-2020 03:54 PM

I have been given the task of finding out when employees log on and off our VPN which terminates into a ASA5510. Is there some type of report or syslog level I need to enable?

Labels:
0 Helpful
7 Replies 7

andrew.prince
Level 10
Level 10

‎08-29-2008 06:49 AM

You can configure the ASA to send syslogs, that indicate which users logon and which time from which IP address.

A good feature packed syslog server is "syslog-ng" which runs on Linux. If you want windows - then KiwiSyslog is good, plenty of features, but if you just want logging & search capabilites without buying it , it's ideal.

HTH>

0 Helpful

dvanzee
Level 2
Level 2
In response to andrew.prince

‎08-29-2008 06:52 AM

Thanks for the quick reply, I will be using Kiwi syslog. Can you tell me how I can configure my ASA to log just log on's and log off's to a specific syslog? I know the ASA can be very chaty.

0 Helpful

andrew.prince
Level 10
Level 10
In response to dvanzee

‎08-29-2008 07:01 AM

login username information can be found in:-

"debug" level, messages

7-715047,7-715075,7-715036,7-715046

TCP/UDP connection information per user can be found in:-

"info" level, messages

6-302013, 6-302014

Sadly both debug, and info levels do send high amount of traffic, but if you have bought KiwiSyslog - you can filter and save disk space!

HTH>

0 Helpful

andrew.prince
Level 10
Level 10
In response to andrew.prince

‎08-29-2008 07:04 AM

Sorry wrong info there - you can create a filter in the ASA to only send the specific logs you want....I was thinking about PIX!

0 Helpful

dvanzee
Level 2
Level 2
In response to andrew.prince

‎08-29-2008 07:10 AM

So which filter would I create if I only wanted login's and Out's? Or how do I create that filter?

0 Helpful

andrew.prince
Level 10
Level 10
In response to dvanzee

‎08-29-2008 07:18 AM

Never actually done it before, but looking at the command line something like:-

logging list test-log-filter message 715046

logging list test-log-filter message 715047

logging list test-log-filter message 715075

logging list test-log-filter message 715036

logging list test-log-filter level Debugging class auth

I think you will have to play with it, someother netpro's might have done this before....or you could see if there is a way to do it from the asdm?

HTH>

0 Helpful

mitchen
Level 2
Level 2
In response to andrew.prince

‎09-02-2008 06:44 AM

I'd be interested in knowing a solution to this too if anyone else has any ideas?

(Have tried the suggestion above but it doesn't seem to be doing it for me although hopefully its along the right lines and maybe just some further tweaking is required?)

Thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents